Spear Phishing - Top 3 Threats

Data Breach Today

Among the top new spear phishing threats to enterprises: Extortion. Asaf Cidon of Barracuda outlines the top three spear phishing threats and new strategies to defend against them

Attacking Phishing With SOAR

Data Breach Today

Myke Lyons of ServiceNow on Tackling Social Engineering Threats Phishing remains one of the most significant attack vectors, and security automation, orchestration and response, or SOAR, can help minimize the threat, says Myke Lyons of ServiceNow

Apple Phone Phishing Scams Getting Better

Krebs on Security

A new phone-based phishing scam that spoofs Apple Inc. As I noted in my October 2018 piece, Voice Phishing Scams are Getting More Clever , phone phishing usually invokes an element of urgency in a bid to get people to let their guard down.

Voice Phishing Scams Are Getting More Clever

Krebs on Security

Most of us have been trained to be wary of clicking on links and attachments that arrive in emails unexpected, but it’s easy to forget scam artists are constantly dreaming up innovations that put a new shine on old-fashioned telephone-based phishing scams. FULLY AUTOMATED PHONE PHISHING.

Half of all Phishing Sites Now Have the Padlock

Krebs on Security

Maybe you were once advised to “look for the padlock” as a means of telling legitimate e-commerce sites from phishing or malware traps. A live Paypal phishing site that uses [link] (has the green padlock). A live Facebook phish that uses SSL (has the green padlock).

Fighting Against Phishing

Data Breach Today

Richard Conti of Children's Hospital of Philadelphia on Risk Mitigation Steps Because phishing attacks are so pervasive, aggressive staff educational efforts are essential, says Richard Conti of The Children's Hospital of Philadelphia, who also discusses other risk mitigation steps

Wipro Detects Phishing Attack: Investigation in Progress

Data Breach Today

Security Experts Weigh In on Who Might Be the Culprit Indian IT service firm Wipro on Tuesday said that it has detected abnormal activities on some of its employee accounts due to an advanced phishing campaign.

UConn Health Among the Latest Phishing Victims

Data Breach Today

A Number of Newly Reported Health Data Breaches Stem From Email Incidents Phishing and other hacking incidents have led to several recently reported large health data breaches, including one that UConn Health reports affected 326,000 individuals

Oregon Agency Reports Phishing Attack Affecting 350,000

Data Breach Today

Incident Among Largest Health Data Breaches So Far in 2019 The Oregon Department of Human Services is among the latest entities to reveal a phishing breach impacting the protected health information of hundreds of thousands of individuals

Phishing, Ransomware Attacks Continue to Menace Healthcare

Data Breach Today

Arizona Cancer Center a Recent Victim of Major Phishing Attack As the year winds down, phishing and ransomware attacks continue to plague the healthcare sector, as illustrated by recent breach reports.

The Year Targeted Phishing Went Mainstream

Krebs on Security

A story published here on July 12 about a new sextortion-based phishing scheme that invokes a real password used by each recipient has become the most-read piece on KrebsOnSecurity since this site launched in 2009. There are several interesting takeaways from this phishing campaign.

Sophisticated Voice Phishing Scams

Schneier on Security

Brian Krebs is reporting on some new and sophisticated phishing scams over the telephone. fraud phishing scams socialengineeringI second his advice: "never give out any information about yourself in response to an unsolicited phone call."

Phishing Scams in Healthcare: A Persistent Threat

Data Breach Today

Breach Tally Shows Hacking Attacks Involving Email Continue to Plague the Sector With the year nearly over, hacking attacks - especially those involving phishing and other email attacks - continue to rack up big victim counts for health data breaches reported to federal regulators in 2018

Ultra-Sneaky Phishing Scam Swipes Facebook Credentials

Threatpost

Researchers warn that the phishing campaign looks "deceptively realistic.". Web Security Credentials Facebook Phishing phishing campaign social engineering

Google is going to block logins from embedded browsers against MitM phishing attacks

Security Affairs

Google this week announced that it is going to block login attempts from embedded browser frameworks to prevent man-in-the-middle (MiTM) phishing attacks. “However, one form of phishing, known as “ man in the middle ” (MITM), is hard to detect when an embedded browser framework (e.g.,

Phishing campaign leverages Google Translate as camouflage

Security Affairs

Crooks leverage Google Translate service as camouflage on mobile browsers in a phishing campaign aimed at stealing Google account and Facebook credentials. These phishing emails pose as alerts sent by Google that inform users that their accounts were accessed from a new Windows device.

Beyond Phishing: The New Face of Cybersecurity Awareness

Data Breach Today

Terranova's Lise Lapointe on How Cybersecurity Awareness Must Evolve As CEO of Terranova Security, an awareness training provider, Lise Lapointe sees an evolution of education programs that used to be merely phishing simulation tests.

UConn Health Among the Latest Apparent Phishing Victims

Data Breach Today

A Number of Newly Reported Health Data Breaches Stem From Email Incidents Phishing and other hacking incidents have led to several recently reported large health data breaches, including one that UConn Health reports affected 326,000 individuals

Phishing Campaign Hits Credit Unions

Adam Levin

A phishing campaign targeting credit unions and other financial institutions recently found its way into the email inboxes of anti-money laundering officers. The post Phishing Campaign Hits Credit Unions appeared first on Adam Levin.

Why Do Phishing Attacks Continue to Plague Healthcare?

Data Breach Today

Experts Offer Tips for How to Avoid Falling Victim Several health data breaches involving phishing attacks - including one that potentially exposed data on more than 100,000 individuals - have been added to the federal health data breach tally this month.

