Expert insights. Personalized for you.
Proofpoint: Attackers Tried to Harvest Microsoft Office Credentials The Iranian-linked threat group TA453, also known as Charming Kitten and Phosphorus, conducted a phishing campaign, dubbed "BadBlood," in late 2020 that targeted senior U.S. MORE
Researchers: Fraudsters Used Combination of Techniques Security researchers at Armorblox uncovered an unusual invoice-themed phishing campaign designed to extract victims' Microsoft Office 365 login credentials, alternate email addresses and phone numbers MORE
Social Media Firm Says Fraudsters Executed Their Cryptocurrency Scam Within a Day The hackers who hijacked 130 high-profile Twitter accounts as part of a cryptocurrency scam earlier this month used a telephone-based spear-phishing attack to obtain employee credentials, the social media company says MORE
Proofpoint Describes Campaign That Uses Conference as a Lure The Iranian advanced persistent threat group TA453 has been conducting a series of spear-phishing attacks in an attempt to steal sensitive information from scholars who study the Middle East, according to Proofpoint MORE
Intrusion Affects Patients, Employees and Students UC San Diego Health says a phishing incident led to unauthorized access to an undisclosed amount of information on patients, employees and students for at least four months MORE
Unauthorized Access and Malware Also Among Top Causes, UK Privacy Watchdog Reports Phishing, ransomware and unauthorized access continue to be the leading cyber causes of violations of data protection rules and personal data breaches, Britain's privacy watchdog reports. MORE
NimzaLoader Uses Nim Programming Language to Avoid Detection An ongoing spear-phishing campaign by the threat group TA800 is distributing a new malware loader based on the Nim programming language that's designed to help avoid detection, according to the cybersecurity company Proofpoint MORE
Researchers Found Hackers Deploying Morse Code to Help Evade Detection A yearlong phishing campaign used various techniques to help evade security tools while attempting to harvest the credentials of Office 365 users, according to Microsoft researchers. MORE
Researchers Say BulletProofLink Subscription Offers Many Services Microsoft Security on Tuesday issued a detailed report on a massive phishing-as-a-service operation named BulletProofLink that offered as a subscription all the tools needed to conduct a campaign. MORE
Phishing Campaigns Up Since the Onset of Pandemic TrickBot is the malware most commonly distributed in phishing emails that use the COVID-19 pandemic as a lure to entice victims to open up attached files or malicious links, according to Microsoft MORE
A phishing attack last week gave attackers access to email and files at the California State Controller’s Office (SCO), an agency responsible for handling more than $100 billion in public funds each year. MORE
Researchers: Campaign Designed to Steal Users' Credentials, Launch Other Attacks A recent phishing campaign bypassed multifactor authentication protections within Microsoft Office 365 to steal users' credentials stored in the cloud or launch other attacks, according to the security firm Cofense MORE
Malwarebytes Says Campaign Designed to Steal Banking Credentials Malwarebytes reports that a newly discovered phishing campaign is spoofing a U.S. Small Business Administration loan offer in an attempt to steal banking credentials and other personal data MORE
Patient Data Exposed in Several Email-Related Cases As healthcare sector organizations continue to fall victim to phishing incidents, the number of individuals affected by health data breaches involving compromised email accounts continues to rise MORE
Microsoft: Russians Used Malicious Messages Portrayed as Coming From USAID A Russian group that was behind the massive SolarWinds supply chain attack has returned with a fresh phishing campaign, according to Microsoft. MORE
Fraudsters Using Evasive Techniques to Bypass Secure Email Gateways Microsoft's Security Intelligence team is warning users of the Office 365 suite about an ongoing phishing campaign that appears to be harvesting victims' credentials. MORE
Authorities in the United Kingdom have arrested a 20-year-old man for allegedly operating an online service for sending high-volume phishing campaigns via mobile text messages. ” SMS Bandits offered an SMS phishing (a.k.a. MORE
Meanwhile, Breaches Involving Military Secrets and CCTV Footage Beset UK Government Phishing, ransomware and unauthorized access remain the leading causes of personal data breaches as well as violations of data protection rules, Britain's privacy watchdog reports. MORE
