Phishing from a French Government Career Website

KnowBe4

Attackers are exploiting a legitimate French government website to send phishing messages, according to researchers at Vade. PhishingThe website, Pôle Emploi, is a career site for companies looking for job recruits.

Criminal Gang Impersonates Russian Government in Phishing Campaign

KnowBe4

Researchers at IBM Security X-Force are tracking a financially motivated cybercriminal group called “Hive0117” that’s impersonating a Russian government agency to target users in Eastern Europe. Phishing

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Large phishing campaign targets EMEA and APAC governments

Security Affairs

Security researchers uncovered a large phishing campaign targeting multiple government departments in APAC and EMEA countries. . Researchers from cybersecurity firm Cyjax uncovered a large phishing campaign targeting multiple government departments in APAC and EMEA countries. .

Phishing Campaigns Spoof Government Agencies: Report

Data Breach Today

Proofpoint Research Points to More Sophisticated Techniques A newly discovered hacking group is using an array of sophisticated spoofing and social engineering techniques to imitate government agencies, including the U.S. Postal Service, in an effort to plant malware in victims' devices and networks via phishing campaigns, according to new research from Proofpoint

IT Governance Podcast Episode 7: Apple zero-day, NHS ransomware update and 0ktapus phishing campaign

IT Governance

This week, we discuss two zero-day vulnerabilities affecting Apple devices, the further effects of a ransomware attack on an NHS digital services provider and a large-scale phishing campaign affecting users of secure services such as Okta, Authy and Signal.

Phishing Scammers Leverage Telegraph’s Loose Governance to Host Crypto and Credential Scams

KnowBe4

The free and unmonitored webpage publishing platform has been identified as being used in phishing scams dating back as early as mid-2019, as a key part to bypass security solutions. Phishing

New Phishing Campaign Impersonates Canada Revenue Agency

KnowBe4

A phishing campaign is impersonating the Canada Revenue Agency (CRA) in an attempt to steal Canadians’ personal information, according to Rene Holt at ESET. The phishing emails inform users that they’ve received a tax refund of just under CAD$500. Phishing

SideWinder Targets Pakistani Entities With Phishing Attacks

KnowBe4

The India-aligned APT SideWinder is using a variety of social engineering techniques to target Pakistani government and military entities, according to researchers at Group-IB. The threat actor is using phishing emails as well as a malicious VPN app placed in the Google Play Store.

US Government Sites Give Bad Security Advice

Krebs on Security

government Web sites now carry a message prominently at the top of their home pages meant to help visitors better distinguish between official U.S. government properties and phishing pages. government. A Little Sunshine John LaCour OMB phishing PhishLabs U.S.

Data Breach Culprits: Phishing and Ransomware Dominate

Data Breach Today

Meanwhile, Breaches Involving Military Secrets and CCTV Footage Beset UK Government Phishing, ransomware and unauthorized access remain the leading causes of personal data breaches as well as violations of data protection rules, Britain's privacy watchdog reports.

Cybercriminals Deliver IRS Tax Scams & Phishing Campaigns By Mimicking Government Vendors

Security Affairs

Threat intelligence firm Resecurity details how crooks are delivering IRS tax scams and phishing attacks posing as government vendors. The post Cybercriminals Deliver IRS Tax Scams & Phishing Campaigns By Mimicking Government Vendors appeared first on Security Affairs.

FBI: COVID-19-Themed Phishing Spreads Netwalker Ransomware

Data Breach Today

Attacks Target Government Agencies and a Variety of Others The FBI is warning that attacks using a ransomware variant called Netwalker have increased since June, targeting government organizations, educational entities, healthcare firms and private companies in the U.S.

Cybercriminals Use Azure Front Door in Phishing Attacks

Security Affairs

Experts identified a spike in phishing content delivered via Azure Front Door (AFD), a cloud CDN service provided by Microsoft. USA) has identified a spike in phishing content delivered via Azure Front Door (AFD), a cloud CDN service provided by Microsoft.

