SMS About Bank Fraud as a Pretext for Voice Phishing

Krebs on Security

“The person on the phone said they were from the fraud department and they needed to help her secure her account but needed information from her to make sure they were talking to the account owner and not the scammer.”

Phishing Attacks Dodge Email Security

Data Breach Today

Cofense: Fraudsters Use Trusted Web Services to Evade Security Protocols A fresh round of phishing attacks is relying on using trusted services and a well-designed social engineering scheme to trick users into enabling malware to bypass an end point's security protocols, says Aaron Higbee of the security firm Cofense.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

U.K. Arrest in ‘SMS Bandits’ Phishing Service

Krebs on Security

Authorities in the United Kingdom have arrested a 20-year-old man for allegedly operating an online service for sending high-volume phishing campaigns via mobile text messages. ” SMS Bandits offered an SMS phishing (a.k.a.

Experts spotted a phishing campaign impersonating security firm Proofpoint

Security Affairs

The phishing messages use mortgage payments as a lure, they have the subject “Re: Payoff Request.”. “The email claimed to contain a secure file sent via Proofpoint as a link.” The phishing message was sent from a legitimate individual’s compromised email account.

Watch out for Omicron COVID-19-themed phishing messages!

Security Affairs

Threat actors have started to exploit the interest in the Omicron COVID-19 variant and are using it as a lure in phishing campaigns. Crooks have already started exploiting the interest in the Omicron COVID-19 variant and are using it as a lure in phishing attacks.

Phishing Attack Used Spoofed COVID-19 Vaccination Forms

Data Breach Today

Researchers Find Fraudsters Pose as HR Execs to Harvest Credentials A recently uncovered phishing campaign used fake COVID-19 vaccination forms - and took advantage of confusion over whether employees will return to their offices this fall - to harvest workers' email credentials, according to analysts with security firm INKY.

Phishing Sites Targeting Scammers and Thieves

Krebs on Security

In late 2019, BriansClub changed its homepage to include doctored images of my Social Security and passport cards, credit report and mobile phone bill information. The payment message displayed by the carding site phishing domain BriansClub[.]com.

Phishing Attack Uses Fake Google reCAPTCHA

Data Breach Today

Zscaler Says it Prevented Over 2,500 Phishing Attacks A Microsoft-themed phishing campaign is using phony Google reCAPTCHA in an attempt to steal credentials from senior employees of various organizations, a new report by security firm Zcaler says.

Phishing Kit Can Change Lures and Text

Data Breach Today

Researchers: 'LogoKit' Found on 700 Domains Researchers at the security firm RiskIQ have discovered a phishing kit they call "LogoKit" that fraudsters can use to easily change lures, logos and text in real time to help trick victims into opening up messages and clicking on malicious links

TodayZoo phishing kit borrows the code from other kits

Security Affairs

Microsoft uncovered an extensive series of credential phishing campaigns that employed a custom phishing kit tracked as TodayZoo. Microsoft researchers uncovered a custom phishing kit, dubbed TodayZoo, that was used in an extensive series of credential phishing campaigns.

‘Tis the Season for the Wayward Package Phish

Krebs on Security

Here’s a look at a fairly elaborate SMS-based phishing scam that spoofs FedEx in a bid to extract personal and financial information from unwary recipients. One of dozens of FedEx-themed phishing sites currently being advertised via SMS spam.

Unusual Phishing Campaign Extracted Office 365 Credentials

Data Breach Today

Researchers: Fraudsters Used Combination of Techniques Security researchers at Armorblox uncovered an unusual invoice-themed phishing campaign designed to extract victims' Microsoft Office 365 login credentials, alternate email addresses and phone numbers

Phishing Emails Spoof Australia's Cyber Security Center

Data Breach Today

Messages Contain Malware, Attempt to Steal Banking Credentials The Australian Cyber Security Center is warning that fraudsters have recently started sending phishing emails that spoof the agency and contain malware designed to steal banking credentials

Microsoft Warns of Office 365 Phishing Attacks

Data Breach Today

Fraudsters Using Evasive Techniques to Bypass Secure Email Gateways Microsoft's Security Intelligence team is warning users of the Office 365 suite about an ongoing phishing campaign that appears to be harvesting victims' credentials.