Cybercriminals are using Salesforce’s mass email service to dupe people into handing over credit card numbers, credentials and other personal information in a novel phishing campaign that highlights the threats to corporate networks that can come from whitelisted email addresses. MORE
Researchers: Employees Lured With Messages About Shift to Workplace Researchers at Abnormal Security have uncovered a credential-stealing phishing campaign that spoofs internal company memos concerning returning to the office MORE
Ongoing Campaign Also Uses Malicious CAPTCHA Verification Page Microsoft is warning of a "widespread" phishing campaign in which fraudsters use open redirect links to lure users to malicious websites to harvest Office 365 and other credentials, according to a recent report. MORE
Researchers Found Hackers Deploying Morse Code To Help Evade Detection A year-long phishing campaign used various techniques to help evade security tools while attempting to harvest the credentials of Office 365 users, according to Microsoft researchers. MORE
Trend Micro Says Campaign Designed to Steal Executives' Credentials A targeted phishing campaign is using a fake Microsoft Office 365 update to steal email credentials from business executives, and the credentials are then being offered for sale in underground forums, security firm Trend Micro reports. MORE
Researchers Find Fraudsters Pose as HR Execs to Harvest Credentials A recently uncovered phishing campaign used fake COVID-19 vaccination forms - and took advantage of confusion over whether employees will return to their offices this fall - to harvest workers' email credentials, according to analysts with security firm INKY. MORE
Two Men Accused of Sending Messages to Obtain Personal, Bank Information Australian police say they've broken up a sophisticated SMS phishing scheme designed to collect personal details and bank login credentials. MORE
Researchers: Emails Contain Google Links to Make Them Appear Credible Some fraudsters waging phishing campaigns are using fake websites hosted on Google's Firebase Storage service in an attempt to harvest credentials, according to Trustwave, which notes the phishing emails contain links to the service to make them look more credible. MORE
The payment message displayed by the carding site phishing domain BriansClub[.]com. However, upon registering at the phishing site and clicking to fund my account, I was presented with the exact same Bitcoin address that Mitch said he paid. MORE
Microsoft: Attackers Are Spreading Remote Access Trojans A spear-phishing campaign is targeting aviation companies, using malicious documents that deliver information-stealing malware, according to alerts from Microsoft Security Intelligence MORE
Zscaler Says it Prevented Over 2,500 Phishing Attacks A Microsoft-themed phishing campaign is using phony Google reCAPTCHA in an attempt to steal credentials from senior employees of various organizations, a new report by security firm Zcaler says. MORE
Researchers: Campaign Looks To Harvest Users' Office 365 Credentials An ongoing phishing campaign designed to harvest Office 365 credentials is using a Microsoft Outlook migration message, according to researchers at Abnormal Security. MORE
Scammers Now Attempting to Steal Banking and Driver's License Information Fraudsters operating an election-themed phishing campaign have tweaked their malicious landing pages to harvest more information, including banking credentials, account data and vehicle identification information, Proofpoint reports. MORE
Researchers: 'LogoKit' Found on 700 Domains Researchers at the security firm RiskIQ have discovered a phishing kit they call "LogoKit" that fraudsters can use to easily change lures, logos and text in real time to help trick victims into opening up messages and clicking on malicious links MORE
Researchers: 'Shadow Academy' Activity Coincided With Start of School Year A hacking group targeted 20 universities and other schools around the world earlier this year with a series of phishing campaigns designed to steal credentials, according to researchers at RiskIQ MORE
Emails Contain Legitimate Links That Lead to Authentic PayPal Site In a new phishing scam that leverages the PayPal brand, attackers are using automated scripts and live chat as a way of compromising devices and bypassing secure email gateways MORE
