Expert insights. Personalized for you.
Social Media Firm Says Fraudsters Executed Their Cryptocurrency Scam Within a Day The hackers who hijacked 130 high-profile Twitter accounts as part of a cryptocurrency scam earlier this month used a telephone-based spear-phishing attack to obtain employee credentials, the social media company says MORE
249 
Up to 50,000 Office 365 users are being targeted by a phishing campaign that purports to notify them of a "missed chat" from Microsoft Teams. MORE
Amazon, Apple, Netflix, Facebook and WhatsApp are top brands leveraged by cybercriminals in phishing and fraud attacks - including a recent strike on a half-million Facebook users. phishing Kaspersky Netflix phishing attack small and medium business top phishing apps WhatsApp MORE
Researchers warn that a phishing scam is targeting Instagram users via direct messages on the app. Hacks Mobile Security Web Security credential Email credentials Instagram instagram help center Phishing scam social media MORE
Cybercriminals set up three different CAPTCHAs that Office 365 targets must click through before the final phishing page. MORE
Researchers: Campaign Designed to Steal Users' Credentials, Launch Other Attacks A recent phishing campaign bypassed multifactor authentication protections within Microsoft Office 365 to steal users' credentials stored in the cloud or launch other attacks, according to the security firm Cofense MORE
Malwarebytes Says Campaign Designed to Steal Banking Credentials Malwarebytes reports that a newly discovered phishing campaign is spoofing a U.S. Small Business Administration loan offer in an attempt to steal banking credentials and other personal data MORE
Messages Use an OAuth-Based Consent App to Gain Office 365 Access Fraudsters are sending phishing emails with messages about the Coinbase cryptocurrency exchange to Microsoft Office 365 users in an attempt to take over their inboxes and gain access to data, according to the security firm KnowBe4 MORE
A new phone-based phishing scam that spoofs Apple Inc. As I noted in my October 2018 piece, Voice Phishing Scams are Getting More Clever , phone phishing usually invokes an element of urgency in a bid to get people to let their guard down. A Little Sunshine Latest Warnings The Coming Storm 866-277-7794 apple phone phishing Global Cyber Risk LLC Jody Westbyis likely to fool quite a few people. MORE
Attackers check the victims' Office 365 credentials in real time as they are typed into the phishing landing page, by using authentication APIs. MORE
Fake Messages Offer Surgical Masks and Other PPE A global phishing campaign that purports to offer information about surgical masks and other personal protective equipment for use during the COVID-19 pandemic is infecting victims' devices with the AgentTesla remote access Trojan, according to researchers at Area 1 Security. MORE
Configure Defenses to Block Attackers, Security Experts Advise Ransomware-wielding attackers are typically breaking into victims' networks using remote desktop protocol access, phishing emails or malware that's sometimes used in drive-by attacks against browsers, experts warn, advising organizations to make sure they have the right defenses in place MORE
Myke Lyons of ServiceNow on Tackling Social Engineering Threats Phishing remains one of the most significant attack vectors, and security automation, orchestration and response, or SOAR, can help minimize the threat, says Myke Lyons of ServiceNow MORE
Richard Conti of Children's Hospital of Philadelphia on Risk Mitigation Steps Because phishing attacks are so pervasive, aggressive staff educational efforts are essential, says Richard Conti of The Children's Hospital of Philadelphia, who also discusses other risk mitigation steps MORE
Proofpoint and KnowBe4 Spot Malicious Messages Disguised as Political Announcements Security researchers are warning of a fresh wave of phishing emails with election-related lures that are designed to get users to click, opening the door to spreading the Emotet botnet or harvesting users' credentials. MORE
Fraudsters Leverage Automated Messages in Effort to Steal Office 365 Credentials Fraudsters are mimicking automated messages from Microsoft SharePoint for a phishing campaign that attempts to steal Office 365 credentials, according to the security firm Abnormal Security MORE
A phishing campaign is targeting employees with phony email reminders for cybersecurity and phishing awareness training. . The post Phishing Campaign Pretends to be Phishing Training Reminder appeared first on Adam Levin. MORE
Two Men Accused of Sending Messages to Obtain Personal, Bank Information Australian police say they've broken up a sophisticated SMS phishing scheme designed to collect personal details and bank login credentials. MORE
Fortinet researchers are seeing a pivot in the spear-phishing and phishing lures used by cybercriminals, to entice potential job candidates as businesses open up. MORE
Researchers: Emails Contain Google Links to Make Them Appear Credible Some fraudsters waging phishing campaigns are using fake websites hosted on Google's Firebase Storage service in an attempt to harvest credentials, according to Trustwave, which notes the phishing emails contain links to the service to make them look more credible MORE
