SMS About Bank Fraud as a Pretext for Voice Phishing

Krebs on Security

” The remarkable aspect of these phone-based phishing scams is typically the attackers never even try to log in to the victim’s bank account. A Little Sunshine Latest Warnings Kris Stevens smishing voice phishing

U.K. Arrest in ‘SMS Bandits’ Phishing Service

Krebs on Security

Authorities in the United Kingdom have arrested a 20-year-old man for allegedly operating an online service for sending high-volume phishing campaigns via mobile text messages. ” SMS Bandits offered an SMS phishing (a.k.a.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Fraudsters Alter Election Phishing Scam

Data Breach Today

Scammers Now Attempting to Steal Banking and Driver's License Information Fraudsters operating an election-themed phishing campaign have tweaked their malicious landing pages to harvest more information, including banking credentials, account data and vehicle identification information, Proofpoint reports.

SolarWinds Attackers Return With Fresh Phishing Campaign

Data Breach Today

Microsoft: Russians Used Malicious Messages Portrayed as Coming From USAID A Russian group that was behind the massive SolarWinds supply chain attack has returned with a fresh phishing campaign, according to Microsoft.

Phishing Sites Targeting Scammers and Thieves

Krebs on Security

The payment message displayed by the carding site phishing domain BriansClub[.]com. However, upon registering at the phishing site and clicking to fund my account, I was presented with the exact same Bitcoin address that Mitch said he paid.

Phishing Attack Used Spoofed COVID-19 Vaccination Forms

Data Breach Today

Researchers Find Fraudsters Pose as HR Execs to Harvest Credentials A recently uncovered phishing campaign used fake COVID-19 vaccination forms - and took advantage of confusion over whether employees will return to their offices this fall - to harvest workers' email credentials, according to analysts with security firm INKY.

Phishing Attack Uses Fake Google reCAPTCHA

Data Breach Today

Zscaler Says it Prevented Over 2,500 Phishing Attacks A Microsoft-themed phishing campaign is using phony Google reCAPTCHA in an attempt to steal credentials from senior employees of various organizations, a new report by security firm Zcaler says.

Phishing Kit Can Change Lures and Text

Data Breach Today

Researchers: 'LogoKit' Found on 700 Domains Researchers at the security firm RiskIQ have discovered a phishing kit they call "LogoKit" that fraudsters can use to easily change lures, logos and text in real time to help trick victims into opening up messages and clicking on malicious links

UC San Diego: Phishing Leads to Account Access for Months

Data Breach Today

Intrusion Affects Patients, Employees and Students UC San Diego Health says a phishing incident led to unauthorized access to an undisclosed amount of information on patients, employees and students for at least four months

Access 280

Healthcare System Phishing Breach Affects 209,000

Data Breach Today

Academic Medical Center Says Access to Email Accounts Lasted Months Massachusetts-based UMass Memorial Health is the latest large healthcare network to report an email phishing incident that potentially compromised hundreds of thousands of individuals' protected health information.

Iranian APT Gang Phishes Middle East Experts

Data Breach Today

Proofpoint Describes Campaign That Uses Conference as a Lure The Iranian advanced persistent threat group TA453 has been conducting a series of spear-phishing attacks in an attempt to steal sensitive information from scholars who study the Middle East, according to Proofpoint

TodayZoo phishing kit borrows the code from other kits

Security Affairs

Microsoft uncovered an extensive series of credential phishing campaigns that employed a custom phishing kit tracked as TodayZoo. Microsoft researchers uncovered a custom phishing kit, dubbed TodayZoo, that was used in an extensive series of credential phishing campaigns.

Unusual Phishing Campaign Extracted Office 365 Credentials

Data Breach Today

Researchers: Fraudsters Used Combination of Techniques Security researchers at Armorblox uncovered an unusual invoice-themed phishing campaign designed to extract victims' Microsoft Office 365 login credentials, alternate email addresses and phone numbers

Police Crack SMS Phishing Operation

Data Breach Today

Two Men Accused of Sending Messages to Obtain Personal, Bank Information Australian police say they've broken up a sophisticated SMS phishing scheme designed to collect personal details and bank login credentials.

