Police Crack SMS Phishing Operation

Data Breach Today

Two Men Accused of Sending Messages to Obtain Personal, Bank Information Australian police say they've broken up a sophisticated SMS phishing scheme designed to collect personal details and bank login credentials.

Phishing Campaign Mimics Microsoft Teams Alerts

Data Breach Today

Researchers: Fraudsters Target Office 365 Users to Harvest Credentials Researchers have uncovered a fresh phishing campaign that mimics the automated messages of the popular business communication platform Microsoft Teams in an attempt to harvest users' Office 365 login credentials

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Phishing Emails Target Coinbase Exchange Users

Data Breach Today

Messages Use an OAuth-Based Consent App to Gain Office 365 Access Fraudsters are sending phishing emails with messages about the Coinbase cryptocurrency exchange to Microsoft Office 365 users in an attempt to take over their inboxes and gain access to data, according to the security firm KnowBe4

Microsoft Teams Phishing Attack Targets Office 365 Users

Threatpost

Up to 50,000 Office 365 users are being targeted by a phishing campaign that purports to notify them of a "missed chat" from Microsoft Teams.

Phishing Attacks Dodge Email Security

Data Breach Today

Cofense: Fraudsters Use Trusted Web Services to Evade Security Protocols A fresh round of phishing attacks is relying on using trusted services and a well-designed social engineering scheme to trick users into enabling malware to bypass an end point's security protocols, says Aaron Higbee of the security firm Cofense.

Twitter Hackers Targeted Employees With Phone Phishing

Data Breach Today

Social Media Firm Says Fraudsters Executed Their Cryptocurrency Scam Within a Day The hackers who hijacked 130 high-profile Twitter accounts as part of a cryptocurrency scam earlier this month used a telephone-based spear-phishing attack to obtain employee credentials, the social media company says

Microsoft: Most-Imitated Brand for Phishing Emails

Threatpost

Mobile Security Most Recent ThreatLists Web Security amazon brand impersonation brand phishing Check Point COVID-19 email Microsoft Pandemic Phishing remote working the report third quarter

Facebook: A Top Launching Pad For Phishing Attacks

Threatpost

Amazon, Apple, Netflix, Facebook and WhatsApp are top brands leveraged by cybercriminals in phishing and fraud attacks - including a recent strike on a half-million Facebook users. phishing Kaspersky Netflix phishing attack small and medium business top phishing apps WhatsApp

How a Phishing Awareness Test Went Very Wrong

Data Breach Today

Employees Outraged at Phishing Test Teasing a Bonus Training employees to resist phishing emails is key to preventing compromises. created a searing backlash after its phishing exercise tempted employees with bogus bonuses in a year in which they had already endured financial hardships Tribune Publishing Co. But an exercise run by Tribune Publishing Co.

GDPR Compliance Used as Phishing Lure

Data Breach Today

Campaign Designed to Steal Credentials A recently uncovered phishing campaign used the European Union's General Data Protection Regulation as a lure to steal login credentials. The campaign enticed victims with subject lines indicating their email security system was not in compliance with the law, according to Area 1 Security

Phishing Campaign Pretends to be Phishing Training Reminder

Adam Levin

A phishing campaign is targeting employees with phony email reminders for cybersecurity and phishing awareness training. . The post Phishing Campaign Pretends to be Phishing Training Reminder appeared first on Adam Levin.

Fresh Wave of Phishing Emails Use Election as a Lure

Data Breach Today

Proofpoint and KnowBe4 Spot Malicious Messages Disguised as Political Announcements Security researchers are warning of a fresh wave of phishing emails with election-related lures that are designed to get users to click, opening the door to spreading the Emotet botnet or harvesting users' credentials.

