U.K. Arrest in ‘SMS Bandits’ Phishing Service

Krebs on Security

Authorities in the United Kingdom have arrested a 20-year-old man for allegedly operating an online service for sending high-volume phishing campaigns via mobile text messages. ” SMS Bandits offered an SMS phishing (a.k.a.

Phishing Attack Uses Fake Google reCAPTCHA

Data Breach Today

Zscaler Says it Prevented Over 2,500 Phishing Attacks A Microsoft-themed phishing campaign is using phony Google reCAPTCHA in an attempt to steal credentials from senior employees of various organizations, a new report by security firm Zcaler says.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Phish Leads to Breach at Calif. State Controller

Krebs on Security

A phishing attack last week gave attackers access to email and files at the California State Controller’s Office (SCO), an agency responsible for handling more than $100 billion in public funds each year.

Police Crack SMS Phishing Operation

Data Breach Today

Two Men Accused of Sending Messages to Obtain Personal, Bank Information Australian police say they've broken up a sophisticated SMS phishing scheme designed to collect personal details and bank login credentials.

SolarWinds Attackers Return With Fresh Phishing Campaign

Data Breach Today

Microsoft: Russians Used Malicious Messages Portrayed as Coming From USAID A Russian group that was behind the massive SolarWinds supply chain attack has returned with a fresh phishing campaign, according to Microsoft.

Iranian APT Gang Phishes Middle East Experts

Data Breach Today

Proofpoint Describes Campaign That Uses Conference as a Lure The Iranian advanced persistent threat group TA453 has been conducting a series of spear-phishing attacks in an attempt to steal sensitive information from scholars who study the Middle East, according to Proofpoint

Phishing Campaign Targeted Universities Worldwide

Data Breach Today

Researchers: 'Shadow Academy' Activity Coincided With Start of School Year A hacking group targeted 20 universities and other schools around the world earlier this year with a series of phishing campaigns designed to steal credentials, according to researchers at RiskIQ

Fraudsters Alter Election Phishing Scam

Data Breach Today

Scammers Now Attempting to Steal Banking and Driver's License Information Fraudsters operating an election-themed phishing campaign have tweaked their malicious landing pages to harvest more information, including banking credentials, account data and vehicle identification information, Proofpoint reports.

COVID-19 Phishing Schemes Escalate; FBI Issues Warning

Data Breach Today

Latest Schemes Target At-Home Employees; Some Spoof Health Agencies As the global COVID-19 pandemic worsens, security firms and law enforcement, including the FBI, are warning of increasing phishing and other the cybercriminal scams targeting a largely at-home workforce

Iran-Linked Phishing Campaign Targeted Medical Researchers

Data Breach Today

Proofpoint: Attackers Tried to Harvest Microsoft Office Credentials The Iranian-linked threat group TA453, also known as Charming Kitten and Phosphorus, conducted a phishing campaign, dubbed "BadBlood," in late 2020 that targeted senior U.S.

Phishing Kit Can Change Lures and Text

Data Breach Today

Researchers: 'LogoKit' Found on 700 Domains Researchers at the security firm RiskIQ have discovered a phishing kit they call "LogoKit" that fraudsters can use to easily change lures, logos and text in real time to help trick victims into opening up messages and clicking on malicious links

Unusual Phishing Campaign Extracted Office 365 Credentials

Data Breach Today

Researchers: Fraudsters Used Combination of Techniques Security researchers at Armorblox uncovered an unusual invoice-themed phishing campaign designed to extract victims' Microsoft Office 365 login credentials, alternate email addresses and phone numbers

Year-long Phishing Campaign Targets Energy Firms

Data Breach Today

The oil and gas industry is yet again a victim of Agent Tesla malware A sophisticated campaign that uses remote access Trojans and malware-as-a-service threats for cyber espionage purposes has been targeting large international energy companies for at least a year, according to cybersecurity company Intezer.

Microsoft Warns of Office 365 Phishing Attacks

Data Breach Today

Fraudsters Using Evasive Techniques to Bypass Secure Email Gateways Microsoft's Security Intelligence team is warning users of the Office 365 suite about an ongoing phishing campaign that appears to be harvesting victims' credentials.