The problem with spear phishing it that it takes time and creativity to create individualized enticing phishing emails. The real risk isn’t that AI-generated phishing emails are as good as human-generated ones, it’s that they can be generated at much greater scale. MORE
The oil and gas industry is yet again a victim of Agent Tesla malware A sophisticated campaign that uses remote access Trojans and malware-as-a-service threats for cyber espionage purposes has been targeting large international energy companies for at least a year, according to cybersecurity company Intezer. MORE
Researchers: Fraudsters Target Office 365 Users to Harvest Credentials Researchers have uncovered a fresh phishing campaign that mimics the automated messages of the popular business communication platform Microsoft Teams in an attempt to harvest users' Office 365 login credentials MORE
Microsoft Spots Malicious Messages Spreading LokiBot Infostealer Fraudsters are honing their phishing emails tied to the COVID-19 crisis, using fake messages about business continuity plans and new payment procedures to spread the LokiBot information stealer, Microsoft researchers report MORE
Oil and Gas Industry Yet Again a Victim of Agent Tesla Malware A campaign that uses remote access Trojans and malware-as-a-service infrastructure for cyberespionage purposes has been targeting large international energy companies for at least a year, according to cybersecurity company Intezer MORE
Latest Schemes Target At-Home Employees; Some Spoof Health Agencies As the global COVID-19 pandemic worsens, security firms and law enforcement, including the FBI, are warning of increasing phishing and other the cybercriminal scams targeting a largely at-home workforce MORE
Cofense: Fraudsters Use Trusted Web Services to Evade Security Protocols A fresh round of phishing attacks is relying on using trusted services and a well-designed social engineering scheme to trick users into enabling malware to bypass an end point's security protocols, says Aaron Higbee of the security firm Cofense. MORE
Phishing Related Topics 
Data Breach Today
AUGUST 30, 2021
Researchers Find Fraudsters Pose as HR Execs to Harvest Credentials A recently uncovered phishing campaign used fake COVID-19 vaccination forms - and took advantage of confusion over whether employees will return to their offices this fall - to harvest workers' email credentials, according to analysts with security firm INKY.
Krebs on Security
FEBRUARY 1, 2021
Authorities in the United Kingdom have arrested a 20-year-old man for allegedly operating an online service for sending high-volume phishing campaigns via mobile text messages. ” SMS Bandits offered an SMS phishing (a.k.a.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Data Breach Today
AUGUST 16, 2021
Researchers Found Hackers Deploying Morse Code to Help Evade Detection A yearlong phishing campaign used various techniques to help evade security tools while attempting to harvest the credentials of Office 365 users, according to Microsoft researchers.
Data Breach Today
MAY 28, 2021
Microsoft: Russians Used Malicious Messages Portrayed as Coming From USAID A Russian group that was behind the massive SolarWinds supply chain attack has returned with a fresh phishing campaign, according to Microsoft.
Krebs on Security
AUGUST 9, 2021
The payment message displayed by the carding site phishing domain BriansClub[.]com. However, upon registering at the phishing site and clicking to fund my account, I was presented with the exact same Bitcoin address that Mitch said he paid.
Data Breach Today
MARCH 7, 2021
Zscaler Says it Prevented Over 2,500 Phishing Attacks A Microsoft-themed phishing campaign is using phony Google reCAPTCHA in an attempt to steal credentials from senior employees of various organizations, a new report by security firm Zcaler says.
Data Breach Today
JULY 28, 2021
Intrusion Affects Patients, Employees and Students UC San Diego Health says a phishing incident led to unauthorized access to an undisclosed amount of information on patients, employees and students for at least four months
Data Breach Today
JULY 14, 2021
Proofpoint Describes Campaign That Uses Conference as a Lure The Iranian advanced persistent threat group TA453 has been conducting a series of spear-phishing attacks in an attempt to steal sensitive information from scholars who study the Middle East, according to Proofpoint
Data Breach Today
SEPTEMBER 24, 2020
Two Men Accused of Sending Messages to Obtain Personal, Bank Information Australian police say they've broken up a sophisticated SMS phishing scheme designed to collect personal details and bank login credentials.