COVID-19 Phishing Schemes Escalate; FBI Issues Warning

Data Breach Today

Latest Schemes Target At-Home Employees; Some Spoof Health Agencies As the global COVID-19 pandemic worsens, security firms and law enforcement, including the FBI, are warning of increasing phishing and other the cybercriminal scams targeting a largely at-home workforce

COVID-19 Phishing Emails Mainly Contain TrickBot: Microsoft

Data Breach Today

Phishing Campaigns Up Since the Onset of Pandemic TrickBot is the malware most commonly distributed in phishing emails that use the COVID-19 pandemic as a lure to entice victims to open up attached files or malicious links, according to Microsoft

Phishing Attack Bypassed Office 365 Multifactor Protections

Data Breach Today

Researchers: Campaign Designed to Steal Users' Credentials, Launch Other Attacks A recent phishing campaign bypassed multifactor authentication protections within Microsoft Office 365 to steal users' credentials stored in the cloud or launch other attacks, according to the security firm Cofense

Trickbot, Phishing, Ransomware & Elections

Dark Reading

The botnet has taken some hits lately, but that doesn't mean the threat is over. Here are some steps you can take to keep it from your door

Phishing Lures Shift from COVID-19 to Job Opportunities

Threatpost

Fortinet researchers are seeing a pivot in the spear-phishing and phishing lures used by cybercriminals, to entice potential job candidates as businesses open up.

Phishing Campaign Leverages Google to Harvest Credentials

Data Breach Today

Researchers: Emails Contain Google Links to Make Them Appear Credible Some fraudsters waging phishing campaigns are using fake websites hosted on Google's Firebase Storage service in an attempt to harvest credentials, according to Trustwave, which notes the phishing emails contain links to the service to make them look more credible

COVID-19 Phishing Scheme Spreads AgentTesla Trojan

Data Breach Today

Fake Messages Offer Surgical Masks and Other PPE A global phishing campaign that purports to offer information about surgical masks and other personal protective equipment for use during the COVID-19 pandemic is infecting victims' devices with the AgentTesla remote access Trojan, according to researchers at Area 1 Security.

Phishing Campaign Uses Fake SharePoint Alerts

Data Breach Today

Fraudsters Leverage Automated Messages in Effort to Steal Office 365 Credentials Fraudsters are mimicking automated messages from Microsoft SharePoint for a phishing campaign that attempts to steal Office 365 credentials, according to the security firm Abnormal Security

FBI: COVID-19-Themed Phishing Spreads Netwalker Ransomware

Data Breach Today

Phishing campaigns spreading the malware are using COVID-19 themes as a lure

Phishing Campaign Uses Homepage Overlay to Trick Victims

Data Breach Today

Cofense: Attacks Disguise Malicious Domains to Steal Credentials A recently uncovered phishing campaign designed to harvest credentials used companies' official webpages as an overlay to hide malicious domains, according to security firm Cofense

Latest Phishing Campaign Spoofs Microsoft Teams Messages

Data Breach Today

Fraudsters Look to Harvest Office 365 Credentials From At-Home Employees A recently uncovered phishing campaign is spoofing notifications from Microsoft's Teams collaboration platform in order to harvest Office 365 credentials from employees working from home offices because of the COVID-19 pandemic, according to research from Abnormal Security

Fresh Twist for Pandemic-Related Phishing Campaigns

Data Breach Today

Microsoft Spots Malicious Messages Spreading LokiBot Infostealer Fraudsters are honing their phishing emails tied to the COVID-19 crisis, using fake messages about business continuity plans and new payment procedures to spread the LokiBot information stealer, Microsoft researchers report

Latest Phishing Campaigns Spoof Federal Reserve, SBA

Data Breach Today

Cybercriminals Pivoting to Economic Stimulus Lures Some fraudsters have pivoted from using the COVID-19 pandemic as a phishing lure to creating messages and malicious domains designed to capitalize on various U.S. economic stimulus programs

Apple Phone Phishing Scams Getting Better

Krebs on Security

A new phone-based phishing scam that spoofs Apple Inc. As I noted in my October 2018 piece, Voice Phishing Scams are Getting More Clever , phone phishing usually invokes an element of urgency in a bid to get people to let their guard down. A Little Sunshine Latest Warnings The Coming Storm 866-277-7794 apple phone phishing Global Cyber Risk LLC Jody Westbyis likely to fool quite a few people.