Catches of the Month: Phishing Scams for August 2022

IT Governance

Welcome to our August 2022 review of phishing attacks, in which we explore the latest email scams and the tactics that cyber criminals use to trick people into handing over their personal data. However, the success of these scams is also a down to a lack of awareness of how phishing works.

North Korean Hackers Wage Job-Themed Spear-Phishing Attacks

Data Breach Today

ClearSky: Operation 'DreamJob' Lures Defense Workers With Fake Job Opportunities Hackers with suspected ties to North Korea's government are conducting a cyber espionage campaign that's circulating "job opportunity" spear-phishing emails targeting employees of defense contractors, according to the security firm ClearSky.

Espionage Is Goal of Iranian Phishing Campaign

Data Breach Today

Researchers: Hackers Exploit Remote Admin Tools Hackers with suspected ties to Iran are continuing to wage a cyberespionage campaign against government agencies, academia and tourism organizations based in the Middle East and nearby, according to a report by Trend Micro

Catches of the Month: Phishing Scams for September 2022

IT Governance

Welcome to our September 2022 review of phishing attacks, in which we explore the latest email scams and the tactics that cyber criminals use to trick people into handing over their personal data. You can help educate your staff with IT Governance’s Phishing Staff Awareness Training Programme.

U.S. Government Warns of Increased Texting Scams as Mobile Attacks are Up 100%

KnowBe4

Cyberattacks via SMS messaging are on the rise, and are having such an impact, the Federal Communications Commission has released an advisory on Robotext phishing attacks (or smishing). Phishing

GUEST ESSAY: The rise of ‘PhaaS’ — and a roadmap to mitigate ‘Phishing-as-a-Service’

The Last Watchdog

Phishing is one of the most common social engineering tactics cybercriminals use to target their victims. Cybersecurity experts are discussing a new trend in the cybercrime community called phishing-as-a-service. Phishing-as-a-Service (PhaaS). Phishing-as-a-service, also called PhaaS, is the same as the SaaS business model, except the product for sale is designed to help users launch a phishing attack.

Phishing Campaigns Leverage Latest COVID-19 Themes

Data Breach Today

and other nations adopting economic stimulus packages as a result of the global COVID-19 pandemic, fraudsters are now using the promise of government checks as phishing lures to spread banking Trojans, according to a pair of new security research reports

Salesforce Email Service Used for Phishing Campaign

eSecurity Planet

Cybercriminals are using Salesforce’s mass email service to dupe people into handing over credit card numbers, credentials and other personal information in a novel phishing campaign that highlights the threats to corporate networks that can come from whitelisted email addresses.

Two Russians Charged in $17M Cryptocurrency Phishing Spree

Krebs on Security

authorities today announced criminal charges and financial sanctions against two Russian men accused of stealing nearly $17 million worth of virtual currencies in a series of phishing attacks throughout 2017 and 2018 that spoofed websites for some of the most popular cryptocurrency exchanges.

Catches of the Month: Phishing Scams for July 2022

IT Governance

Welcome to our July 2022 review of phishing attacks, in which we explore the latest email scams and the tactics that cyber criminals use to trick people into handing over their personal data. NFT marketplace warns users of phishing scams.

What is angler phishing?

IT Governance

But all that activity has made social media a breeding ground for a new form of cyber attack known as angler phishing. What is angler phishing? Angler phishing is a specific type of phishing attack that exists on social media. Unlike traditional phishing, which involves emails spoofing legitimate organisations , angler phishing attacks are launched using bogus corporate social media accounts. Phishing email protection.

Catches of the Month: Phishing Scams for March 2022

IT Governance

Welcome to our March 2022 review of phishing attacks, in which we explore the latest email scams and the tactics that cyber criminals use to trick people into handing over their personal information. Ukrainian citizens targeted by phishing attacks.

Coronavirus ‘Financial Relief’ Phishing Attacks Spike

Threatpost

A spate of phishing attacks have promised financial relief due to the coronavirus pandemic - but in reality swiped victims' credentials, payment card data and more.