Data Breach Today
JANUARY 29, 2021
Researchers: 'LogoKit' Found on 700 Domains Researchers at the security firm RiskIQ have discovered a phishing kit they call "LogoKit" that fraudsters can use to easily change lures, logos and text in real time to help trick victims into opening up messages and clicking on malicious links
Data Breach Today
FEBRUARY 4, 2021
Researchers: Fraudsters Used Combination of Techniques Security researchers at Armorblox uncovered an unusual invoice-themed phishing campaign designed to extract victims' Microsoft Office 365 login credentials, alternate email addresses and phone numbers
|
Data Breach Today
DECEMBER 4, 2020
Researchers: 'Shadow Academy' Activity Coincided With Start of School Year A hacking group targeted 20 universities and other schools around the world earlier this year with a series of phishing campaigns designed to steal credentials, according to researchers at RiskIQ
Data Breach Today
MARCH 12, 2021
NimzaLoader Uses Nim Programming Language to Avoid Detection An ongoing spear-phishing campaign by the threat group TA800 is distributing a new malware loader based on the Nim programming language that's designed to help avoid detection, according to the cybersecurity company Proofpoint
Krebs on Security
MARCH 23, 2021
A phishing attack last week gave attackers access to email and files at the California State Controller’s Office (SCO), an agency responsible for handling more than $100 billion in public funds each year.
Data Breach Today
JULY 10, 2021
The oil and gas industry is yet again a victim of Agent Tesla malware A sophisticated campaign that uses remote access Trojans and malware-as-a-service threats for cyber espionage purposes has been targeting large international energy companies for at least a year, according to cybersecurity company Intezer.
Data Breach Today
AUGUST 27, 2021
Meanwhile, Breaches Involving Military Secrets and CCTV Footage Beset UK Government Phishing, ransomware and unauthorized access remain the leading causes of personal data breaches as well as violations of data protection rules, Britain's privacy watchdog reports.
eSecurity Planet
SEPTEMBER 3, 2021
Cybercriminals are using Salesforce’s mass email service to dupe people into handing over credit card numbers, credentials and other personal information in a novel phishing campaign that highlights the threats to corporate networks that can come from whitelisted email addresses.
Data Breach Today
NOVEMBER 18, 2020
Fraudsters Using Evasive Techniques to Bypass Secure Email Gateways Microsoft's Security Intelligence team is warning users of the Office 365 suite about an ongoing phishing campaign that appears to be harvesting victims' credentials.
Data Breach Today
AUGUST 3, 2021
Emails Contain Legitimate Links That Lead to Authentic PayPal Site In a new phishing scam that leverages the PayPal brand, attackers are using automated scripts and live chat as a way of compromising devices and bypassing secure email gateways
Data Breach Today
MARCH 23, 2020
Latest Schemes Target At-Home Employees; Some Spoof Health Agencies As the global COVID-19 pandemic worsens, security firms and law enforcement, including the FBI, are warning of increasing phishing and other the cybercriminal scams targeting a largely at-home workforce
Data Breach Today
AUGUST 10, 2020
Malwarebytes Says Campaign Designed to Steal Banking Credentials Malwarebytes reports that a newly discovered phishing campaign is spoofing a U.S. Small Business Administration loan offer in an attempt to steal banking credentials and other personal data
Data Breach Today
MAY 20, 2020
Researchers: Campaign Designed to Steal Users' Credentials, Launch Other Attacks A recent phishing campaign bypassed multifactor authentication protections within Microsoft Office 365 to steal users' credentials stored in the cloud or launch other attacks, according to the security firm Cofense
Data Breach Today
SEPTEMBER 22, 2021
Researchers Say BulletProofLink Subscription Offers Many Services Microsoft Security on Tuesday issued a detailed report on a massive phishing-as-a-service operation named BulletProofLink that offered as a subscription all the tools needed to conduct a campaign.
Data Breach Today
AUGUST 30, 2021
Ongoing Campaign Also Uses Malicious CAPTCHA Verification Page Microsoft is warning of a "widespread" phishing campaign in which fraudsters use open redirect links to lure users to malicious websites to harvest Office 365 and other credentials, according to a recent report.
Data Breach Today
JULY 22, 2020
Cofense: Fraudsters Use Trusted Web Services to Evade Security Protocols A fresh round of phishing attacks is relying on using trusted services and a well-designed social engineering scheme to trick users into enabling malware to bypass an end point's security protocols, says Aaron Higbee of the security firm Cofense.