Phish Leads to Breach at Calif. State Controller

Krebs on Security

A phishing attack last week gave attackers access to email and files at the California State Controller’s Office (SCO), an agency responsible for handling more than $100 billion in public funds each year.

‘Tis the Season for the Wayward Package Phish

Krebs on Security

Here’s a look at a fairly elaborate SMS-based phishing scam that spoofs FedEx in a bid to extract personal and financial information from unwary recipients. One of dozens of FedEx-themed phishing sites currently being advertised via SMS spam.

Phishing Campaign Targeted Universities Worldwide

Data Breach Today

Researchers: 'Shadow Academy' Activity Coincided With Start of School Year A hacking group targeted 20 universities and other schools around the world earlier this year with a series of phishing campaigns designed to steal credentials, according to researchers at RiskIQ

Real Big Phish: Mobile Phishing & Managing User Fallibility

Threatpost

Phishing is more successful than ever. Daniel Spicer, CSO of Ivanti, discusses emerging trends in phishing, and using zero-trust security to patch the human vulnerabilities underpinning the spike.

Spear-Phishing Campaign Distributes Nim-Based Malware

Data Breach Today

NimzaLoader Uses Nim Programming Language to Avoid Detection An ongoing spear-phishing campaign by the threat group TA800 is distributing a new malware loader based on the Nim programming language that's designed to help avoid detection, according to the cybersecurity company Proofpoint

COVID-19 Phishing Schemes Escalate; FBI Issues Warning

Data Breach Today

Latest Schemes Target At-Home Employees; Some Spoof Health Agencies As the global COVID-19 pandemic worsens, security firms and law enforcement, including the FBI, are warning of increasing phishing and other the cybercriminal scams targeting a largely at-home workforce

Microsoft Warns of Office 365 Phishing Attacks

Data Breach Today

Fraudsters Using Evasive Techniques to Bypass Secure Email Gateways Microsoft's Security Intelligence team is warning users of the Office 365 suite about an ongoing phishing campaign that appears to be harvesting victims' credentials.

Phishing Attack Bypassed Office 365 Multifactor Protections

Data Breach Today

Researchers: Campaign Designed to Steal Users' Credentials, Launch Other Attacks A recent phishing campaign bypassed multifactor authentication protections within Microsoft Office 365 to steal users' credentials stored in the cloud or launch other attacks, according to the security firm Cofense

Watch out for Omicron COVID-19-themed phishing messages!

Security Affairs

Threat actors have started to exploit the interest in the Omicron COVID-19 variant and are using it as a lure in phishing campaigns. Crooks have already started exploiting the interest in the Omicron COVID-19 variant and are using it as a lure in phishing attacks.

Year-long Phishing Campaign Targets Energy Firms

Data Breach Today

The oil and gas industry is yet again a victim of Agent Tesla malware A sophisticated campaign that uses remote access Trojans and malware-as-a-service threats for cyber espionage purposes has been targeting large international energy companies for at least a year, according to cybersecurity company Intezer.

Fresh Twist for Pandemic-Related Phishing Campaigns

Data Breach Today

Microsoft Spots Malicious Messages Spreading LokiBot Infostealer Fraudsters are honing their phishing emails tied to the COVID-19 crisis, using fake messages about business continuity plans and new payment procedures to spread the LokiBot information stealer, Microsoft researchers report

Data Breach Culprits: Phishing and Ransomware Dominate

Data Breach Today

Meanwhile, Breaches Involving Military Secrets and CCTV Footage Beset UK Government Phishing, ransomware and unauthorized access remain the leading causes of personal data breaches as well as violations of data protection rules, Britain's privacy watchdog reports.