COVID-19 Phishing Emails Mainly Contain TrickBot: Microsoft

Data Breach Today

Phishing Campaigns Up Since the Onset of Pandemic TrickBot is the malware most commonly distributed in phishing emails that use the COVID-19 pandemic as a lure to entice victims to open up attached files or malicious links, according to Microsoft

Phishing Attack Bypassed Office 365 Multifactor Protections

Data Breach Today

Researchers: Campaign Designed to Steal Users' Credentials, Launch Other Attacks A recent phishing campaign bypassed multifactor authentication protections within Microsoft Office 365 to steal users' credentials stored in the cloud or launch other attacks, according to the security firm Cofense

Spear-Phishing Campaign Distributes Nim-Based Malware

Data Breach Today

NimzaLoader Uses Nim Programming Language to Avoid Detection An ongoing spear-phishing campaign by the threat group TA800 is distributing a new malware loader based on the Nim programming language that's designed to help avoid detection, according to the cybersecurity company Proofpoint

Healthcare Phishing Incidents Lead to Big Breaches

Data Breach Today

Patient Data Exposed in Several Email-Related Cases As healthcare sector organizations continue to fall victim to phishing incidents, the number of individuals affected by health data breaches involving compromised email accounts continues to rise

Twitter Hackers Targeted Employees With Phone Phishing

Data Breach Today

Social Media Firm Says Fraudsters Executed Their Cryptocurrency Scam Within a Day The hackers who hijacked 130 high-profile Twitter accounts as part of a cryptocurrency scam earlier this month used a telephone-based spear-phishing attack to obtain employee credentials, the social media company says

Data Breach Culprits: Phishing and Ransomware Dominate

Data Breach Today

Unauthorized Access and Malware Also Among Top Causes, UK Privacy Watchdog Reports Phishing, ransomware and unauthorized access continue to be the leading cyber causes of violations of data protection rules and personal data breaches, Britain's privacy watchdog reports.

Phishing Attacks Dodge Email Security

Data Breach Today

Cofense: Fraudsters Use Trusted Web Services to Evade Security Protocols A fresh round of phishing attacks is relying on using trusted services and a well-designed social engineering scheme to trick users into enabling malware to bypass an end point's security protocols, says Aaron Higbee of the security firm Cofense.

Phishing Campaign Mimics FedEx, DHL Express

Data Breach Today

Fake Messages About Package Delivery Designed to Steal Credentials A phishing campaign tried to steal credentials by sending emails that purported to come from DHL Express and FedEx, reports security firm Armorblox

'Return to Office' Phishing Emails Aim to Steal Credentials

Data Breach Today

Researchers: Employees Lured With Messages About Shift to Workplace Researchers at Abnormal Security have uncovered a credential-stealing phishing campaign that spoofs internal company memos concerning returning to the office

Phishing Campaign Leverages Google to Harvest Credentials

Data Breach Today

Researchers: Emails Contain Google Links to Make Them Appear Credible Some fraudsters waging phishing campaigns are using fake websites hosted on Google's Firebase Storage service in an attempt to harvest credentials, according to Trustwave, which notes the phishing emails contain links to the service to make them look more credible.

Phishing for Apples, Bobbing for Links

Krebs on Security

Anyone searching for a primer on how to spot clever phishing links need look no further than those targeting customers of Apple , whose brand by many measures remains among the most-targeted. Apple phishing

Phishing Campaign Spoofs SBA Loan Offer

Data Breach Today

Malwarebytes Says Campaign Designed to Steal Banking Credentials Malwarebytes reports that a newly discovered phishing campaign is spoofing a U.S. Small Business Administration loan offer in an attempt to steal banking credentials and other personal data

Phishing Campaign Mimics Microsoft Teams Alerts

Data Breach Today

Researchers: Fraudsters Target Office 365 Users to Harvest Credentials Researchers have uncovered a fresh phishing campaign that mimics the automated messages of the popular business communication platform Microsoft Teams in an attempt to harvest users' Office 365 login credentials

Detecting Phishing Emails

Schneier on Security

Research paper: Rick Wash, “ How Experts Detect Phishing Scam Emails “: Abstract: Phishing scam emails are emails that pretend to be something they are not in order to get the recipient of the email to undertake some action they normally would not. While technical protections against phishing reduce the number of phishing emails received, they are not perfect and phishing remains one of the largest sources of security risk in technology and communication systems.