Catches of the Month: Phishing Scams for February 2022

IT Governance

Welcome to our February 2022 review of phishing attacks, in which we explore the latest scams and the tactics that cyber criminals use to trick people into handing over their personal information. billion phishing emails.

IT 96

Ukraine: Belarusian APT group UNC1151 targets military personnel with spear phishing

Security Affairs

The CERT of Ukraine (CERT-UA) warned of a spear-phishing campaign targeting Ukrainian armed forces personnel. In mid-January, the government of Kyiv attributed the defacement of tens of Ukrainian government websites to Belarusian APT group UNC1151.

Catches of the Month: Phishing Scams for April 2022

IT Governance

Welcome to our March 2022 review of phishing attacks, in which we explore the latest email scams and the tactics that cyber criminals use to trick people into handing over their personal data. Browser-in-the-browser attack defies phishing guidance.

Catches of the month: Phishing scams for October 2021

IT Governance

Welcome to our monthly review of phishing scams, in which we examine the latest campaigns and the tactics being used by cyber criminals to fool you into handing over your information. Thousands of Coinbase users lose funds in phishing attack. Catches of the Month phishing

Cyber Police of Ukraine arrested 9 men behind phishing attacks on Ukrainians attempting to capitalize on the ongoing conflict

Security Affairs

The Cyber Police of Ukraine arrested nine members of a cybercriminal gang that has stolen 100 million hryvnias via phishing attacks. The Cyber Police of Ukraine arrested nine members of a cybercriminal organization that stole 100 million hryvnias via phishing attacks.

New Phishing Kit Hijacks WordPress Sites for PayPal Scam

Dark Reading

Attackers use scam security checks to steal victims' government documents, photos, banking information, and email passwords, researchers warn

Catches of the Month: Phishing Scams for June 2022

IT Governance

Welcome to our June 2022 review of phishing attacks, in which we explore the latest email scams and the tactics that cyber criminals use to trick people into handing over their personal data. NFT artist’s Twitter account phished. QuickBooks users warned of phishing scam.

Webinar: IS IT TOO COLD FOR PHISHING? on February 24, 2022 via ARMA NOVA

IG Guru

Phishing is on the rise and cybercriminals are getting better. The post Webinar: IS IT TOO COLD FOR PHISHING? Cyber Security Education Information Governance information security Risk News Security phishing Privacy

Russia behind a massive spear-phishing campaign that hit Ukraine

Security Affairs

Ukraine warned of a “massive” spear-phishing campaign carried out by Russia-linked threat actors against its government and private businesses. This is the third massive spear-phishing campaign that the Ukrainian government attributed to Russia-linked threat actors this year.

Phish of GoDaddy Employee Jeopardized Escrow.com, Among Others

Krebs on Security

A spear-phishing attack this week hooked a customer service employee at GoDaddy.com , the world’s largest domain name registrar, KrebsOnSecurity has learned. 49 (that domain is hobbled here because it is currently flagged as hosting a phishing site).

Catches of the Month: Phishing Scams for May 2022

IT Governance

Welcome to our May 2022 review of phishing attacks, in which we explore the latest email scams and the tactics that cyber criminals use to trick people into handing over their personal data. Perhaps this is a moment to introduce the idea that phish can be like a leak in the boat.

Phishing Attack Hits German Coronavirus Task Force

Threatpost

More than 100 executives at a multinational company that's part of a German task force for creating coronavirus protective gear, were targeted in an ongoing phishing attack. Government Web Security coronavirus Credentials German task force Microsoft phishing attack PPE Yandex

Chinese APT Debuts Sepulcher Malware in Spear-Phishing Attacks

Threatpost

Government Malware Vulnerabilities Web Security Chinese APT dissidents email european officials exilerat malicious attachment malicious email malware Phishing Proofpoint remote access Trojan Sepulcher Spear Phishing TA413 Tibet

Catches of the month: Phishing scams for August 2021

IT Governance

Welcome to August’s review of phishing scams, in which we look at criminals’ latest tactics and provide examples of successful frauds. Microsoft issues alert about “crafty” phishing scams. Test your employees’ ability to detect a scam with our simulated phishing attack.

IT 90