Data Breach Today

AUGUST 10, 2023

Authorities in Multiple Countries Arrest Operators of 16shop An international law enforcement operation took down a phishing-as-a-service website that security researchers say was responsible for more than 150,000 phishing domains. The site, 16shop, sold phishing kits that targeted more than 70,000 people in 43 countries.

Phishing 201

Phishing Security 201

Data Breach Today

AUGUST 18, 2023

Targets Include Small and Medium Businesses and Government Agencies Threat actors are on a phishing spree targeting users of Zimbra Collaboration email suite, in particular small and medium businesses and government agencies.

Phishing 187

Phishing Government Security IT 187

Krebs on Security

AUGUST 4, 2023

One frustrating aspect of email phishing is the frequency with which scammers fall back on tried-and-true methods that really have no business working these days. The file included in this phishing scam uses what’s known as a “right-to-left override” or RLO character.

Phishing 200

Phishing Computer and Electronics Marketing IT 200

Krebs on Security

AUGUST 17, 2023

You’ve probably never heard of “ 16Shop ,” but there’s a good chance someone using it has tried to phish you. A 16Shop phishing page spoofing Apple and targeting Japanese users. Image: Akamai.com. The INTERPOL statement says the platform sold hacking tools to compromise more than 70,000 users in 43 countries.

Phishing 186

Phishing Passwords Data breaches Security 186

Data Breach Today

JULY 14, 2023

State-Linked Spear-Phishing Campaign Targeting Government, Military Personnel Belarus state-linked hackers are targeting government and military entities in both Ukraine and Poland with spear-phishing campaigns that deliver remote access Trojans.

Phishing 172

Phishing Military Government Access 172

Krebs on Security

AUGUST 18, 2022

” A copy of the phishing message included in the PayPal.com invoice. While the phishing message attached to the invoice is somewhat awkwardly worded, there are many convincing aspects of this hybrid scam. Details of this scam were shared Wednesday with PayPal’s anti-abuse (phish@paypal.com) and media relations teams.

Phishing 363

Phishing Access IT 363

Data Breach Today

APRIL 19, 2023

Russia's Invasion Tactics Include Creating Fake Hacktivist Groups, Researchers Find The Russian government continues to use an array of phishing attacks and information operations - including hack-and-leak efforts and running hacktivist groups such as CyberArmyofRussia - to support its illegal invasion of Ukraine, Google researchers report.

Phishing 229

Phishing Government IT 229

Data Breach Today

AUGUST 8, 2023

The threat actor spoofed the Computer Emergency Response Team of Ukraine in phishing emails. Threat Actor Coaxes Users Into Downloading MerlinAgent Hackers attempting to spy on the Ukrainian government are using an open-source remote access Trojan, said Kyiv cyber defenders. The RAT, MerlinAgent, is available on GitHub.

Phishing 227

Phishing Government Access 227

IBM Big Data Hub

SEPTEMBER 20, 2023

The simple answer: spear phishing is a special type of phishing attack. Phishing is any cyberattack that uses malicious email messages, text messages, or voice calls to trick people into sharing sensitive data (e.g., Spear phishing is targeted phishing. What’s different about a spear phishing attack?

Phishing 64

Phishing Security Authentication Passwords 64

Data Breach Today

JUNE 20, 2023

Russia is intensifying phishing campaigns againt Ukraine. Russian GRU Hackers Reach for Government Email Inboxes Cybersecurity defenders in Ukraine revealed multiple Russian spearphishing campaigns including an effort by Kremlin military intelligence to penetrate open source email servers used by government agencies.

Phishing 194

Phishing Military Cybersecurity Government 194

Data Breach Today

MARCH 4, 2023

Attackers Exploit Economic Downturn by Deploying Malware in Resumes, ID Attachments Threat actors are exploiting the ongoing economic downturn using job-themed phishing and malware campaigns to target job seekers and employers to steal sensitive information and hack company recruiters.

Phishing 243

Phishing 243

Data Breach Today

JULY 27, 2023

Academic Medical Provider Says 3 Employee Email Accounts Were Compromised Michigan-based academic medical provider Henry Ford Health is notifying nearly 170,000 individuals that their protected health information was breached in a recent phishing scam that compromised three employees' email accounts.

