Phishing Attacks Dodge Email Security

Data Breach Today

Cofense: Fraudsters Use Trusted Web Services to Evade Security Protocols A fresh round of phishing attacks is relying on using trusted services and a well-designed social engineering scheme to trick users into enabling malware to bypass an end point's security protocols, says Aaron Higbee of the security firm Cofense.

Twitter Hackers Targeted Employees With Phone Phishing

Data Breach Today

Social Media Firm Says Fraudsters Executed Their Cryptocurrency Scam Within a Day The hackers who hijacked 130 high-profile Twitter accounts as part of a cryptocurrency scam earlier this month used a telephone-based spear-phishing attack to obtain employee credentials, the social media company says

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Phishing Attack Bypassed Office 365 Multifactor Protections

Data Breach Today

Researchers: Campaign Designed to Steal Users' Credentials, Launch Other Attacks A recent phishing campaign bypassed multifactor authentication protections within Microsoft Office 365 to steal users' credentials stored in the cloud or launch other attacks, according to the security firm Cofense

COVID-19 Phishing Emails Mainly Contain TrickBot: Microsoft

Data Breach Today

Phishing Campaigns Up Since the Onset of Pandemic TrickBot is the malware most commonly distributed in phishing emails that use the COVID-19 pandemic as a lure to entice victims to open up attached files or malicious links, according to Microsoft

COVID-19 Phishing Schemes Escalate; FBI Issues Warning

Data Breach Today

Latest Schemes Target At-Home Employees; Some Spoof Health Agencies As the global COVID-19 pandemic worsens, security firms and law enforcement, including the FBI, are warning of increasing phishing and other the cybercriminal scams targeting a largely at-home workforce

Phishing Campaign Leverages Google to Harvest Credentials

Data Breach Today

Researchers: Emails Contain Google Links to Make Them Appear Credible Some fraudsters waging phishing campaigns are using fake websites hosted on Google's Firebase Storage service in an attempt to harvest credentials, according to Trustwave, which notes the phishing emails contain links to the service to make them look more credible.

Phishing Campaign Uses Fake SharePoint Alerts

Data Breach Today

Fraudsters Leverage Automated Messages in Effort to Steal Office 365 Credentials Fraudsters are mimicking automated messages from Microsoft SharePoint for a phishing campaign that attempts to steal Office 365 credentials, according to the security firm Abnormal Security

Latest Phishing Campaign Spoofs Microsoft Teams Messages

Data Breach Today

Fraudsters Look to Harvest Office 365 Credentials From At-Home Employees A recently uncovered phishing campaign is spoofing notifications from Microsoft's Teams collaboration platform in order to harvest Office 365 credentials from employees working from home offices because of the COVID-19 pandemic, according to research from Abnormal Security.

Fresh Twist for Pandemic-Related Phishing Campaigns

Data Breach Today

Microsoft Spots Malicious Messages Spreading LokiBot Infostealer Fraudsters are honing their phishing emails tied to the COVID-19 crisis, using fake messages about business continuity plans and new payment procedures to spread the LokiBot information stealer, Microsoft researchers report

Fight Phishing with Intention

Dark Reading

Phishing exercises have become a staple, but it helps to be as clear as possible on exactly why you're doing them

Latest Phishing Campaigns Spoof Federal Reserve, SBA

Data Breach Today

Cybercriminals Pivoting to Economic Stimulus Lures Some fraudsters have pivoted from using the COVID-19 pandemic as a phishing lure to creating messages and malicious domains designed to capitalize on various U.S.

Zoom-Themed Phishing Campaign Targets Office 365 Credentials

Data Breach Today

Fraudsters Using Fake Account Alerts to Steal Microsoft Credentials A recently uncovered phishing campaign is using spoofed Zoom account alerts to steal Microsoft Office 365 credentials, according to a report from Abnormal Security.

Phishing Campaigns Tied to Coronavirus Persist

Data Breach Today

UN's World Health Organization Warns of Fraud Attempts As the coronavirus generates headlines around the world, cybercriminals are continuing to use this public health crisis to spread phishing emails and create malicious domains for a variety of fraud.

Top Ransomware Attack Vectors: RDP, Drive-By, Phishing

Data Breach Today

Phishing for Apples, Bobbing for Links

Krebs on Security

Anyone searching for a primer on how to spot clever phishing links need look no further than those targeting customers of Apple , whose brand by many measures remains among the most-targeted. Apple phishing

Attacking Phishing With SOAR

Data Breach Today

Myke Lyons of ServiceNow on Tackling Social Engineering Threats Phishing remains one of the most significant attack vectors, and security automation, orchestration and response, or SOAR, can help minimize the threat, says Myke Lyons of ServiceNow

More Phishing Campaigns Tied to Coronavirus Fears

Data Breach Today

Researchers Describe a Wide Variety of Tactics As fears about the coronavirus continue to spread, cybercriminals are using the health crisis to send phishing emails using a variety of tactics to a broader range of targets

Phishing Scheme Targets Amex Cardholders

Data Breach Today

Researchers Say Campaign Uses Email Hyperlink Splits to Evade URL Filters Researchers have uncovered a new type of phishing campaign that is targeting American Express card users.

Apple Phone Phishing Scams Getting Better

Krebs on Security

A new phone-based phishing scam that spoofs Apple Inc. As I noted in my October 2018 piece, Voice Phishing Scams are Getting More Clever , phone phishing usually invokes an element of urgency in a bid to get people to let their guard down.

Separate Phishing Attacks Target Wells Fargo, BofA Customers

Data Breach Today

Researchers: Fraudsters Using Various Methods to Steal Credentials Researchers at two security firms are tracking separate phishing campaigns that are targeting customers of Wells Fargo and Bank of America, according to reports.