Latest Phishing Campaign Spoofs Microsoft Teams Messages

Data Breach Today

Fraudsters Look to Harvest Office 365 Credentials From At-Home Employees A recently uncovered phishing campaign is spoofing notifications from Microsoft's Teams collaboration platform in order to harvest Office 365 credentials from employees working from home offices because of the COVID-19 pandemic, according to research from Abnormal Security.

Phishing Campaigns Tied to Coronavirus Persist

Data Breach Today

UN's World Health Organization Warns of Fraud Attempts As the coronavirus generates headlines around the world, cybercriminals are continuing to use this public health crisis to spread phishing emails and create malicious domains for a variety of fraud.

Fresh Spear-Phishing Email Spoofs Microsoft Domain

Data Breach Today

Researchers Say Fraudsters Are Likely Harvesting Office 365 Credentials An ongoing spear-phishing campaign is spoofing the official Microsoft.com domain name and targeting users of the company's Office 365 suite, according to security firm Ironscales.

Hackers abusing the Ngrok platform phishing attacks

Security Affairs

Researchers from threat intelligence Cyble have discovered threat actors abusing the Ngrok platform in a fresh phishing campaign. The experts reported multiple malware strains and phishing campaigns abusing ngrok tunnelling, including. to deliver phishing attacks.

How a Phishing Awareness Test Went Very Wrong

Data Breach Today

Employees Outraged at Phishing Test Teasing a Bonus Training employees to resist phishing emails is key to preventing compromises. created a searing backlash after its phishing exercise tempted employees with bogus bonuses in a year in which they had already endured financial hardships Tribune Publishing Co. But an exercise run by Tribune Publishing Co.

Phishing Campaign Features Fake Office 365 Update

Data Breach Today

Trend Micro Says Campaign Designed to Steal Executives' Credentials A targeted phishing campaign is using a fake Microsoft Office 365 update to steal email credentials from business executives, and the credentials are then being offered for sale in underground forums, security firm Trend Micro reports.

Fresh Twist for Pandemic-Related Phishing Campaigns

Data Breach Today

Microsoft Spots Malicious Messages Spreading LokiBot Infostealer Fraudsters are honing their phishing emails tied to the COVID-19 crisis, using fake messages about business continuity plans and new payment procedures to spread the LokiBot information stealer, Microsoft researchers report

Phishing Email Campaign Uses Updated COVID-19 Theme

Data Breach Today

Researchers: Fraudsters Offer Lure of $600 Payment for Pandemic Relief A recently uncovered phishing campaign is spoofing messages from the New York State Department of Labor, claiming to offer $600 as part of a COVID-19 relief program, according to Abnormal Security.

Apple Phone Phishing Scams Getting Better

Krebs on Security

A new phone-based phishing scam that spoofs Apple Inc. As I noted in my October 2018 piece, Voice Phishing Scams are Getting More Clever , phone phishing usually invokes an element of urgency in a bid to get people to let their guard down. A Little Sunshine Latest Warnings The Coming Storm 866-277-7794 apple phone phishing Global Cyber Risk LLC Jody Westbyis likely to fool quite a few people.

Skype Phishing Attack Targets Remote Workers’ Passwords

Threatpost

Web Security Cisco WebEx phishing attack phishing email remote workers skype skype phishing Webex zoomAttackers are sending convincing emails that ultimately steal victims' Skype credentials.

More Phishing Campaigns Tied to Coronavirus Fears

Data Breach Today

Researchers Describe a Wide Variety of Tactics As fears about the coronavirus continue to spread, cybercriminals are using the health crisis to send phishing emails using a variety of tactics to a broader range of targets

Phishing Attack Exposes Sensitive Data at California Agency

Data Breach Today