Data Breach Today

AUGUST 18, 2023

Targets Include Small and Medium Businesses and Government Agencies Threat actors are on a phishing spree targeting users of Zimbra Collaboration email suite, in particular small and medium businesses and government agencies.

Phishing 234

Phishing Government Security IT 234

Krebs on Security

AUGUST 17, 2023

You’ve probably never heard of “ 16Shop ,” but there’s a good chance someone using it has tried to phish you. A 16Shop phishing page spoofing Apple and targeting Japanese users. Image: Akamai.com. The INTERPOL statement says the platform sold hacking tools to compromise more than 70,000 users in 43 countries.

Phishing 185

Phishing Passwords Insurance Sales 185

Data Breach Today

OCTOBER 8, 2022

Phishing Incident Caused Service Disruptions and Delays Australian fruit and vegetable supplier Costa Group says it was subjected to a malicious and sophisticated phishing attack in August that resulted in unauthorized access to its servers.

Phishing 264

Phishing Access Security IT 264

Data Breach Today

MARCH 7, 2021

Zscaler Says it Prevented Over 2,500 Phishing Attacks A Microsoft-themed phishing campaign is using phony Google reCAPTCHA in an attempt to steal credentials from senior employees of various organizations, a new report by security firm Zcaler says.

Phishing 332

Phishing Security IT 332

KnowBe4

FEBRUARY 8, 2024

Organizations are finally dialing in on where they need to focus their cybersecurity strategies, starting with phishing. But the top four cited security risks all have one element in common.

Phishing 100

Phishing Risk Security Cybersecurity 100

Krebs on Security

MAY 26, 2023

The number of phishing websites tied to domain name registrar Freenom dropped precipitously in the months surrounding a recent lawsuit from social networking giant Meta , which alleged the free domain name provider has a long history of ignoring abuse complaints about phishing websites while monetizing traffic to those abusive domains.

Phishing 243

Phishing Mining IT 243

Data Breach Today

NOVEMBER 23, 2022

But strong authentication can thwart even the most clever phishing campaigns, says Brett Winterford, regional chief security officer for APJ at Okta. Successful account takeovers are one of the most common ways that organizations end up with attackers in their systems.

Authentication 262

Authentication Phishing Security 262

Security Affairs

APRIL 18, 2024

An international law enforcement operation led to the disruption of the prominent phishing-as-a-service platform LabHost. An international law enforcement operation, codenamed Nebulae and coordinated by Europol, led to the disruption of LabHost, which is one of the world’s largest phishing-as-a-service platforms.

Phishing 84

Phishing Passwords Authentication IT 84

Data Breach Today

AUGUST 12, 2022

Scam Uses 'Secure Message' Theme and Trojan to Harvest Credentials A "secure message-themed" phishing campaign targeting healthcare providers aims to lure recipients to an Evernote notepad website in an attempt by hackers to harvest security credentials, federal authorities warn, saying the scheme puts entities at risk for potential data security compromises. (..)

Phishing 289

Phishing Risk Security 289

Data Breach Today

AUGUST 19, 2022

AWS Domains Used to Send Phishing Emails and Steal Credentials Threat actors are using Amazon Web Services solutions to create phishing pages that bypass security scanners and scam victims into handing over credentials.

Phishing 245

Phishing Security 245

Krebs on Security

NOVEMBER 4, 2021

Here’s a look at a fairly elaborate SMS-based phishing scam that spoofs FedEx in a bid to extract personal and financial information from unwary recipients. One of dozens of FedEx-themed phishing sites currently being advertised via SMS spam. ” Attempting to visit the domain in the phishing link — o001cfedeex[.]com

Phishing 298

Phishing Insurance Passwords Privacy 298

Krebs on Security

AUGUST 4, 2023

One frustrating aspect of email phishing is the frequency with which scammers fall back on tried-and-true methods that really have no business working these days. The file included in this phishing scam uses what’s known as a “right-to-left override” or RLO character.

Phishing 199

Phishing Computer and Electronics Marketing IT 199

Krebs on Security

FEBRUARY 1, 2021

Authorities in the United Kingdom have arrested a 20-year-old man for allegedly operating an online service for sending high-volume phishing campaigns via mobile text messages. ” SMS Bandits offered an SMS phishing (a.k.a. Image: osint.fans. “But on the telecom front they were using fairly sophisticated tactics.”