177 
Mobile Security Most Recent ThreatLists Web Security amazon brand impersonation brand phishing Check Point COVID-19 email Microsoft Pandemic Phishing remote working the report third quarter MORE
Cofense: Attacks Disguise Malicious Domains to Steal Credentials A recently uncovered phishing campaign designed to harvest credentials used companies' official webpages as an overlay to hide malicious domains, according to security firm Cofense MORE
Most of us have been trained to be wary of clicking on links and attachments that arrive in emails unexpected, but it’s easy to forget scam artists are constantly dreaming up innovations that put a new shine on old-fashioned telephone-based phishing scams. Fraudsters can use a variety of open-source and free tools to fake or “spoof” the number displayed as the caller ID, lending legitimacy to phone phishing schemes. FULLY AUTOMATED PHONE PHISHING. MORE
Anyone searching for a primer on how to spot clever phishing links need look no further than those targeting customers of Apple , whose brand by many measures remains among the most-targeted. Past stories here have examined how scammers working with organized gangs try to phish iCloud credentials from Apple customers who have a mobile device that is lost or stolen. Apple phishing MORE
Campaign Designed to Steal Credentials A recently uncovered phishing campaign used the European Union's General Data Protection Regulation as a lure to steal login credentials. The campaign enticed victims with subject lines indicating their email security system was not in compliance with the law, according to Area 1 Security MORE
authorities today announced criminal charges and financial sanctions against two Russian men accused of stealing nearly $17 million worth of virtual currencies in a series of phishing attacks throughout 2017 and 2018 that spoofed websites for some of the most popular cryptocurrency exchanges. MORE
Phishing campaigns spreading the malware are using COVID-19 themes as a lure MORE
Researchers Say Campaign Uses Email Hyperlink Splits to Evade URL Filters Researchers have uncovered a new type of phishing campaign that is targeting American Express card users. In these incidents, attackers are sending a hyperlink as part of a phony account update to access the victim's credentials and other account details, according to researchers at the security firm Cofense MORE
The botnet has taken some hits lately, but that doesn't mean the threat is over. Here are some steps you can take to keep it from your door MORE
Researchers: Fraudsters Target Office 365 Users to Harvest Credentials Researchers have uncovered a fresh phishing campaign that mimics the automated messages of the popular business communication platform Microsoft Teams in an attempt to harvest users' Office 365 login credentials MORE
Fraudsters Look to Harvest Office 365 Credentials From At-Home Employees A recently uncovered phishing campaign is spoofing notifications from Microsoft's Teams collaboration platform in order to harvest Office 365 credentials from employees working from home offices because of the COVID-19 pandemic, according to research from Abnormal Security MORE
Microsoft Spots Malicious Messages Spreading LokiBot Infostealer Fraudsters are honing their phishing emails tied to the COVID-19 crisis, using fake messages about business continuity plans and new payment procedures to spread the LokiBot information stealer, Microsoft researchers report MORE
171 
Employees Outraged at Phishing Test Teasing a Bonus Training employees to resist phishing emails is key to preventing compromises. created a searing backlash after its phishing exercise tempted employees with bogus bonuses in a year in which they had already endured financial hardships Tribune Publishing Co. But an exercise run by Tribune Publishing Co. MORE
Latest Schemes Target At-Home Employees; Some Spoof Health Agencies As the global COVID-19 pandemic worsens, security firms and law enforcement, including the FBI, are warning of increasing phishing and other the cybercriminal scams targeting a largely at-home workforce MORE
Cofense: Fraudsters Use Trusted Web Services to Evade Security Protocols A fresh round of phishing attacks is relying on using trusted services and a well-designed social engineering scheme to trick users into enabling malware to bypass an end point's security protocols, says Aaron Higbee of the security firm Cofense. MORE
ClearSky: Operation 'DreamJob' Lures Defense Workers With Fake Job Opportunities Hackers with suspected ties to North Korea's government are conducting a cyber espionage campaign that's circulating "job opportunity" spear-phishing emails targeting employees of defense contractors, according to the security firm ClearSky. MORE
Phishing Related Topics Data Breach Today
SEPTEMBER 24, 2020
Two Men Accused of Sending Messages to Obtain Personal, Bank Information Australian police say they've broken up a sophisticated SMS phishing scheme designed to collect personal details and bank login credentials.