Data Breach Today
MAY 14, 2020
Microsoft Spots Malicious Messages Spreading LokiBot Infostealer Fraudsters are honing their phishing emails tied to the COVID-19 crisis, using fake messages about business continuity plans and new payment procedures to spread the LokiBot information stealer, Microsoft researchers report
Data Breach Today
MAY 14, 2021
Microsoft: Attackers Are Spreading Remote Access Trojans A spear-phishing campaign is targeting aviation companies, using malicious documents that deliver information-stealing malware, according to alerts from Microsoft Security Intelligence
Data Breach Today
MARCH 31, 2021
Proofpoint: Attackers Tried to Harvest Microsoft Office Credentials The Iranian-linked threat group TA453, also known as Charming Kitten and Phosphorus, conducted a phishing campaign, dubbed "BadBlood," in late 2020 that targeted senior U.S.
Data Breach Today
JULY 31, 2020
Social Media Firm Says Fraudsters Executed Their Cryptocurrency Scam Within a Day The hackers who hijacked 130 high-profile Twitter accounts as part of a cryptocurrency scam earlier this month used a telephone-based spear-phishing attack to obtain employee credentials, the social media company says
Data Breach Today
NOVEMBER 30, 2020
Researchers: Employees Lured With Messages About Shift to Workplace Researchers at Abnormal Security have uncovered a credential-stealing phishing campaign that spoofs internal company memos concerning returning to the office
Data Breach Today
JANUARY 27, 2021
Trend Micro Says Campaign Designed to Steal Executives' Credentials A targeted phishing campaign is using a fake Microsoft Office 365 update to steal email credentials from business executives, and the credentials are then being offered for sale in underground forums, security firm Trend Micro reports.
Data Breach Today
MAY 22, 2020
Researchers: Emails Contain Google Links to Make Them Appear Credible Some fraudsters waging phishing campaigns are using fake websites hosted on Google's Firebase Storage service in an attempt to harvest credentials, according to Trustwave, which notes the phishing emails contain links to the service to make them look more credible.
Data Breach Today
APRIL 20, 2020
Phishing Campaigns Up Since the Onset of Pandemic TrickBot is the malware most commonly distributed in phishing emails that use the COVID-19 pandemic as a lure to entice victims to open up attached files or malicious links, according to Microsoft
Data Breach Today
OCTOBER 23, 2020
Researchers: Fraudsters Target Office 365 Users to Harvest Credentials Researchers have uncovered a fresh phishing campaign that mimics the automated messages of the popular business communication platform Microsoft Teams in an attempt to harvest users' Office 365 login credentials
Data Breach Today
APRIL 5, 2021
Patient Data Exposed in Several Email-Related Cases As healthcare sector organizations continue to fall victim to phishing incidents, the number of individuals affected by health data breaches involving compromised email accounts continues to rise
Data Breach Today
JUNE 1, 2021
Unauthorized Access and Malware Also Among Top Causes, UK Privacy Watchdog Reports Phishing, ransomware and unauthorized access continue to be the leading cyber causes of violations of data protection rules and personal data breaches, Britain's privacy watchdog reports.
Data Breach Today
DECEMBER 14, 2020
Researchers: Campaign Looks To Harvest Users' Office 365 Credentials An ongoing phishing campaign designed to harvest Office 365 credentials is using a Microsoft Outlook migration message, according to researchers at Abnormal Security.
Schneier on Security
AUGUST 13, 2021
The problem with spear phishing it that it takes time and creativity to create individualized enticing phishing emails. The real risk isn’t that AI-generated phishing emails are as good as human-generated ones, it’s that they can be generated at much greater scale.
Data Breach Today
JULY 12, 2021
Oil and Gas Industry Yet Again a Victim of Agent Tesla Malware A campaign that uses remote access Trojans and malware-as-a-service infrastructure for cyberespionage purposes has been targeting large international energy companies for at least a year, according to cybersecurity company Intezer
Data Breach Today
AUGUST 14, 2021
Researchers Found Hackers Deploying Morse Code To Help Evade Detection A year-long phishing campaign used various techniques to help evade security tools while attempting to harvest the credentials of Office 365 users, according to Microsoft researchers.
207 
Let's personalize your content