Security News

Phishy scams, malicious memes, and a big payday for hackers

Avast Security News Team, 21 December 2018

Stay safe by avoiding the Three Questions phishing scam quiz and the hacked Click2Gov payment portal.

Three questions, one big phishing scam

Cybersecurity researchers released a report this week identifying and explaining a sophisticated scam that has been making the rounds for almost a year. The popular “Three Questions” quiz has been found to be part of a larger phishing campaign comprised of 78 brand impersonations, including Disneyland, Dunkin’ Donuts, and Target. Each brand belongs to one of four industries: airline, retail, entertainment, or food. The scam works by promising a prize if the user answers three questions, usually based on the brand the scam is mimicking. After the quiz, the user is asked to provide personal info before receiving his or her “prize.” The user is also directed to share a link on social media, thereby spreading the scam.

“Our personal information is very valuable, and not just for us,” explains Luis Corrons, Avast security evangelist. “Here we can see how cybercriminals use social engineering techniques to have the victims do all the work from them: not only do users give up all their information voluntarily, but they then also unknowingly spread the scam to their contacts through their social networks. We trust any messages we receive online too much, and attacks like this are a painful consequence of that.”

Hackers score $1.7 million in Click2Gov breach

Click2Gov is a government-created payment portal used by many US cities to handle utility payments and the like. There was a rumor in 2017 that the system had been breached, and that rumor was confirmed in September 2018. Cybersecurity experts have now released a report summarizing the effects of the breach, and the numbers are not small.

The researchers believe almost 300,000 payment records were compromised across 46 cities in the US and one in Canada. The estimate is that this information has earned the cybercriminals behind the breach about $1.7 million dollars by selling it on the dark web. Central Square, developer of Click2Gov, is still investigating how the attack took place. Strangely, despite the deployment of a patch that took care of the security vulnerability, the company still maintains that “the system remains vulnerable for an unknown reason.”

“Every company is a target for cybercriminals, and even more so if they are dealing with online payments,” comments Corrons. “We have seen how cities and municipalities have been heavily attacked — many of them struggling after a SamSam ransomware attack, for example. They are the low-hanging fruit of the corporate world, and cases like this confirm it.”

Hidden messages behind the memes

Cybersecurity researchers reported this week that they have discovered some active steganography, the process of using images to subvert security protocols. In this case, the images are memes. Specifically, memes featuring Laurence Fishburne’s Morpheus from the Matrix movies. More specifically still, memes of Morpheus being distributed on by a specific Twitter account.

The memes have been modified to hide commands, working as a sort of “remote control” for malware. Hidden commands direct the Trojan to take a variety of actions, including screen captures to steal usernames, passwords, and credit card details from their victims. The Trojan can also harvest a list of files from an infected computer, note which programs are running and who's logged in on the machine, plus capture data copied to the clipboard. Upon being alerted to this, Twitter took the account offline.

Phishing in Cape Cod

An employee at Cape Cod Community College opened an email that he thought was from another college. It wasn’t. It was a phishing scam with a questionable-looking attachment. The employee called the IT department, but by then the malware in the attachment had replicated itself and had burrowed into the college’s system. It then automated nine transfers of cash, adding up to a total of just over $800,000. The school has since upgraded their security, and they are working with authorities to fully investigate the matter. So far, they have managed to recuperate almost $300,000 of the stolen funds.


Avast is a global leader in cybersecurity, protecting hundreds of millions of users around the world. Protect all of your devices with award-winning free antivirus. Safeguard your privacy and encrypt your online connection with SecureLine VPN.

Learn more about products that protect your digital life at avast.com. And get all the latest news on today's cyberthreats and how to beat them at blog.avast.com.