Police Dismantle Dutch Phishing Gang

Data Breach Today

Belgian and Dutch Police Arrest 9 Suspects Over Theft of 'Millions of Euros' Belgian and Dutch police with the support of Europol dismantled an organized crime gang involved in carrying out phishing, money laundering and other scams.

Amazon Prime Day Phishing

KnowBe4

Check Point Research (CPR) observed a 37% increase in Amazon-themed phishing attacks during the first week of July, ahead of Amazon Prime day this week. Another email tells users that their payment method needs to be confirmed, and contains a link to a phishing site. Phishing

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Spear Phishing a Diplomat

KnowBe4

Researchers at Fortinet observed a spear phishing attack that targeted a Jordanian diplomat late last month. Phishing Spear PhishingThe researchers attribute this attack to the Iranian state-sponsored threat actor APT34 (also known as OilRig or Helix Kitten).

MetaMask Crypto Wallet Phishing

KnowBe4

A phishing campaign attempting to steal credentials for MetaMask cryptocurrency wallets, according to Lauryn Cash at Armorblox. Phishing

Spear Phishing Campaign Targets Facebook Business Accounts

KnowBe4

Researchers at WithSecure have discovered a spear phishing campaign targeting employees who have access to Facebook Business accounts. Social Engineering Phishing Spear Phishing

Phishing-as-a-Service Platform Offers Cut-Rate Prices

Data Breach Today

Customers of 'Robin Banks' Platform Have Netted $500,000 Fifty bucks gets cybercriminals access to a phishing-as-a-service platform for campaigns impersonating major brands in the United States and other English-speaking countries.

Microsoft Says Phishing Campaign Skirted MFA to Access Email

Data Breach Today

Attackers Targeted More Than 10,000 Organizations Since Last September Attackers used a phishing campaign to direct unwitting Microsoft business email customers into supplying logon credentials to a proxy server.

Access 273

Twilio Customer Data Breached via SMS Phishing of Employees

Data Breach Today

QuickBooks Phishing Scam is Back

KnowBe4

Scammers are continuing to abuse the QuickBooks tax accounting software to send phishing scams, according to Roger Kay at INKY. Phishing

Facebook Phishing Scam Steals Millions of Credentials

KnowBe4

Researchers at PIXM have uncovered a major Facebook Messenger phishing scam that’s “potentially impacted hundreds of millions of Facebook users.” More than eight million people have visited just one of these phishing pages so far this year. Phishing

SMS About Bank Fraud as a Pretext for Voice Phishing

Krebs on Security

” The remarkable aspect of these phone-based phishing scams is typically the attackers never even try to log in to the victim’s bank account. A Little Sunshine Latest Warnings Kris Stevens smishing voice phishing

U.K. Arrest in ‘SMS Bandits’ Phishing Service

Krebs on Security

Authorities in the United Kingdom have arrested a 20-year-old man for allegedly operating an online service for sending high-volume phishing campaigns via mobile text messages. ” SMS Bandits offered an SMS phishing (a.k.a.

Spear Phishing Campaign Targets the US Military

KnowBe4

Researchers at Zscaler warn that a spear phishing campaign is targeting the US military and other sectors with phishing emails that purport to be voicemail notifications. The emails contain links to a phishing page designed to harvest Microsoft Office 365 credentials.

The State of Phishing and Email Security

Data Breach Today

Cofense's Tonia Dudley on What's Not Working, Threat Predictions "Credential phishing is off the charts," says Tonia Dudley of Cofense.

Open Redirects Exploited for Phishing

KnowBe4

PhishingAttackers are exploiting open redirects to distribute links to credential-harvesting sites, according to Roger Kay at INKY. The attackers are exploiting vulnerable American Express and Snapchat domains to launch the attacks.

Homographic Domain Name Phishing Tactics

KnowBe4

Bitdefender warns that Microsoft Office applications are vulnerable to phishing tactics that exploit international domain names (IDNs). Social Engineering Phishing

$8M of Crypto Stolen by Phishing From Uniswap Liquidity Pool

Data Breach Today

No Exploit Found on Protocol or Smart Contract, Crypto Exchange Says Thieves behind a phishing campaign targeting investors into a cryptocurrency exchange got away with at least $8 million.

Phishing Campaign Targets QuickBooks Users

KnowBe4

Accounting software provider Intuit has warned of a phishing scam targeting its customers, BleepingComputer reports. The phishing campaign affected users of Intuit’s QuickBooks product, informing them that their account has been put on hold. Social Engineering Phishing

Large-scale AiTM phishing campaign targeted +10,000 orgs since 2021?

Security Affairs

A large-scale phishing campaign used adversary-in-the-middle (AiTM) phishing sites to hit more than 10,000 organizations. Microsoft experts believe that the AiTM phishing campaign was used to target more than 10,000 organizations since September 2021.

Fraudsters Alter Election Phishing Scam

Data Breach Today

Scammers Now Attempting to Steal Banking and Driver's License Information Fraudsters operating an election-themed phishing campaign have tweaked their malicious landing pages to harvest more information, including banking credentials, account data and vehicle identification information, Proofpoint reports.

Ukrainian Cops Arrest Phishing Gang That Stole $3.4 Million

Data Breach Today

Hundreds of Phishing Sites Used to Steal Money Under Guise of EU Payments Ukrainian authorities arrested nine individuals for the theft of about $3.4 million from 5,000 Ukrainians via more than 400 phishing links.

