Data Breach Today

MARCH 4, 2024

Researchers Say Hackers Used Fake Login Pages to Trick 100 Victims, Crypto Workers A new phishing campaign is targeting victims through mobile devices by mirroring legitimate login pages for the Federal Communications Commission and large cryptocurrency platforms including Binance and Coinbase.

Phishing 259

Phishing Communications 259

Data Breach Today

DECEMBER 21, 2023

Also: Hackers Scrooge The North Face Holiday Shipments This week, MongoDB blamed a phishing email for causing unauthorized access to its corporate environment, hackers interrupted VF Corp.

Phishing 310

Phishing Access IT 310

Data Breach Today

APRIL 4, 2024

Escalation of Cyberespionage Likely Tied to Upcoming European Elections German federal agencies warned that phishing attacks targeting political parties surged ahead of upcoming European Union elections. The government did not attribute the attacks to a specific country but confirmed that they are tied to a nation-state group.

Phishing 216

Phishing Government 216

Data Breach Today

JANUARY 11, 2024

Also: Bitcoin ETP, Gamma and dYdX Attacks, 2023 Hack Stats This week, hackers ran crypto phishing scams on X accounts, the SEC approved bitcoin ETP, hackers stole $3.4

Phishing 281

Phishing IT 281

Data Breach Today

SEPTEMBER 11, 2023

Vectors Includes Teams Phishing and Malvertising Advertising on Russian-language criminal forums is paying off for the author of the DarkGate malware as reflected by a spike in infections, including an unusual phishing campaign on Microsoft Teams to deliver the loader through HR-themed social engineering chat messages.

Phishing 256

Phishing 256

Krebs on Security

MAY 26, 2023

The number of phishing websites tied to domain name registrar Freenom dropped precipitously in the months surrounding a recent lawsuit from social networking giant Meta , which alleged the free domain name provider has a long history of ignoring abuse complaints about phishing websites while monetizing traffic to those abusive domains.

Phishing 263

Phishing Mining IT 263

Data Breach Today

SEPTEMBER 5, 2023

Energy Facility Impeded Attack by Blocking the Launch of the Windows Script Host Ukrainian cyber defenders say Russian military hackers targeted a critical energy infrastructure facility with phishing emails containing a malicious script leading to cyberespionage.

Phishing 292

Phishing Military 292

Krebs on Security

APRIL 3, 2024

Roughly nine years ago, KrebsOnSecurity profiled a Pakistan-based cybercrime group called “ The Manipulaters ,” a sprawling web hosting network of phishing and spam delivery platforms. Manipulaters advertisement for “Office 365 Private Page with Antibot” phishing kit sold on the domain heartsender,com.

Phishing 223

Phishing Passwords Risk Sales 223

Data Breach Today

DECEMBER 7, 2023

Incident That Affected 35,000 Urgent Care Clinic Patients Results in $480K Fine Weeks after the Department of Health and Human Services announced its first HIPAA enforcement action in a ransomware breach, federal regulators have reached another milestone: a $480,000 settlement in a HIPAA case centered for the first time ever on a phishing attack.

Phishing 293

Phishing Ransomware IT 293

Data Breach Today

AUGUST 9, 2023

Authorities In Multiple Countries Arrest Operators of 16Shop An international law enforcement operation took down a phishing-as-a-service website that security researchers say was responsible for more than 150,000 phishing domains. The site, 16shop, sold phishing kits that targeted more than 70,000 people in 43 countries.

Phishing 244

Phishing Security 244

Data Breach Today

SEPTEMBER 6, 2023

Phishing Platform Automates Big Business Email Compromise Attacks, Researchers Find A sophisticated phishing toolkit called W3LL Panel has been used to exploit at least 8,000 endpoints since the middle of last year to perpetrate costly business email compromise schemes, Group-IB reports.

Phishing 268

Phishing 268

KnowBe4

JULY 19, 2024

com, were identified by a UK-based cybersecurity researcher specializing in credential phishing. While phishing sites commonly emerge following major events, the scale of Friday’s outages presents a vast field of potential victims. Names like crowdstriketoken[.]com, com, crowdstrikedown[.]site, site, crowdstrikefix[.]com,

Phishing 114

Phishing Cybersecurity IT Security 114

Data Breach Today

AUGUST 10, 2023

Authorities in Multiple Countries Arrest Operators of 16shop An international law enforcement operation took down a phishing-as-a-service website that security researchers say was responsible for more than 150,000 phishing domains. The site, 16shop, sold phishing kits that targeted more than 70,000 people in 43 countries.

Phishing 239

Phishing Security 239

KnowBe4

JULY 23, 2024

Several threat actors are abusing legitimate cloud services to launch phishing attacks against users in Latin America, according to Google’s latest Threat Horizons Report.

Phishing 106

Phishing Cloud Security 106

KnowBe4

JUNE 26, 2024

If you had to choose between regular cybersecurity training and simulated phishing testing, the data shows you should choose simulated phishing tests.

Phishing 94

Phishing Cybersecurity Security awareness Security 94

KnowBe4

APRIL 30, 2024

Let’s dive into the cautionary world of phishing simulations gone wrong. You know, those attempts to train users not to fall for phishing that somehow end up setting off more alarms than a Hawaiian missile alert system. This blog was co-written by Javvad Malik and Erich Kron.

Phishing 108

Phishing 108

Data Breach Today

APRIL 19, 2023

Russia's Invasion Tactics Include Creating Fake Hacktivist Groups, Researchers Find The Russian government continues to use an array of phishing attacks and information operations - including hack-and-leak efforts and running hacktivist groups such as CyberArmyofRussia - to support its illegal invasion of Ukraine, Google researchers report.

