Voice Phishing Scams Are Getting More Clever

Krebs on Security

Most of us have been trained to be wary of clicking on links and attachments that arrive in emails unexpected, but it’s easy to forget scam artists are constantly dreaming up innovations that put a new shine on old-fashioned telephone-based phishing scams. FULLY AUTOMATED PHONE PHISHING.

Sophisticated Voice Phishing Scams

Schneier on Security

Brian Krebs is reporting on some new and sophisticated phishing scams over the telephone. fraud phishing scams socialengineeringI second his advice: "never give out any information about yourself in response to an unsolicited phone call."

The Year Targeted Phishing Went Mainstream

Krebs on Security

A story published here on July 12 about a new sextortion-based phishing scheme that invokes a real password used by each recipient has become the most-read piece on KrebsOnSecurity since this site launched in 2009. There are several interesting takeaways from this phishing campaign.

Google: Security Keys Neutralized Employee Phishing

Krebs on Security

Google has not had any of its 85,000+ employees successfully phished on their work-related accounts since early 2017, when it began requiring all employees to use physical Security Keys in place of passwords and one-time codes, the company told KrebsOnSecurity.

The Art of the Steal: FIN7's Highly Effective Phishing

Data Breach Today

Cybercrime Gang Phoned Victims to Increase Phishing Attack Success Rates The FIN7 cybercrime gang regularly phoned victims, posing as buyers, to trick victims into opening phishing emails and attachments with malware, federal prosecutors allege.

A Successful Strategy for Fighting Phishing

Data Breach Today

Brent Maher of Johnson Financial Group Offers Real-World Lessons Learned The key to lowering the risk of employees becoming victims of phishing is to adopt an "adult learning" approach to training, says Brent Maher, CISO at Johnson Financial Group

Lazarus Hackers Phish For Bitcoins, Researchers Warn

Data Breach Today

Bitcoin Exchange Job Lure Traces to Hackers Tied to North Korea Bitcoin-seeking phishing attacks have been trying to socially engineer would-be cryptocurrency exchange executives, warn researchers at Secureworks.

Phishing Exposed Medicaid Details for 30,000 Floridians

Data Breach Today

No Misuse of Exposed Data Has Been Reported - Yet Personal details for 30,000 Medicaid recipients in Florida may have been exposed after a government employee fell victim to a phishing attack, state officials warn.

The People Factor: Fight back Against Phishing

Data Breach Today

Phishing remains the top attack vector, and an organization's people of course remain the top target. But how can these same people be leveraged as a key component in your anti-phishing defense? Kurt Wescoe of Wombat shares insight

Phishing Defense: Block OAuth Token Attacks

Data Breach Today

But OAuth Attack Defense Remains Tricky, Warns FireEye's Douglas Bienstock Just one click: That's all it takes for a victim to inadvertently grant attackers access to their email account via a third-party application. Here's how to spot signs of OAuth-related hacking and how to defend against it

5 ways to detect a phishing email

IT Governance

Phishing has been used as a way for criminal hackers to gain sensitive information since the mid-1990s. Phishing emails can impersonate well-known brands or even people you know, such as colleagues. Phishing attacks are becoming more sophisticated, making them harder to detect.

Widespread Phishing Campaign Targets Financial Institutions

Data Breach Today

A phishing attack on Wednesday fueled by the Necurs botnet targeted at least 2,700 banking institutions of various sizes in the U.S. and around the world, explains Aaron Higbee of Cofense, which detected the attack

Office 365 Phishing Campaign Hides Malicious URLs in SharePoint Files

Threatpost

Hacks Web Security Malicious URL microsoft phishing Microsoft SharePoint Office 365 Phishing phishing attack phishing campaign SharepointResearchers say the "PhishPoint" tactic has already impacted 10 percent of Office 365 users globally.

4 reasons why phishing is so successful

IT Governance

Phishing attacks are on the rise, evolving in variety and sophistication and threatening email security. An IRONSCALES report has revealed that 90–95% of all successful cyber attacks begin with a phishing email. Widespread availability of low-cost phishing and ransomware tools.