Phishing 169

Phishing 169

Krebs on Security

NOVEMBER 4, 2021

Here’s a look at a fairly elaborate SMS-based phishing scam that spoofs FedEx in a bid to extract personal and financial information from unwary recipients. One of dozens of FedEx-themed phishing sites currently being advertised via SMS spam. ” Attempting to visit the domain in the phishing link — o001cfedeex[.]com

Phishing 356

Phishing Passwords Security Privacy 356

Data Breach Today

OCTOBER 8, 2022

Phishing Incident Caused Service Disruptions and Delays Australian fruit and vegetable supplier Costa Group says it was subjected to a malicious and sophisticated phishing attack in August that resulted in unauthorized access to its servers.

Phishing 241

Phishing Security Access IT 241

Data Breach Today

JUNE 22, 2022

Belgian and Dutch Police Arrest 9 Suspects Over Theft of 'Millions of Euros' Belgian and Dutch police with the support of Europol dismantled an organized crime gang involved in carrying out phishing, money laundering and other scams. Nine suspects are in detention after stealing several million euros, authorities say.

Phishing 257

Phishing 257

Krebs on Security

AUGUST 9, 2021

The payment message displayed by the carding site phishing domain BriansClub[.]com. However, upon registering at the phishing site and clicking to fund my account, I was presented with the exact same Bitcoin address that Mitch said he paid. Shortly after it came online as a phishing site last year, BriansClub[.]com com, vclub[.]cards,

Phishing 363

Phishing Blockchain Security IT 363

Data Breach Today

NOVEMBER 23, 2022

But strong authentication can thwart even the most clever phishing campaigns, says Brett Winterford, regional chief security officer for APJ at Okta. Successful account takeovers are one of the most common ways that organizations end up with attackers in their systems.

Phishing 230

Phishing Authentication Security 230

Data Breach Today

JULY 14, 2022

Attackers Targeted More Than 10,000 Organizations Since Last September Attackers used a phishing campaign to direct unwitting Microsoft business email customers into supplying logon credentials to a proxy server. Attackers stole online session cookies, allowing them to defeat MFA and access inboxes.

Phishing 343

Phishing Access 343

Data Breach Today

AUGUST 27, 2022

Unusual Activity' By Third-Party Service Provider to Blame Food delivery firm DoorDash says its customers and employees have been impacted by the phishing attack on its third-party service provider.

Phishing 220

Phishing IT 220

Krebs on Security

FEBRUARY 1, 2021

Authorities in the United Kingdom have arrested a 20-year-old man for allegedly operating an online service for sending high-volume phishing campaigns via mobile text messages. ” SMS Bandits offered an SMS phishing (a.k.a. Image: osint.fans. “But on the telecom front they were using fairly sophisticated tactics.”

Phishing 338

Phishing Passwords Security Marketing 338

Data Breach Today

MARCH 7, 2021

Zscaler Says it Prevented Over 2,500 Phishing Attacks A Microsoft-themed phishing campaign is using phony Google reCAPTCHA in an attempt to steal credentials from senior employees of various organizations, a new report by security firm Zcaler says. The company adds it prevented more than 2,500 phishing emails tied to the campaign.

Phishing 277

Phishing Security IT 277

Data Breach Today

MARCH 28, 2023

Attackers Using Decentralized File Protocol to Deliver Phishing Pages Credential harvesting attackers are taking advantage of a distributed file protocol to distribute customized phishing links.

Phishing 169

Phishing IT 169

Data Breach Today

AUGUST 19, 2022

AWS Domains Used to Send Phishing Emails and Steal Credentials Threat actors are using Amazon Web Services solutions to create phishing pages that bypass security scanners and scam victims into handing over credentials.

Phishing 225

Phishing Security 225

Data Breach Today

JULY 29, 2022

Customers of 'Robin Banks' Platform Have Netted $500,000 Fifty bucks gets cybercriminals access to a phishing-as-a-service platform for campaigns impersonating major brands in the United States and other English-speaking countries.