ThreatList: Phishing Attacks Doubled in 2018

Threatpost

Scammers used both older, tested-and-true phishing tactics in 2018 - but also newer tricks, such as fresh distribution methods, according to a new report. Most Recent ThreatLists Web Security Cryptocurrency Kaspersky Phishing rate of attacks scam social media phishing Spam tax phishing the report

Google: Security Keys Neutralized Employee Phishing

Krebs on Security

Google has not had any of its 85,000+ employees successfully phished on their work-related accounts since early 2017, when it began requiring all employees to use physical Security Keys in place of passwords and one-time codes, the company told KrebsOnSecurity.

Steele Dossier Case: Expert Traces Spear-Phishing of DNC

Data Breach Today

XBT/Webzilla Hosting Infrastructure Used for Nation-State Hacking, Expert Finds Web hosting firm XBT/Webzilla's infrastructure was used to attack the U.S.

Facebook login phishing campaign can deceive tech-savvy users

Security Affairs

Security experts at Myki have recently discovered a new phishing campaign that could deceive even most tech-savvy users. SecurityAffairs – phishing, Facebook). The post Facebook login phishing campaign can deceive tech-savvy users appeared first on Security Affairs.

The Art of the Steal: FIN7's Highly Effective Phishing

Data Breach Today

Cybercrime Gang Phoned Victims to Increase Phishing Attack Success Rates The FIN7 cybercrime gang regularly phoned victims, posing as buyers, to trick victims into opening phishing emails and attachments with malware, federal prosecutors allege.

Mobile-First Phishing Kit Targets Verizon Customers

Threatpost

Mobile Security Lookout mobile first mobile tailored mobile threats Phishing kit VerizonThe kit's authors demonstrate a knowledge of Verizon's infrastructure.

Crooks abuse GitHub platform to host phishing kits

Security Affairs

Experts at Proofpoint discovered that free code repositories on GitHub have been abused since at least 2017 to host phishing websites. Researchers at Proofpoint reported that crooks are abusing free code repositories on GitHub to host phishing websites and bypass security defenses.

Lazarus Hackers Phish For Bitcoins, Researchers Warn

Data Breach Today

Bitcoin Exchange Job Lure Traces to Hackers Tied to North Korea Bitcoin-seeking phishing attacks have been trying to socially engineer would-be cryptocurrency exchange executives, warn researchers at Secureworks.

Very trivial Spotify phishing campaign uncovered by experts

Security Affairs

Researchers at AppRiver uncovered a very trivial phishing campaign targeting the streaming service Spotify, anyway, it is important to share info about it. Security researchers at AppRiver uncovered a phishing campaign targeting the popular streaming service Spotify.

Phishing Campaign Targeting Verizon Mobile Users

Dark Reading

Lookout Phishing AI, which discovered the attack, says it has been going on since late November

Phishing Exposed Medicaid Details for 30,000 Floridians

Data Breach Today

No Misuse of Exposed Data Has Been Reported - Yet Personal details for 30,000 Medicaid recipients in Florida may have been exposed after a government employee fell victim to a phishing attack, state officials warn.

A Successful Strategy for Fighting Phishing

Data Breach Today

Brent Maher of Johnson Financial Group Offers Real-World Lessons Learned The key to lowering the risk of employees becoming victims of phishing is to adopt an "adult learning" approach to training, says Brent Maher, CISO at Johnson Financial Group

Clever Phishing Attack Enlists Google Translate to Spoof Login Page

Threatpost

A tricky two-stage phishing scam is targeting Facebook and Google credentials using a landing page that hides behind Google's translate feature. Web Security Credential stuffing Credential Theft Facebook google Google Translate Phishing phishing scam

FTC Warns of Netflix Phishing Scam Making Rounds

Threatpost

Web Security email scam Netflix Phishing phishing attack scamThe scam targets Netflix users and asks for payment information.

Hackers launched phishing attacks aimed at bypassing Gmail, Yahoo 2FA at scale

Security Affairs

Amnesty International warns of threat actors that are launching phishing attacks aimed at bypassing Gmail, Yahoo 2FA at scale. Amnesty experts monitored several credential phishing campaigns targeting individuals across the Middle East and North Africa.

Baystate says breach from phishing attack could affect 12,000

Information Management Resources

Phishing attacks that hit several employees at Baystate Health resulted in about 12,000 individuals’ health records potentially compromised. Phishing Data security Cyber security Malware HIPAA regulations EHR training

5 ways to detect a phishing email

IT Governance

Phishing has been used as a way for criminal hackers to gain sensitive information since the mid-1990s. Phishing emails can impersonate well-known brands or even people you know, such as colleagues. Phishing attacks are becoming more sophisticated, making them harder to detect.

Phishing Tactic Hides Tracks with Custom Fonts

Threatpost

The phishing campaign is using a new technique to hide the source code of its landing page - and stealing credentials from customers of a major U.S.-based Web Security Bank Credential Stealing custom fonts obfuscation Phishing phishing campaign retail substitution cipherbased bank.

Nation-State Spear Phishing Attacks Remain Alive and Well

Data Breach Today

Russians Tied to Hack Attacks, But 'Two-Factor' No Silver Bullet, Google Warns Spear phishing attacks are in the news again following the Justice Department's indictment of Russian military intelligence officers for alleged attacks against U.S. Here's how to play better phishing defense

PhishX: The Most Powerful Spear Phishing Tool

IG Guru

The post PhishX: The Most Powerful Spear Phishing Tool appeared first on IG GURU. IG News Information Governance information security Records Management Risk News Security Social Media Hacking phishing PhishX Social Engineering Spear FishingSee how hackers can hack an Instragram in less than 4 minutes. What are you doing to protect yourself?