430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Financial Reporting Council of Nigeria site used for phishing scam

According to Netcraft, the website of Financial Reporting Council of Nigeria is used to serve a webmail phishing site from the legitim site of the agency. The website of the Financial Reporting Council of Nigeria was used by cyber criminals in a phishing scam. According to the experts at Netcraft, the website of Financial Reporting Council of […]

Financial Reporting Council of Nigeria site used for phishing scam

According to Netcraft, the website of Financial Reporting Council of Nigeria is used to serve a webmail phishing site from the legitim site of the agency.

The website of the Financial Reporting Council of Nigeria was used by cyber criminals in a phishing scam. According to the experts at Netcraft, the website of Financial Reporting Council of Nigeria is used to serve a webmail phishing site from the legitim site of the agency.

The attack is not complex, crooks used a common phishing kit that allows easily to create customised phishing pages.

“The phishing content is based on a ready-to-go phishing kit that is distributed as a zip file. It contains easily-customisable PHP scripts and images designed to trick victims into surrendering either their Yahoo, Gmail, Hotmail or AOL passwords.states the report.

Financial Reporting Council of Nigeria phishing page

The hackers likely have compromised the government website and they have deployed the phishing web page into an images directory on the Financial Reporting Council of Nigeria website. The experts noticed also that the website of the Financial Reporting Council of Nigeria runs an older version 2.5.28 of the Joomla CMS which is no more supported.

The phishing page asks for user email credentials and the phone number used as backup login credentials for the Gmail service. When the victim has inserted the information they are transmitted via email directly to the cyber criminals. Then the phishing page redirects the victim’s browser to the Saatchi Art investment website at http://explore.saatchiart.com/invest-in-art/, but experts clarified that it is not involved in the scam.

“After a victim enters his or her email credentials into the phishing site, both the username and password are transmitted via email directly to the fraudster. These emails also contain the victim’s IP address, and a third-party web service is used to deduce which country the victim is in.” continues the post published by Netcraft.

Financial Reporting Council of Nigeria phishing page 2

The experts at Netcraft explained that this phishing scam is unusual because attackers seem to be more interested in collect users’ credentials shared among several web services, instead the victims’ banking account logins.

Netcraft reported that the majority of Nigeria’s government websites, including the one operated by the Financial Reporting Council, are hosted in the United States. They speculate the attacker exploited a flaw in the Joomla! CMS to deploy the phishing kit.

Pierluigi Paganini

(Security Affairs –Financial Reporting Council of Nigeria, phishing, DDoS)