Data Breach Today
OCTOBER 23, 2020
Researchers: Fraudsters Target Office 365 Users to Harvest Credentials Researchers have uncovered a fresh phishing campaign that mimics the automated messages of the popular business communication platform Microsoft Teams in an attempt to harvest users' Office 365 login credentials
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Data Breach Today
OCTOBER 21, 2020
Messages Use an OAuth-Based Consent App to Gain Office 365 Access Fraudsters are sending phishing emails with messages about the Coinbase cryptocurrency exchange to Microsoft Office 365 users in an attempt to take over their inboxes and gain access to data, according to the security firm KnowBe4
Threatpost
OCTOBER 22, 2020
Up to 50,000 Office 365 users are being targeted by a phishing campaign that purports to notify them of a "missed chat" from Microsoft Teams.
Data Breach Today
JULY 22, 2020
Cofense: Fraudsters Use Trusted Web Services to Evade Security Protocols A fresh round of phishing attacks is relying on using trusted services and a well-designed social engineering scheme to trick users into enabling malware to bypass an end point's security protocols, says Aaron Higbee of the security firm Cofense.
Data Breach Today
JULY 31, 2020
Social Media Firm Says Fraudsters Executed Their Cryptocurrency Scam Within a Day The hackers who hijacked 130 high-profile Twitter accounts as part of a cryptocurrency scam earlier this month used a telephone-based spear-phishing attack to obtain employee credentials, the social media company says
|
Threatpost
OCTOBER 19, 2020
Mobile Security Most Recent ThreatLists Web Security amazon brand impersonation brand phishing Check Point COVID-19 email Microsoft Pandemic Phishing remote working the report third quarter
Threatpost
OCTOBER 20, 2020
Amazon, Apple, Netflix, Facebook and WhatsApp are top brands leveraged by cybercriminals in phishing and fraud attacks - including a recent strike on a half-million Facebook users. phishing Kaspersky Netflix phishing attack small and medium business top phishing apps WhatsApp
Data Breach Today
SEPTEMBER 25, 2020
Employees Outraged at Phishing Test Teasing a Bonus Training employees to resist phishing emails is key to preventing compromises. created a searing backlash after its phishing exercise tempted employees with bogus bonuses in a year in which they had already endured financial hardships Tribune Publishing Co. But an exercise run by Tribune Publishing Co.
Data Breach Today
SEPTEMBER 25, 2020
Campaign Designed to Steal Credentials A recently uncovered phishing campaign used the European Union's General Data Protection Regulation as a lure to steal login credentials. The campaign enticed victims with subject lines indicating their email security system was not in compliance with the law, according to Area 1 Security
Adam Levin
SEPTEMBER 16, 2020
A phishing campaign is targeting employees with phony email reminders for cybersecurity and phishing awareness training. . The post Phishing Campaign Pretends to be Phishing Training Reminder appeared first on Adam Levin.
|
Data Breach Today
OCTOBER 5, 2020
Proofpoint and KnowBe4 Spot Malicious Messages Disguised as Political Announcements Security researchers are warning of a fresh wave of phishing emails with election-related lures that are designed to get users to click, opening the door to spreading the Emotet botnet or harvesting users' credentials.
