Phishing Attack Bypassed Office 365 Multifactor Protections

Data Breach Today

Researchers: Campaign Designed to Steal Users' Credentials, Launch Other Attacks A recent phishing campaign bypassed multifactor authentication protections within Microsoft Office 365 to steal users' credentials stored in the cloud or launch other attacks, according to the security firm Cofense

Phishing Campaign Leverages Google to Harvest Credentials

Data Breach Today

Researchers: Emails Contain Google Links to Make Them Appear Credible Some fraudsters waging phishing campaigns are using fake websites hosted on Google's Firebase Storage service in an attempt to harvest credentials, according to Trustwave, which notes the phishing emails contain links to the service to make them look more credible.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

COVID-19 Phishing Emails Mainly Contain TrickBot: Microsoft

Data Breach Today

Phishing Campaigns Up Since the Onset of Pandemic TrickBot is the malware most commonly distributed in phishing emails that use the COVID-19 pandemic as a lure to entice victims to open up attached files or malicious links, according to Microsoft

Fresh Twist for Pandemic-Related Phishing Campaigns

Data Breach Today

Microsoft Spots Malicious Messages Spreading LokiBot Infostealer Fraudsters are honing their phishing emails tied to the COVID-19 crisis, using fake messages about business continuity plans and new payment procedures to spread the LokiBot information stealer, Microsoft researchers report

COVID-19 Phishing Schemes Escalate; FBI Issues Warning

Data Breach Today

Latest Schemes Target At-Home Employees; Some Spoof Health Agencies As the global COVID-19 pandemic worsens, security firms and law enforcement, including the FBI, are warning of increasing phishing and other the cybercriminal scams targeting a largely at-home workforce

Latest Phishing Campaign Spoofs Microsoft Teams Messages

Data Breach Today

Fraudsters Look to Harvest Office 365 Credentials From At-Home Employees A recently uncovered phishing campaign is spoofing notifications from Microsoft's Teams collaboration platform in order to harvest Office 365 credentials from employees working from home offices because of the COVID-19 pandemic, according to research from Abnormal Security.

Latest Phishing Campaigns Spoof Federal Reserve, SBA

Data Breach Today

Cybercriminals Pivoting to Economic Stimulus Lures Some fraudsters have pivoted from using the COVID-19 pandemic as a phishing lure to creating messages and malicious domains designed to capitalize on various U.S.

Microsoft Warns of COVID-19 Phishing Emails Spreading RAT

Data Breach Today

Malicious Messages Attempt to Install NetSupport Manager Tool on Devices Microsoft is warning Windows users about an ongoing "massive" COVID-19-themed phishing campaign that is attempting to install the NetSupport Manager on devices.

Phishing Campaigns Tied to Coronavirus Persist

Data Breach Today

UN's World Health Organization Warns of Fraud Attempts As the coronavirus generates headlines around the world, cybercriminals are continuing to use this public health crisis to spread phishing emails and create malicious domains for a variety of fraud.

Skype Phishing Attack Targets Remote Workers’ Passwords

Threatpost

Web Security Cisco WebEx phishing attack phishing email remote workers skype skype phishing Webex zoomAttackers are sending convincing emails that ultimately steal victims' Skype credentials.

Phishing Campaigns Target Senior Executives via Office 365

Data Breach Today

Top Victims Include Financial Services and Law Firms, Group-IB Warns A sophisticated, highly targeted phishing campaign has hit high-level executives at more than 150 businesses, stealing confidential documents and contact lists, says security firm Group-IB.

Cybercriminals Using Zoom, WebEx as Phishing Lures: Report

Data Breach Today

Campaigns Aimed at Stealing Credentials, Distributing Malware Cybercriminals are using spoofed messages and images from Zoom and Cisco WebEx as lures in new phishing campaigns that are designed to steal credentials or distribute malware, according to the security firm Proofpoint

More Phishing Campaigns Tied to Coronavirus Fears

Data Breach Today

Researchers Describe a Wide Variety of Tactics As fears about the coronavirus continue to spread, cybercriminals are using the health crisis to send phishing emails using a variety of tactics to a broader range of targets

FINRA Warns of Phishing Emails Targeting Members

Data Breach Today

warns that a "widespread, ongoing" phishing campaign is targeting its members

Phishing for Apples, Bobbing for Links

Krebs on Security

Anyone searching for a primer on how to spot clever phishing links need look no further than those targeting customers of Apple , whose brand by many measures remains among the most-targeted. Apple phishing

Phishing Scheme Targets Amex Cardholders

Data Breach Today

Researchers Say Campaign Uses Email Hyperlink Splits to Evade URL Filters Researchers have uncovered a new type of phishing campaign that is targeting American Express card users.

Attacking Phishing With SOAR

Data Breach Today

Myke Lyons of ServiceNow on Tackling Social Engineering Threats Phishing remains one of the most significant attack vectors, and security automation, orchestration and response, or SOAR, can help minimize the threat, says Myke Lyons of ServiceNow

Apple Phone Phishing Scams Getting Better

Krebs on Security

A new phone-based phishing scam that spoofs Apple Inc. As I noted in my October 2018 piece, Voice Phishing Scams are Getting More Clever , phone phishing usually invokes an element of urgency in a bid to get people to let their guard down.

How much is the phish? Underground market of phishing kits is booming – Group-IB

Security Affairs

The report focuses on phishing kits – the driving force of the phishing industry, which is hard to detect but extremely valuable in terms of fight against phishing. Last year, phishing kit creators’ favorite brands were Amazon, Google and Office 365.