Phishing Campaign Spoofs SBA Loan Offer

Data Breach Today

Malwarebytes Says Campaign Designed to Steal Banking Credentials Malwarebytes reports that a newly discovered phishing campaign is spoofing a U.S. Small Business Administration loan offer in an attempt to steal banking credentials and other personal data

Phishing Campaign Uses Live Chat, Leverages PayPal Brand

Data Breach Today

Emails Contain Legitimate Links That Lead to Authentic PayPal Site In a new phishing scam that leverages the PayPal brand, attackers are using automated scripts and live chat as a way of compromising devices and bypassing secure email gateways

Spear-Phishing Campaign Targets Aviation Sector

Data Breach Today

Microsoft: Attackers Are Spreading Remote Access Trojans A spear-phishing campaign is targeting aviation companies, using malicious documents that deliver information-stealing malware, according to alerts from Microsoft Security Intelligence

Phishing Attacks Dodge Email Security

Data Breach Today

Cofense: Fraudsters Use Trusted Web Services to Evade Security Protocols A fresh round of phishing attacks is relying on using trusted services and a well-designed social engineering scheme to trick users into enabling malware to bypass an end point's security protocols, says Aaron Higbee of the security firm Cofense.

Iran-Linked Phishing Campaign Targeted Medical Researchers

Data Breach Today

Proofpoint: Attackers Tried to Harvest Microsoft Office Credentials The Iranian-linked threat group TA453, also known as Charming Kitten and Phosphorus, conducted a phishing campaign, dubbed "BadBlood," in late 2020 that targeted senior U.S.

Healthcare Phishing Incidents Lead to Big Breaches

Data Breach Today

Patient Data Exposed in Several Email-Related Cases As healthcare sector organizations continue to fall victim to phishing incidents, the number of individuals affected by health data breaches involving compromised email accounts continues to rise

COVID-19 Phishing Emails Mainly Contain TrickBot: Microsoft

Data Breach Today

Phishing Campaigns Up Since the Onset of Pandemic TrickBot is the malware most commonly distributed in phishing emails that use the COVID-19 pandemic as a lure to entice victims to open up attached files or malicious links, according to Microsoft

Twitter Hackers Targeted Employees With Phone Phishing

Data Breach Today

Social Media Firm Says Fraudsters Executed Their Cryptocurrency Scam Within a Day The hackers who hijacked 130 high-profile Twitter accounts as part of a cryptocurrency scam earlier this month used a telephone-based spear-phishing attack to obtain employee credentials, the social media company says

'Return to Office' Phishing Emails Aim to Steal Credentials

Data Breach Today

Researchers: Employees Lured With Messages About Shift to Workplace Researchers at Abnormal Security have uncovered a credential-stealing phishing campaign that spoofs internal company memos concerning returning to the office

Data Breach Culprits: Phishing and Ransomware Dominate

Data Breach Today

Unauthorized Access and Malware Also Among Top Causes, UK Privacy Watchdog Reports Phishing, ransomware and unauthorized access continue to be the leading cyber causes of violations of data protection rules and personal data breaches, Britain's privacy watchdog reports.

Phishing Campaign Leverages Google to Harvest Credentials

Data Breach Today

Researchers: Emails Contain Google Links to Make Them Appear Credible Some fraudsters waging phishing campaigns are using fake websites hosted on Google's Firebase Storage service in an attempt to harvest credentials, according to Trustwave, which notes the phishing emails contain links to the service to make them look more credible.

Microsoft Analyzes Phishing-as-a-Service Operation

Data Breach Today

Researchers Say BulletProofLink Subscription Offers Many Services Microsoft Security on Tuesday issued a detailed report on a massive phishing-as-a-service operation named BulletProofLink that offered as a subscription all the tools needed to conduct a campaign.

Phishing Campaign Features Fake Office 365 Update

Data Breach Today

Trend Micro Says Campaign Designed to Steal Executives' Credentials A targeted phishing campaign is using a fake Microsoft Office 365 update to steal email credentials from business executives, and the credentials are then being offered for sale in underground forums, security firm Trend Micro reports.

Phishing for Apples, Bobbing for Links

Krebs on Security

Anyone searching for a primer on how to spot clever phishing links need look no further than those targeting customers of Apple , whose brand by many measures remains among the most-targeted. Apple phishing