COVID-19 Phishing Schemes Escalate; FBI Issues Warning

Data Breach Today

Latest Schemes Target At-Home Employees; Some Spoof Health Agencies As the global COVID-19 pandemic worsens, security firms and law enforcement, including the FBI, are warning of increasing phishing and other the cybercriminal scams targeting a largely at-home workforce

Phish Leads to Breach at Calif. State Controller

Krebs on Security

A phishing attack last week gave attackers access to email and files at the California State Controller’s Office (SCO), an agency responsible for handling more than $100 billion in public funds each year.

Phishing Attack Bypassed Office 365 Multifactor Protections

Data Breach Today

Researchers: Campaign Designed to Steal Users' Credentials, Launch Other Attacks A recent phishing campaign bypassed multifactor authentication protections within Microsoft Office 365 to steal users' credentials stored in the cloud or launch other attacks, according to the security firm Cofense

Phishing Campaign Uses Live Chat, Leverages PayPal Brand

Data Breach Today

Emails Contain Legitimate Links That Lead to Authentic PayPal Site In a new phishing scam that leverages the PayPal brand, attackers are using automated scripts and live chat as a way of compromising devices and bypassing secure email gateways

Spear-Phishing Campaign Targets Aviation Sector

Data Breach Today

Microsoft: Attackers Are Spreading Remote Access Trojans A spear-phishing campaign is targeting aviation companies, using malicious documents that deliver information-stealing malware, according to alerts from Microsoft Security Intelligence

Omicron Phishing Scam Already Spotted in UK

Threatpost

Omicron COVID-19 variant anxiety inspires new phishing scam offering fake NHS tests to steal data. Web Security

Microsoft Analyzes Phishing-as-a-Service Operation

Data Breach Today

Researchers Say BulletProofLink Subscription Offers Many Services Microsoft Security on Tuesday issued a detailed report on a massive phishing-as-a-service operation named BulletProofLink that offered as a subscription all the tools needed to conduct a campaign.

'Return to Office' Phishing Emails Aim to Steal Credentials

Data Breach Today

Researchers: Employees Lured With Messages About Shift to Workplace Researchers at Abnormal Security have uncovered a credential-stealing phishing campaign that spoofs internal company memos concerning returning to the office

Fraudsters Use Free Google Services in Phishing Campaigns

Data Breach Today

Approach Helps Hackers Circumvent Security Tools Fraudsters are increasingly using free Google services to create more realistic phishing emails and malicious domains that circumvent security filters, the security firm Armorblox reports

Salesforce Email Service Used for Phishing Campaign

eSecurity Planet

Cybercriminals are using Salesforce’s mass email service to dupe people into handing over credit card numbers, credentials and other personal information in a novel phishing campaign that highlights the threats to corporate networks that can come from whitelisted email addresses.

Phishing Emails With COVID-19 Theme Delivered Zebrocy Malware

Data Breach Today

Researchers: Backdoor Tied to Russia-Linked Group Russia-linked hackers used phishing emails with COVID-19 themes as a way to infect devices with a backdoor called Zebrocy, the security firm Intezer reports

Phishing Campaign Features Fake Office 365 Update

Data Breach Today

Trend Micro Says Campaign Designed to Steal Executives' Credentials A targeted phishing campaign is using a fake Microsoft Office 365 update to steal email credentials from business executives, and the credentials are then being offered for sale in underground forums, security firm Trend Micro reports.

GDPR Compliance Used as Phishing Lure

Data Breach Today

Campaign Designed to Steal Credentials A recently uncovered phishing campaign used the European Union's General Data Protection Regulation as a lure to steal login credentials. The campaign enticed victims with subject lines indicating their email security system was not in compliance with the law, according to Area 1 Security

HTML Smuggling technique used in phishing and malspam campaigns

Security Affairs

Threat actors are increasingly using the HTML smuggling technique in phishing campaigns, Microsoft researchers warn. Microsoft experts warn that threat actors are increasingly using the HTML smuggling technique in phishing campaigns to stealthily deliver threats.