Phishing Campaigns Leverage Latest COVID-19 Themes

Data Breach Today

and other nations adopting economic stimulus packages as a result of the global COVID-19 pandemic, fraudsters are now using the promise of government checks as phishing lures to spread banking Trojans, according to a pair of new security research reports

Fighting Against Phishing

Data Breach Today

Richard Conti of Children's Hospital of Philadelphia on Risk Mitigation Steps Because phishing attacks are so pervasive, aggressive staff educational efforts are essential, says Richard Conti of The Children's Hospital of Philadelphia, who also discusses other risk mitigation steps

Phishing: Mitigating Risk, Minimizing Damage

Data Breach Today

In Wake of Recent Incidents, Experts Offer Insights on Critical Steps to Take As phishing attacks continue to menace healthcare and other business sectors, security experts say organizations must take critical steps to prevent falling victim and help limit the potential damage

Voice Phishing Scams Are Getting More Clever

Krebs on Security

Most of us have been trained to be wary of clicking on links and attachments that arrive in emails unexpected, but it’s easy to forget scam artists are constantly dreaming up innovations that put a new shine on old-fashioned telephone-based phishing scams. FULLY AUTOMATED PHONE PHISHING.

Fresh COVID-19 Phishing Scams Try to Spread Malware: Report

Data Breach Today

Organizations Targeted With Ransomware, Infostealer Two recently uncovered phishing campaigns used COVID-19 themes as a lure in an attempt to spread ransomware and information stealers, according to Palo Alto Networks' Unit 42 division

Legal Threats Make Powerful Phishing Lures

Krebs on Security

Some of the most convincing email phishing and malware attacks come disguised as nastygrams from a law firm. Also part of the phishing kit was a text document containing some 100,000 business email addresses — most of them ending in Canadian (.ca)

Phishing in Healthcare: Yet Another Major Incident

Data Breach Today

Phishing Continues to Be One of the Primary Breach Vectors in Healthcare' Yet another major phishing-related health data breach has been reported to federal regulators.

Half of all Phishing Sites Now Have the Padlock

Krebs on Security

Maybe you were once advised to “look for the padlock” as a means of telling legitimate e-commerce sites from phishing or malware traps. A live Paypal phishing site that uses [link] (has the green padlock). A live Facebook phish that uses SSL (has the green padlock).

What is angler phishing?

IT Governance

But all that activity has made social media a breeding ground for a new form of cyber attack known as angler phishing. What is angler phishing? Angler phishing is a specific type of phishing attack that exists on social media. Phishing email protection.

Phishing Campaign Tied to Amazon Prime Day

Data Breach Today

Fraudsters Use Phishing Kit Called 16Shop, McAfee Reports In the run-up to Amazon Prime Day, some of the company's customers were being targeted by a phishing kit called 16Shop, according to McAfee researchers.

Supreme Court Phish Targets Office 365 Credentials

Threatpost

Cybercriminals are hunting out victims' Office 365 credentials -- by dishing out Supreme court "summons" in a phishing attack. Web Security email attack fake captcha form Microsoft Office 365 Phishing subpoena phish Supreme Court

Spear-Phishing Campaign Uses COVID-19 to Spread LokiBot

Data Breach Today

FortiGuard Labs Researchers Find WHO Images Used As Lure Again A recently uncovered spear-phishing campaign is using fears of the COVID-19 pandemic to spread an information stealer called LokiBot.

SMS Phishing + Cardless ATM = Profit

Krebs on Security

Thieves are combining SMS-based phishing attacks with new “cardless” ATMs to rapidly convert phished bank account credentials into cash. Phone-based phishing attacks are getting way more clever and are even snaring technology experts, as last month’s story shows.

Demand for Phishing Kits Is Strong: Report

Data Breach Today

Prices for Kits Soar; Ads Proliferate on Dark Net Markets Ads for phishing kits doubled last year on underground forums and dark net markets, with prices skyrocketing over 149 percent - an apparent indicator of strong demand, according to security firm Group-IB

Coronavirus ‘Financial Relief’ Phishing Attacks Spike

Threatpost

A spate of phishing attacks have promised financial relief due to the coronavirus pandemic - but in reality swiped victims' credentials, payment card data and more.

Coronavirus Fears Lead to New Wave of Phishing, Malware

Data Breach Today

European Central Bank Among Those Issuing Warnings As COVID-19 spreads, cybercriminals are sending more phishing emails that use the health emergency as a lure, according to security researchers.

Spear-Phishing Attack Spoofs EE To Target Executives

Threatpost

Researchers say spear-phishing emails purporting to be from telecom giant EE are being sent to top corporate execs. Web Security Credentials EE EE telecom payment info Phishing phishing email Spear Phishing

Spear Phishing - Top 3 Threats

Data Breach Today

Among the top new spear phishing threats to enterprises: Extortion. Asaf Cidon of Barracuda outlines the top three spear phishing threats and new strategies to defend against them

Mobile Banking Users Targeted in SMS Phishing Campaign

Data Breach Today

Researchers Say Attackers Targeted American and Canadian Banking Customers Cybercriminals targeted mobile banking users by sending malicious SMS messages to their smartphones as part of a phishing campaign to steal account holders' information, including usernames and passwords, according to the cybersecurity firm Lookout.

Bulgarian Man Sentenced for Massive Phishing Scheme

Data Breach Today

Svetoslav Donchev Helped Scam Victims Out of More Than $50 Million, Authorities Say A Bulgarian man has been sentenced to nine years in prison after pleading guilty in connection with his role in running a large-scale phishing campaign that scammed victims out of $51 million

Law Firms Race to File Phishing Breach Lawsuits

Data Breach Today

Class Action Suits Would Focus on PIH Health Breach That Affected 200,000 Several law firms are racing to be among the first to file class action lawsuits against PIH Health in the wake of the California-based regional healthcare network reporting last month that a 2019 phishing breach affected nearly 200,000 individuals. Why the rush?