Data Breach Today
MARCH 23, 2020
Latest Schemes Target At-Home Employees; Some Spoof Health Agencies As the global COVID-19 pandemic worsens, security firms and law enforcement, including the FBI, are warning of increasing phishing and other the cybercriminal scams targeting a largely at-home workforce
Data Breach Today
APRIL 20, 2020
Phishing Campaigns Up Since the Onset of Pandemic TrickBot is the malware most commonly distributed in phishing emails that use the COVID-19 pandemic as a lure to entice victims to open up attached files or malicious links, according to Microsoft
Data Breach Today
MAY 20, 2020
Researchers: Campaign Designed to Steal Users' Credentials, Launch Other Attacks A recent phishing campaign bypassed multifactor authentication protections within Microsoft Office 365 to steal users' credentials stored in the cloud or launch other attacks, according to the security firm Cofense
Dark Reading
OCTOBER 19, 2020
The botnet has taken some hits lately, but that doesn't mean the threat is over. Here are some steps you can take to keep it from your door
Threatpost
OCTOBER 16, 2020
Fortinet researchers are seeing a pivot in the spear-phishing and phishing lures used by cybercriminals, to entice potential job candidates as businesses open up.
Data Breach Today
MAY 22, 2020
Researchers: Emails Contain Google Links to Make Them Appear Credible Some fraudsters waging phishing campaigns are using fake websites hosted on Google's Firebase Storage service in an attempt to harvest credentials, according to Trustwave, which notes the phishing emails contain links to the service to make them look more credible
Data Breach Today
AUGUST 31, 2020
Fake Messages Offer Surgical Masks and Other PPE A global phishing campaign that purports to offer information about surgical masks and other personal protective equipment for use during the COVID-19 pandemic is infecting victims' devices with the AgentTesla remote access Trojan, according to researchers at Area 1 Security.
Data Breach Today
JULY 28, 2020
Fraudsters Leverage Automated Messages in Effort to Steal Office 365 Credentials Fraudsters are mimicking automated messages from Microsoft SharePoint for a phishing campaign that attempts to steal Office 365 credentials, according to the security firm Abnormal Security
Data Breach Today
JULY 31, 2020
Phishing campaigns spreading the malware are using COVID-19 themes as a lure
Data Breach Today
SEPTEMBER 9, 2020
Cofense: Attacks Disguise Malicious Domains to Steal Credentials A recently uncovered phishing campaign designed to harvest credentials used companies' official webpages as an overlay to hide malicious domains, according to security firm Cofense
Data Breach Today
MAY 2, 2020
Fraudsters Look to Harvest Office 365 Credentials From At-Home Employees A recently uncovered phishing campaign is spoofing notifications from Microsoft's Teams collaboration platform in order to harvest Office 365 credentials from employees working from home offices because of the COVID-19 pandemic, according to research from Abnormal Security
Data Breach Today
MAY 14, 2020
Microsoft Spots Malicious Messages Spreading LokiBot Infostealer Fraudsters are honing their phishing emails tied to the COVID-19 crisis, using fake messages about business continuity plans and new payment procedures to spread the LokiBot information stealer, Microsoft researchers report
Data Breach Today
APRIL 27, 2020
Cybercriminals Pivoting to Economic Stimulus Lures Some fraudsters have pivoted from using the COVID-19 pandemic as a phishing lure to creating messages and malicious domains designed to capitalize on various U.S. economic stimulus programs
Krebs on Security
JANUARY 3, 2019
A new phone-based phishing scam that spoofs Apple Inc. As I noted in my October 2018 piece, Voice Phishing Scams are Getting More Clever , phone phishing usually invokes an element of urgency in a bid to get people to let their guard down. A Little Sunshine Latest Warnings The Coming Storm 866-277-7794 apple phone phishing Global Cyber Risk LLC Jody Westbyis likely to fool quite a few people.