The Makings of a Million-Dollar Facebook Phishing Campaign

Data Breach Today

How a Threat Actor Stole Credentials, Evaded Security Teams and Made Money Via Ads A phishing campaign used stolen credentials to log into Facebook user accounts and send links leading to phishing pages to the victims' friends to harvest their credentials.

Chameleons Phish, Too

KnowBe4

PhishingOne of the challenges cyber criminals face is that their scams often have a relatively short shelf-life. Once they’ve been used, the gaff is quickly blown, and the scammers hope to realize their gains before most of the potential marks are wise to the scam.

SolarWinds Attackers Return With Fresh Phishing Campaign

Data Breach Today

Microsoft: Russians Used Malicious Messages Portrayed as Coming From USAID A Russian group that was behind the massive SolarWinds supply chain attack has returned with a fresh phishing campaign, according to Microsoft.

Phishing Campaign Impersonates the UAE

KnowBe4

Researchers at CloudSEK have observed a financially motivated phishing campaign that’s impersonating the United Arab Emirates (UAE) Ministry of Human Resources. Phishing

More_eggs Malware Distributed Via Spear Phishing

KnowBe4

Threat actors are sending out the stealthy “more_eggs” malware in spear phishing emails that target hiring managers, according to researchers at eSentire’s Threat Response Unit (TRU). Social Engineering Phishing Spear Phishing

New Phishing Campaign is Targeting TrustWallet With Impersonation Emails

KnowBe4

Vade Secure warns that a phishing campaign is targeting TrustWallet cryptocurrency wallet users with phony verification emails. Phishing

Phishing Sites Targeting Scammers and Thieves

Krebs on Security

The payment message displayed by the carding site phishing domain BriansClub[.]com. However, upon registering at the phishing site and clicking to fund my account, I was presented with the exact same Bitcoin address that Mitch said he paid.

Phishing Attack Uses Fake Google reCAPTCHA

Data Breach Today

Zscaler Says it Prevented Over 2,500 Phishing Attacks A Microsoft-themed phishing campaign is using phony Google reCAPTCHA in an attempt to steal credentials from senior employees of various organizations, a new report by security firm Zcaler says.

New Phishing Attacks Shame, Scare Victims into Surrendering Twitter, Discord Credentials

KnowBe4

A new wave of social media phishing attacks are now using scare tactics to lure victims into sending their logins. Social Engineering Phishing

Phish Leads to Breach at Calif. State Controller

Krebs on Security

A phishing attack last week gave attackers access to email and files at the California State Controller’s Office (SCO), an agency responsible for handling more than $100 billion in public funds each year.

Phishing Kit Can Change Lures and Text

Data Breach Today

Researchers: 'LogoKit' Found on 700 Domains Researchers at the security firm RiskIQ have discovered a phishing kit they call "LogoKit" that fraudsters can use to easily change lures, logos and text in real time to help trick victims into opening up messages and clicking on malicious links

Police Crack SMS Phishing Operation

Data Breach Today

Two Men Accused of Sending Messages to Obtain Personal, Bank Information Australian police say they've broken up a sophisticated SMS phishing scheme designed to collect personal details and bank login credentials.

Complete Guide to Phishing Attacks: What Are the Different Types and Defenses?

eSecurity Planet

Approximately 83 percent of organizations said they faced a successful phishing attempt in 2021, up from 57 percent in 2020. This guide breaks down the different types of phishing attacks and provides examples to help organizations better prepare their staff to deal with them.

New Phishing Campaign Impersonates Canada Revenue Agency

KnowBe4

A phishing campaign is impersonating the Canada Revenue Agency (CRA) in an attempt to steal Canadians’ personal information, according to Rene Holt at ESET. The phishing emails inform users that they’ve received a tax refund of just under CAD$500. Phishing

Phishing Attack Used Spoofed COVID-19 Vaccination Forms

Data Breach Today

Researchers Find Fraudsters Pose as HR Execs to Harvest Credentials A recently uncovered phishing campaign used fake COVID-19 vaccination forms - and took advantage of confusion over whether employees will return to their offices this fall - to harvest workers' email credentials, according to analysts with security firm INKY.

Microsoft Details Yearlong Office 365 Phishing Campaign

Data Breach Today

Researchers Found Hackers Deploying Morse Code to Help Evade Detection A yearlong phishing campaign used various techniques to help evade security tools while attempting to harvest the credentials of Office 365 users, according to Microsoft researchers.

Phishing Campaign Impersonates Shipping Giant Maersk

KnowBe4

Researchers at Vade Secure warn of a large phishing campaign that's impersonating shipping giant Maersk to target thousands of users in New Zealand. Phishing

Phishing-Based Data Breaches Take 295 Days to Contain and Breach Costs Soar to $4.91 Million

KnowBe4

Fresh data on data breach costs from IBM show phishing , business email compromise, and stolen credentials take the longest to identify and contain. Social Engineering Phishing Data Breach

Unusual Phishing Campaign Extracted Office 365 Credentials

Data Breach Today

Researchers: Fraudsters Used Combination of Techniques Security researchers at Armorblox uncovered an unusual invoice-themed phishing campaign designed to extract victims' Microsoft Office 365 login credentials, alternate email addresses and phone numbers