Mid-sized organisations are the most vulnerable to phishing attacks

IT Governance

However, this strength turns to weakness when it comes to phishing. By training employees on using strong passwords and being more vigilant at spotting phishing attacks, businesses can significantly increase the strength of their IT security.” . How to avoid phishing attacks .

Innovative Phishing Tactic Makes Inroads Using Azure Blob

Threatpost

Cloud Security Web Security Azure blob campaign cloud storage Microsoft Netskope phishing techniqueA brand-new approach to harvesting credentials hinges on users' lack of cloud savvy.

7 Most Prevalent Phishing Subject Lines

Dark Reading

The most popular subject lines crafted to trick targets into opening malicious messages, gleaned from thousands of phishing emails

New Phishing Scam Reels in Netflix Users to TLS-Certified Sites

Threatpost

Researchers are warning of a new Netflix phishing scam that leads to sites with valid TLS certificates. Hacks Privacy Netflix Netflix phishing Phishing phishing scam TLS sites

RSA Fraud Report: Newsjacking-Based Phishing on the Rise

Data Breach Today

Angel Grant Analyzes Findings, Which Also Show a Surge in Mobile App Fraud RSA's most recent Quarterly Fraud Report shows that "newsjacking" is increasingly empowering phishing attacks, says Angel Grant, RSA's director of identity fraud and risk intelligence.

GDPR phishing scam targets Airbnb customers

IT Governance

Criminal hackers are taking advantage of the imminent General Data Protection Regulation (GDPR) with a phishing campaign targeting Airbnb customers. The phishing scam seeks to exploit this. How can I detect a phishing email? There are a number of ways to spot a phishing email.

TSB customers targeted by mobile phishing attacks

IT Governance

Cyber criminals are taking advantage of TSB’s recent IT problems to exploit customers using mobile phishing attacks. According to Wired , the phishing attacks encourage TSB customers to click a fraudulent URL and enter their credentials to file a complaint against the company.

Detecting Phishing Sites with Machine Learning

Schneier on Security

certificates machinelearning phishing spoofingReally interesting article : A trained eye (or even a not-so-trained one) can discern when something phishy is going on with a domain or subdomain name.

Police Bust 20 Phishing Suspects in Italy, Romania

Data Breach Today

Arrests Came After a Two-Year Investigation of 'Highly Organized' Crime Group Police have charged 20 Romanian and Italian nationals with running spear-phishing attacks that stole more than $1 million from online bank customers.

Phishing Campaign Steals Money From Industrial Companies

Threatpost

Phishing emails purported to be commercial offers - but were really installing remote administration software on victims’ systems. Hacks Malware Uncategorized Web Security data theft email scam Industrial Security malware Phishing Phishing emails remote administration software

Dridex Banking Trojan Phishing Campaign Ties to Necurs

Data Breach Today

Botnet Also Pushes Ransomware, Cryptocurrency, 'Virtual Kisses' The operators of the Necurs botnet continue to target victims with phishing campaigns designed to infect them with banking malware, ransomware and cryptocurrency fever, as well as to generate profits via dating website referrals

False Alarm: Phishing Attack Against DNC Was Just a Test

Data Breach Today

Unannounced Exercise Stoked Voter Database Hacking Fears A website that appeared to be part of a phishing campaign designed to gain access to the Democratic National Committee's voter database has turned out to be part of an uncoordinated security exercise.

DanaBot Trojan Targets Bank Customers In Phishing Scam

Threatpost

A new phishing scam purports to be MYOB invoices - but really contains a novel banking trojan. Malware Vulnerabilities banking trojan DanaBot malware MYOB Phishing phishing email scam Trojan

Mayfair art dealers suffer phishing attack

IT Governance

Recent reports of a phishing attack on Mayfair art dealers have revealed that “at least nine galleries or individuals were affected, including Hauser & Wirth, and London-based dealers Simon Lee, Thomas Dane, Rosenfeld Porcini and Laura Bartlett”.