Phishing 268

Phishing Government IT 268

Krebs on Security

AUGUST 4, 2023

One frustrating aspect of email phishing is the frequency with which scammers fall back on tried-and-true methods that really have no business working these days. The file included in this phishing scam uses what’s known as a “right-to-left override” or RLO character.

Phishing 215

Phishing Computer and Electronics Marketing IT 215

KnowBe4

JUNE 7, 2024

I have created a comprehensive webinar, based on my recent book , “Fighting Phishing: Everything You Can Do to Fight Social Engineering and Phishing”. It contains everything that KnowBe4 and I know to defeat scammers.

Phishing 107

Phishing IT 107

Data Breach Today

JUNE 22, 2022

Belgian and Dutch Police Arrest 9 Suspects Over Theft of 'Millions of Euros' Belgian and Dutch police with the support of Europol dismantled an organized crime gang involved in carrying out phishing, money laundering and other scams. Nine suspects are in detention after stealing several million euros, authorities say.

Phishing 301

Phishing 301

KnowBe4

JULY 16, 2024

The US Internal Revenue Service (IRS) has issued an advisory warning of phishing campaigns targeting car dealerships. The IRS says car dealers should be on the lookout for targeted phishing attacks following a ransomware attack that hit a major auto sales software provider last month.

Phishing 92

Phishing Sales Ransomware 92

KnowBe4

JULY 10, 2024

Researchers at Mandiant (part of Google Cloud) warn that Russian government threat actors continue to target NATO member countries with spear phishing attacks. APT29 in particular has been targeting the technology sector in order to launch supply chain attacks.

Phishing 107

Phishing Cloud Government 107

KnowBe4

JULY 22, 2024

Organizations should expect to see phishing attacks exploiting the global IT outage that occurred last Friday, the Business Post reports.

Phishing 103

Phishing IT Security 103

KnowBe4

JUNE 25, 2024

Over 11 million phishing attacks have been reported to the UK’s Suspicious Email Reporting Service (SERS) over the past year, according to new data from Action Fraud. The UK’s National Cyber Security Centre has also taken down more than 329,000 phishing sites since the SERS program started in 2020.

Phishing 95

Phishing Security 95

Schneier on Security

JUNE 3, 2024

Recent research showed that 60% of participants fell victim to artificial intelligence (AI)-automated phishing, which is comparable to the success rates of non-AI-phishing messages created by human experts. Here’s the full text.

Phishing 115

Phishing Artificial Intelligence 115

KnowBe4

JUNE 17, 2024

Researchers at Trustwave warn that a phishing campaign is distributing malware via HTML attachments disguised as invoices. Notably, the HTML files abuse the Windows Search protocol to launch Windows Explorer and trick users into installing the malware.

Phishing 110

Phishing Security 110

KnowBe4

JUNE 13, 2024

The hackers pulled off a first-of-its-kind scam that leveraged a phishing email as the initial attack vector followed by a deepfake video call. My hacker story occurred not too long ago at the Hong Kong office of an undisclosed multinational corporation.

Phishing 105

Phishing IT 105

KnowBe4

JULY 9, 2024

Researchers at ESET warn of phishing attacks that are attempting to hack high-profile YouTube channels in order to spread scams or malware.

Phishing 91

Phishing Security 91

KnowBe4

JULY 2, 2024

A hacked customer support portal belonging to router manufacturer Mercku is being used to respond to customer queries with phishing emails, BleepingComputer reports.

Phishing 105

Phishing Manufacturing Security awareness Security 105

KnowBe4

JULY 15, 2024

Phishing remains a top initial access vector for ransomware actors, according to researchers at Cisco Talos. The threat actors often use phishing to steal legitimate credentials so they can use employee accounts without raising suspicion.

Phishing 78

Phishing Ransomware Access 78

KnowBe4

DECEMBER 7, 2023

You would be hard-pressed to find an author and organization (KnowBe4) that has pushed the use of phishing-resistant multi-factor authentication (MFA) harder.

Phishing 111

Phishing Authentication 111

KnowBe4

JULY 11, 2024

Researchers at Abnormal Security have observed a 360% increase in phishing attacks against state and local government entities over the past year.

Phishing 88

Phishing Government Security 88

KnowBe4

JULY 5, 2024

Researchers at Menlo Security discovered three state-sponsored phishing campaigns that have targeted 40,000 important individuals over the past three months. “In The evasive techniques and software development tradecraft exceed previously identified campaigns. Boomer will avoid detection if only traditional controls are in place.

Phishing 93

Phishing Insurance Manufacturing Government 93

KnowBe4

APRIL 22, 2024

The other day I was participating in a company’s employee meeting when the CEO revealed he had been “caught” that morning by a real phishing attack email.

Phishing 106

Phishing 106

KnowBe4

JUNE 18, 2024

Mandiant has published a report looking at cyber threats targeting Brazil, finding that more than 85% of government-backed phishing activity comes from threat actors based in China, North Korea and Russia.

Phishing 97

Phishing Government Security 97

KnowBe4

APRIL 23, 2024

Attackers are launching phishing campaigns using an open-redirect vulnerability affecting a website belonging to coffee machine company Nespresso, according to researchers at Perception Point.

Phishing 92

Phishing 92

KnowBe4

NOVEMBER 7, 2023

The fight against cyber threats remains a top priority for all organizations, including phishing attacks. SlashNext just released its much-anticipated annual " State of Phishing Report for 2023." This report sheds light on the alarming surge in phishing threats across email, web, and mobile channels.

Phishing 100

Phishing IT 100