Microsoft Details Year-Long Office 365 Phishing Campaign

Data Breach Today

Researchers Found Hackers Deploying Morse Code To Help Evade Detection A year-long phishing campaign used various techniques to help evade security tools while attempting to harvest the credentials of Office 365 users, according to Microsoft researchers.

Phishing Campaign Mimics FedEx, DHL Express

Data Breach Today

Fake Messages About Package Delivery Designed to Steal Credentials A phishing campaign tried to steal credentials by sending emails that purported to come from DHL Express and FedEx, reports security firm Armorblox

COVID-19 Phishing Scheme Spreads AgentTesla Trojan

Data Breach Today

Fake Messages Offer Surgical Masks and Other PPE A global phishing campaign that purports to offer information about surgical masks and other personal protective equipment for use during the COVID-19 pandemic is infecting victims' devices with the AgentTesla remote access Trojan, according to researchers at Area 1 Security.

Phishing Campaign Uses Outlook Migration Message

Data Breach Today

Researchers: Campaign Looks To Harvest Users' Office 365 Credentials An ongoing phishing campaign designed to harvest Office 365 credentials is using a Microsoft Outlook migration message, according to researchers at Abnormal Security.

Recent Spear-Phishing Attacks Originate From Legit Accounts

Data Breach Today

Researchers: Fraudsters' Domains Created to Steal Office 365 Credentials A recent spear-phishing campaign in which emails appear to originate with legitimate companies is targeting enterprise users to steal Office 365 credentials, according to Abnormal Security

Fresh Spear-Phishing Email Spoofs Microsoft Domain

Data Breach Today

Researchers Say Fraudsters Are Likely Harvesting Office 365 Credentials An ongoing spear-phishing campaign is spoofing the official Microsoft.com domain name and targeting users of the company's Office 365 suite, according to security firm Ironscales.

Latest Phishing Campaign Spoofs Microsoft Teams Messages

Data Breach Today

Fraudsters Look to Harvest Office 365 Credentials From At-Home Employees A recently uncovered phishing campaign is spoofing notifications from Microsoft's Teams collaboration platform in order to harvest Office 365 credentials from employees working from home offices because of the COVID-19 pandemic, according to research from Abnormal Security.

Phishing Campaign Pretends to be Phishing Training Reminder

Adam Levin

A phishing campaign is targeting employees with phony email reminders for cybersecurity and phishing awareness training. . The post Phishing Campaign Pretends to be Phishing Training Reminder appeared first on Adam Levin.

Apple Phone Phishing Scams Getting Better

Krebs on Security

A new phone-based phishing scam that spoofs Apple Inc. Jody Westby is the CEO of Global Cyber Risk LLC , a security consulting firm based in Washington, D.C. As I noted in my October 2018 piece, Voice Phishing Scams are Getting More Clever , phone phishing usually invokes an element of urgency in a bid to get people to let their guard down. A Little Sunshine Latest Warnings The Coming Storm 866-277-7794 apple phone phishing Global Cyber Risk LLC Jody Westby

Amazon-Themed Phishing Campaigns Swim Past Security Checks

Threatpost

Web Security amazon armorblox bloom flicka Credential Theft DMARC domain spoofing email campaign email security information stealing order notices package delivery Phishing security bypass social engineering Vishing voice phishing

Hackers abusing the Ngrok platform phishing attacks

Security Affairs

Researchers from threat intelligence Cyble have discovered threat actors abusing the Ngrok platform in a fresh phishing campaign. Experts pointed out that attacks abusing the ngrok platform are hard to detect because connections to subdomains of ngrok.com are not filtered by security measures.

Phishing Campaign Tied to Trickbot Gang

Data Breach Today

Area 1 Security: Emails Deliver Bazar Backdoor and Buer Loader Researchers at Area 1 Security say a recently uncovered phishing campaign using a message saying that the recipient has been fired from their job is attempting to plant two malware strains - Bazar and Buer - using the Trickbot botnet