Two Russians Charged in $17M Cryptocurrency Phishing Spree

Krebs on Security

authorities today announced criminal charges and financial sanctions against two Russian men accused of stealing nearly $17 million worth of virtual currencies in a series of phishing attacks throughout 2017 and 2018 that spoofed websites for some of the most popular cryptocurrency exchanges.

Instagram ‘Help Center’ Phishing Scam Pilfers Credentials

Threatpost

Researchers warn that a phishing scam is targeting Instagram users via direct messages on the app. Hacks Mobile Security Web Security credential Email credentials Instagram instagram help center Phishing scam social media

Spear Phishing - Top 3 Threats

Data Breach Today

Among the top new spear phishing threats to enterprises: Extortion. Asaf Cidon of Barracuda outlines the top three spear phishing threats and new strategies to defend against them

Attacking Phishing With SOAR

Data Breach Today

Myke Lyons of ServiceNow on Tackling Social Engineering Threats Phishing remains one of the most significant attack vectors, and security automation, orchestration and response, or SOAR, can help minimize the threat, says Myke Lyons of ServiceNow

Office 365 Phishing Attack Leverages Real-Time Active Directory Validation

Threatpost

Attackers check the victims' Office 365 credentials in real time as they are typed into the phishing landing page, by using authentication APIs.

Phishing Campaigns Tied to Coronavirus Persist

Data Breach Today

UN's World Health Organization Warns of Fraud Attempts As the coronavirus generates headlines around the world, cybercriminals are continuing to use this public health crisis to spread phishing emails and create malicious domains for a variety of fraud.

Phishing Scheme Targets Amex Cardholders

Data Breach Today

Researchers Say Campaign Uses Email Hyperlink Splits to Evade URL Filters Researchers have uncovered a new type of phishing campaign that is targeting American Express card users. In these incidents, attackers are sending a hyperlink as part of a phony account update to access the victim's credentials and other account details, according to researchers at the security firm Cofense

Phishing for Apples, Bobbing for Links

Krebs on Security

Anyone searching for a primer on how to spot clever phishing links need look no further than those targeting customers of Apple , whose brand by many measures remains among the most-targeted. Past stories here have examined how scammers working with organized gangs try to phish iCloud credentials from Apple customers who have a mobile device that is lost or stolen. Apple phishing

North Korean Hackers Wage Job-Themed Spear-Phishing Attacks

Data Breach Today

ClearSky: Operation 'DreamJob' Lures Defense Workers With Fake Job Opportunities Hackers with suspected ties to North Korea's government are conducting a cyber espionage campaign that's circulating "job opportunity" spear-phishing emails targeting employees of defense contractors, according to the security firm ClearSky.

Voice Phishing Scams Are Getting More Clever

Krebs on Security

Most of us have been trained to be wary of clicking on links and attachments that arrive in emails unexpected, but it’s easy to forget scam artists are constantly dreaming up innovations that put a new shine on old-fashioned telephone-based phishing scams. Fraudsters can use a variety of open-source and free tools to fake or “spoof” the number displayed as the caller ID, lending legitimacy to phone phishing schemes. FULLY AUTOMATED PHONE PHISHING.

More Phishing Campaigns Tied to Coronavirus Fears

Data Breach Today

Researchers Describe a Wide Variety of Tactics As fears about the coronavirus continue to spread, cybercriminals are using the health crisis to send phishing emails using a variety of tactics to a broader range of targets

Fighting Against Phishing

Data Breach Today

Richard Conti of Children's Hospital of Philadelphia on Risk Mitigation Steps Because phishing attacks are so pervasive, aggressive staff educational efforts are essential, says Richard Conti of The Children's Hospital of Philadelphia, who also discusses other risk mitigation steps

Microsoft Office 365 Phishing Attack Uses Multiple CAPTCHAs

Threatpost

Cybercriminals set up three different CAPTCHAs that Office 365 targets must click through before the final phishing page.

Top Ransomware Attack Vectors: RDP, Drive-By, Phishing

Data Breach Today

Configure Defenses to Block Attackers, Security Experts Advise Ransomware-wielding attackers are typically breaking into victims' networks using remote desktop protocol access, phishing emails or malware that's sometimes used in drive-by attacks against browsers, experts warn, advising organizations to make sure they have the right defenses in place