Phishing 299

Phishing Access 299

Data Breach Today

DECEMBER 10, 2022

Class Action Lawsuit Filed Against Rackspace for Negligence Hosted services company Rackspace is warning customers about the increasing risk of phishing attacks following a ransomware attack causing ongoing outages to its hosted Exchange environment. The Texas-based firm also is now facing a class action lawsuit.

Phishing 198

Phishing Ransomware Risk IT 198

Krebs on Security

NOVEMBER 10, 2021

” The remarkable aspect of these phone-based phishing scams is typically the attackers never even try to log in to the victim’s bank account. We don’t know what the fraudsters behind this clever hybrid SMS/voice phishing scam intended to do with the information they might have coaxed from Stevens’ daughter.

Phishing 359

Phishing Security IT 359

KnowBe4

AUGUST 30, 2023

No surprise: phishing attacks are on the rise, and a new technique is becoming increasingly popular: open redirect flaws. These flaws allow attackers to redirect victims to malicious websites, even if the link in the phishing email appears to be legitimate.

Phishing 116

Phishing 116

Data Breach Today

MAY 19, 2023

BulletProofLink Found A Way To Thewart Impossible Travel Detection A large-scale phishing-as-a-service operation is shifting tactics to allow attackers to avoid anomaly detection by using localized IP addresses, warns Microsoft.

Phishing 172

Phishing 172

KnowBe4

SEPTEMBER 12, 2023

Phishing attacks have always been detected through broken English, but now generative artificial intelligence (AI) tools are eliminating all those red flags. OpenAI ChatGPT, for instance, can fix spelling mistakes, odd grammar, and other errors that are common in phishing emails.

Artificial Intelligence 115

Artificial Intelligence Phishing 115

Krebs on Security

MARCH 23, 2021

A phishing attack last week gave attackers access to email and files at the California State Controller’s Office (SCO), an agency responsible for handling more than $100 billion in public funds each year. And spear-phishing others that frequently interact with the SCO via email could land the bad guys even more access to state systems.

Phishing 298

Phishing Data breaches Passwords Access 298

KnowBe4

SEPTEMBER 8, 2023

The Interisle Consulting Group has published a paper looking at the phishing landscape in 2023, KrebsOnSecurity reports. top-level domain is being widely abused in phishing attacks. Notably, Interisle found that the.us

Phishing 94

Phishing Paper 94

KnowBe4

SEPTEMBER 13, 2023

Researchers at Cyfirma outline trends in phishing campaigns around the world, finding that Singapore is disproportionately targeted by phishing attacks.

Phishing 104

Phishing Security awareness Cybersecurity Security 104

IT Governance

SEPTEMBER 15, 2023

Welcome to our September 2023 catches of the month feature, which examines recent phishing scams and the tactics criminals use to trick people into compromising their data. Storm-0324’s phishing lures “typically reference invoices and payments, mimicking services such as DocuSign, Quickbooks, and others”.

Phishing 95

Phishing Security Ransomware Passwords 95

KnowBe4

SEPTEMBER 11, 2023

Researchers at Truesec are tracking a phishing campaign that’s distributing the DarkGate Loader malware via external Microsoft Teams messages.

Phishing 112

Phishing Security awareness Cybersecurity Security 112

IBM Big Data Hub

AUGUST 9, 2023

A phishing simulation is a cybersecurity exercise that tests an organization’s ability to recognize and respond to a phishing attack. During a phishing simulation, employees receive simulated phishing emails (or texts or phone calls) that mimic real-world phishing attempts. million phishing sites.

Phishing 78

Phishing Security awareness Cybersecurity Security 78

KnowBe4

SEPTEMBER 16, 2023

Dallas Mavericks owner and well-known investor Mark Cuban reportedly lost nearly $900,000 in a phishing attack targeting his MetaMask cryptocurrency wallet.

Phishing 105

Phishing 105

IT Governance

JUNE 8, 2023

Phishing is one of the most common and dangerous forms of cyber crime. Despite an array of technological solutions designed to counter phishing attacks – from antimalware software to password protections – the main weapon in anyone’s arsenal should be knowledge and awareness. How common are phishing attacks?

Phishing 107

Phishing Data breaches Ransomware Security 107