Krebs on Security
SEPTEMBER 16, 2020
authorities today announced criminal charges and financial sanctions against two Russian men accused of stealing nearly $17 million worth of virtual currencies in a series of phishing attacks throughout 2017 and 2018 that spoofed websites for some of the most popular cryptocurrency exchanges.
Threatpost
AUGUST 28, 2020
Researchers warn that a phishing scam is targeting Instagram users via direct messages on the app. Hacks Mobile Security Web Security credential Email credentials Instagram instagram help center Phishing scam social media
Data Breach Today
APRIL 24, 2019
Among the top new spear phishing threats to enterprises: Extortion. Asaf Cidon of Barracuda outlines the top three spear phishing threats and new strategies to defend against them
Data Breach Today
APRIL 8, 2019
Myke Lyons of ServiceNow on Tackling Social Engineering Threats Phishing remains one of the most significant attack vectors, and security automation, orchestration and response, or SOAR, can help minimize the threat, says Myke Lyons of ServiceNow
Threatpost
SEPTEMBER 11, 2020
Attackers check the victims' Office 365 credentials in real time as they are typed into the phishing landing page, by using authentication APIs.
Data Breach Today
FEBRUARY 19, 2020
UN's World Health Organization Warns of Fraud Attempts As the coronavirus generates headlines around the world, cybercriminals are continuing to use this public health crisis to spread phishing emails and create malicious domains for a variety of fraud.
Data Breach Today
JULY 19, 2019
Researchers Say Campaign Uses Email Hyperlink Splits to Evade URL Filters Researchers have uncovered a new type of phishing campaign that is targeting American Express card users. In these incidents, attackers are sending a hyperlink as part of a phony account update to access the victim's credentials and other account details, according to researchers at the security firm Cofense
Krebs on Security
JANUARY 13, 2020
Anyone searching for a primer on how to spot clever phishing links need look no further than those targeting customers of Apple , whose brand by many measures remains among the most-targeted. Past stories here have examined how scammers working with organized gangs try to phish iCloud credentials from Apple customers who have a mobile device that is lost or stolen. Apple phishing
Data Breach Today
AUGUST 14, 2020
ClearSky: Operation 'DreamJob' Lures Defense Workers With Fake Job Opportunities Hackers with suspected ties to North Korea's government are conducting a cyber espionage campaign that's circulating "job opportunity" spear-phishing emails targeting employees of defense contractors, according to the security firm ClearSky.
Krebs on Security
OCTOBER 1, 2018
Most of us have been trained to be wary of clicking on links and attachments that arrive in emails unexpected, but it’s easy to forget scam artists are constantly dreaming up innovations that put a new shine on old-fashioned telephone-based phishing scams. Fraudsters can use a variety of open-source and free tools to fake or “spoof” the number displayed as the caller ID, lending legitimacy to phone phishing schemes. FULLY AUTOMATED PHONE PHISHING.
Data Breach Today
FEBRUARY 11, 2020
Researchers Describe a Wide Variety of Tactics As fears about the coronavirus continue to spread, cybercriminals are using the health crisis to send phishing emails using a variety of tactics to a broader range of targets
Data Breach Today
DECEMBER 4, 2018
Richard Conti of Children's Hospital of Philadelphia on Risk Mitigation Steps Because phishing attacks are so pervasive, aggressive staff educational efforts are essential, says Richard Conti of The Children's Hospital of Philadelphia, who also discusses other risk mitigation steps
Threatpost
OCTOBER 1, 2020
Cybercriminals set up three different CAPTCHAs that Office 365 targets must click through before the final phishing page.
Data Breach Today
MAY 29, 2020
Configure Defenses to Block Attackers, Security Experts Advise Ransomware-wielding attackers are typically breaking into victims' networks using remote desktop protocol access, phishing emails or malware that's sometimes used in drive-by attacks against browsers, experts warn, advising organizations to make sure they have the right defenses in place
Let's personalize your content