Mobile Phishing Attacks Increase Sharply

Dark Reading

Organizations need to include smartphones and tablets in their phishing mitigation strategies, a new report suggests

COVID-19 Drives Spike in Mobile Phishing Attacks: Report

Data Breach Today

Researchers Say Targeted Campaigns Are Spoofing Banks' Login Sites The shift to working from home during the COVID-19 pandemic has led to an increase in mobile phishing campaigns, with attackers targeting remote workers whose devices lack adequate security protections, according to the security firm Lookout.

Fighting Against Phishing

Data Breach Today

Richard Conti of Children's Hospital of Philadelphia on Risk Mitigation Steps Because phishing attacks are so pervasive, aggressive staff educational efforts are essential, says Richard Conti of The Children's Hospital of Philadelphia, who also discusses other risk mitigation steps

Microsoft Warns of COVID-19 Phishing Emails Spreading RAT

Data Breach Today

Malicious Messages Attempt to Install NetSupport Manager Tool on Devices Microsoft is warning Windows users about an ongoing "massive" COVID-19-themed phishing campaign that is attempting to install the NetSupport Manager on devices.

Skype Phishing Attack Targets Remote Workers’ Passwords

Threatpost

Web Security Cisco WebEx phishing attack phishing email remote workers skype skype phishing Webex zoomAttackers are sending convincing emails that ultimately steal victims' Skype credentials.

Voice Phishing Scams Are Getting More Clever

Krebs on Security

Most of us have been trained to be wary of clicking on links and attachments that arrive in emails unexpected, but it’s easy to forget scam artists are constantly dreaming up innovations that put a new shine on old-fashioned telephone-based phishing scams. FULLY AUTOMATED PHONE PHISHING.

Phishing: Mitigating Risk, Minimizing Damage

Data Breach Today

In Wake of Recent Incidents, Experts Offer Insights on Critical Steps to Take As phishing attacks continue to menace healthcare and other business sectors, security experts say organizations must take critical steps to prevent falling victim and help limit the potential damage

Cybercriminals Using Zoom, WebEx as Phishing Lures: Report

Data Breach Today

Campaigns Aimed at Stealing Credentials, Distributing Malware Cybercriminals are using spoofed messages and images from Zoom and Cisco WebEx as lures in new phishing campaigns that are designed to steal credentials or distribute malware, according to the security firm Proofpoint

Spear-Phishing Campaign Uses Military-Themed Documents

Data Breach Today

Cisco Talos Researchers Find Hackers Using New Dropper Called IndigoDrop A spear-phishing campaign is using military-themed malicious Microsoft Office documents to infect devices, according to researchers at Cisco Talos.

Phishing Campaigns Target Senior Executives via Office 365

Data Breach Today

Top Victims Include Financial Services and Law Firms, Group-IB Warns A sophisticated, highly targeted phishing campaign has hit high-level executives at more than 150 businesses, stealing confidential documents and contact lists, says security firm Group-IB.

Legal Threats Make Powerful Phishing Lures

Krebs on Security

Some of the most convincing email phishing and malware attacks come disguised as nastygrams from a law firm. Also part of the phishing kit was a text document containing some 100,000 business email addresses — most of them ending in Canadian (.ca)

Half of all Phishing Sites Now Have the Padlock

Krebs on Security

Maybe you were once advised to “look for the padlock” as a means of telling legitimate e-commerce sites from phishing or malware traps. A live Paypal phishing site that uses [link] (has the green padlock). A live Facebook phish that uses SSL (has the green padlock).

Microsoft Seizes Domains Used for COVID-19 Phishing Scam

Data Breach Today

federal court has issued an injunction that gives Microsoft permission to seize control of several malicious domains being used to operate a COVID-19-themed phishing scam, according to recently unsealed court documents

FINRA Warns of Phishing Emails Targeting Members

Data Breach Today

warns that a "widespread, ongoing" phishing campaign is targeting its members

SMS Phishing + Cardless ATM = Profit

Krebs on Security

Thieves are combining SMS-based phishing attacks with new “cardless” ATMs to rapidly convert phished bank account credentials into cash. Phone-based phishing attacks are getting way more clever and are even snaring technology experts, as last month’s story shows.

Phishing Campaigns Leverage Latest COVID-19 Themes

Data Breach Today

and other nations adopting economic stimulus packages as a result of the global COVID-19 pandemic, fraudsters are now using the promise of government checks as phishing lures to spread banking Trojans, according to a pair of new security research reports

Phishing Attacks Traced to Indian Commercial Espionage Firm

Data Breach Today

Researchers at Citizen Lab Accuse Indian Firm of Criminal Hacking for Hire Surveillance researchers at Citizen Lab have tied thousands of "Dark Basin" corporate espionage phishing attacks to a small Indian cybersecurity firm called BellTroX InfoTech Services.

Phishing Campaign Tied to Amazon Prime Day

Data Breach Today

Fraudsters Use Phishing Kit Called 16Shop, McAfee Reports In the run-up to Amazon Prime Day, some of the company's customers were being targeted by a phishing kit called 16Shop, according to McAfee researchers.

What is angler phishing?

IT Governance

But all that activity has made social media a breeding ground for a new form of cyber attack known as angler phishing. What is angler phishing? Angler phishing is a specific type of phishing attack that exists on social media. Phishing email protection.

Phishing in Healthcare: Yet Another Major Incident

Data Breach Today

Phishing Continues to Be One of the Primary Breach Vectors in Healthcare' Yet another major phishing-related health data breach has been reported to federal regulators.