Account Takeover Attacks Become a Phishing Fave

Dark Reading

More than three-quarters of ATOs resulted in a phishing email, a new report shows

Think you’re not susceptible to phishing? Think again

IT Governance

Phishing is big business for cyber criminals. According to PhishMe’s Enterprise Phishing Resiliency and Defense Report 2017 , phishing attacks rose by 65% last year, with the average attack costing mid-sized companies $1.6 Help your staff avoid phishing attacks.

MY TAKE: As phishers take aim at elections, why not train employees to serve as phishing police?

The Last Watchdog

If there is a data breach or some other cybersecurity incident, a phishing attack was probably involved. Over 90 percent of incidents begin with a phishing email. One of the more infamous hacks in recent years, the DNC data breach , was the result of a phishing attack. Related: Carpet bombing of phishing emails endures. Phishing is the number one way organizations are breached, Aaron Higbee, CTO and co-founder of Cofense, told me at Black Hat USA 2018 in Las Vegas.

Anatomy of a Cryptocurrency Phishing Campaign

Data Breach Today

North Korea Keeps Hacking for Bitcoins, Researchers Say Virtual currency that's been surging in value, stored in internet-connected banks and virtual "hot wallets": What could go wrong?

75% of organisations have been hit by spear phishing

IT Governance

Phishing scams are relatively mundane compared to the sophisticated attacks that you read about in the news, but it’s important to remember that sometimes the biggest threats are right at your doorstep. Phishing is a top concern.

Vanderbilt issues warning about email spoofing, phishing attacks

Information Management Resources

A warning has been issued to the staff at Vanderbilt University Medical Center about email spoofing and phishing attacks. Phishing Cyber attacks Cyber security Hospitals and clinics

Industrial Sector targeted in surgical spear-phishing attacks

Security Affairs

Industrial sector hit by a surgical spear-phishing campaign aimed at installing legitimate remote administration software on victims’ machines. The spear-phishing campaign is still ongoing, the messages purported to be invitations to tender from large industrial companies.

New Actor DarkHydrus Targets Middle East with Open-Source Phishing

Threatpost

Critical Infrastructure Hacks Malware Web Security darkhydrus iqy Open Source palo alto unit 42 Phishery phishing campaign rogue robin Spear Phishing threat actorDarkHydrus uses the open-source Phishery tool to create two of the known Word documents used in the attacks.

Phishing Biggest Threat to Google Account Security

Threatpost

Phishing remains the biggest account takeover threat to Google users, surpassing keyloggers and credential leaks. Web Security account hijacking account takeover credential leaks google Keyloggers Phishing Stolen Credentials

Phishing Attack Bypasses Two-Factor Authentication

Dark Reading

Hacker Kevin Mitnick demonstrates a phishing attack designed to abuse multi-factor authentication and take over targets' accounts

PhishPoint Phishing Attack – A new technique to Bypass Microsoft Office 365 Protections

Security Affairs

PhishPoint is a new SharePoint phishing attack that affected an estimated 10% of Office 365 users over the last 2 weeks. “Over the past two weeks, we detected (and blocked) a new phishing attack that affected about 10% of Avanan’s Office 365 customers.

GDPR Phishing Scam Targets Apple Accounts, Financial Data

Threatpost

A phishing scam fooled victims by claiming to be Apple and scooping up personal details – including financial information and Apple account information. Vulnerabilities Web Security apple Apple ID GDPR Phishing social engineering spoof website Spoofing

Why the Netflix Phishing Email Works So Well

WIRED Threat Level

That Netflix phishing scheme has been around for months—and it's clever enough to stick around. Security

ThreatList: Financial-Themed Phishing Hooks Targets in Q2

Threatpost

In addition to traditional phishing, fraudulent cryptocurrency offers pose a rising trend. Hacks Most Recent ThreatLists Web Security analysis Cryptocurrency Financial it sector Kaspersky Lab Phishing q2 second quarter Spam trends

Phishing attack results in a breach at Texas anesthesia practice

Information Management Resources

Phishing Data breaches Cyber security Protected health information HIPAA regulationsCriminals had data access to patient data for more than a month before discovery.