Phishing 311

Phishing Passwords Marketing IT 311

Krebs on Security

NOVEMBER 10, 2021

“The person on the phone said they were from the fraud department and they needed to help her secure her account but needed information from her to make sure they were talking to the account owner and not the scammer.” “What was different about this was it was all very smooth. Rather, he put them on hold.

Phishing 352

Phishing Security IT 352

Krebs on Security

AUGUST 9, 2021

In late 2019, BriansClub changed its homepage to include doctored images of my Social Security and passport cards, credit report and mobile phone bill information. The payment message displayed by the carding site phishing domain BriansClub[.]com. Shortly after it came online as a phishing site last year, BriansClub[.]com

Phishing 348

Phishing Blockchain IT Marketing 348

Krebs on Security

AUGUST 18, 2022

” A copy of the phishing message included in the PayPal.com invoice. While the phishing message attached to the invoice is somewhat awkwardly worded, there are many convincing aspects of this hybrid scam. Details of this scam were shared Wednesday with PayPal’s anti-abuse (phish@paypal.com) and media relations teams.

Phishing 311

Phishing Access IT 311

Data Breach Today

JANUARY 29, 2021

Researchers: 'LogoKit' Found on 700 Domains Researchers at the security firm RiskIQ have discovered a phishing kit they call "LogoKit" that fraudsters can use to easily change lures, logos and text in real time to help trick victims into opening up messages and clicking on malicious links.

Phishing 359

Phishing Security 359

Data Breach Today

JUNE 10, 2022

How a Threat Actor Stole Credentials, Evaded Security Teams and Made Money Via Ads A phishing campaign used stolen credentials to log into Facebook user accounts and send links leading to phishing pages to the victims' friends to harvest their credentials.

Phishing 263

Phishing Security 263

Data Breach Today

JANUARY 6, 2021

Messages Contain Malware, Attempt to Steal Banking Credentials The Australian Cyber Security Center is warning that fraudsters have recently started sending phishing emails that spoof the agency and contain malware designed to steal banking credentials.

Phishing 179

Phishing Security 179

Krebs on Security

SEPTEMBER 1, 2023

Domain names ending in “ US ” — the top-level domain for the United States — are among the most prevalent in phishing scams, new research shows. government, which is frequently the target of phishing domains ending in.US. US phishing domains.US This is noteworthy because.US is overseen by the U.S.

Phishing 217

Phishing Government Compliance Communications 217

Data Breach Today

AUGUST 30, 2021

Researchers Find Fraudsters Pose as HR Execs to Harvest Credentials A recently uncovered phishing campaign used fake COVID-19 vaccination forms - and took advantage of confusion over whether employees will return to their offices this fall - to harvest workers' email credentials, according to analysts with security firm INKY.

Phishing 336

Phishing Security 336

Krebs on Security

MARCH 23, 2021

A phishing attack last week gave attackers access to email and files at the California State Controller’s Office (SCO), an agency responsible for handling more than $100 billion in public funds each year. And spear-phishing others that frequently interact with the SCO via email could land the bad guys even more access to state systems.

Phishing 268

Phishing Data breaches Access Passwords 268

Data Breach Today

NOVEMBER 18, 2020

Fraudsters Using Evasive Techniques to Bypass Secure Email Gateways Microsoft's Security Intelligence team is warning users of the Office 365 suite about an ongoing phishing campaign that appears to be harvesting victims' credentials. The emails use several techniques to bypass and evade secure email gateways.

Phishing 325

Phishing Security 325

Data Breach Today

AUGUST 16, 2021

Researchers Found Hackers Deploying Morse Code to Help Evade Detection A yearlong phishing campaign used various techniques to help evade security tools while attempting to harvest the credentials of Office 365 users, according to Microsoft researchers. In some cases, the attackers even used Morse code to help avoid detection.

Phishing 298

Phishing Security 298

Data Breach Today

NOVEMBER 30, 2020

Researchers: Employees Lured With Messages About Shift to Workplace Researchers at Abnormal Security have uncovered a credential-stealing phishing campaign that spoofs internal company memos concerning returning to the office.

Phishing 360

Phishing Security 360

Data Breach Today

MAY 19, 2022

Review of 2021 Ransomware Attacks Also Finds Average Ransom Demand Was $247,000 Attackers who successfully infect targets with ransomware primarily first gain access by exploiting poorly secured remote desktop protocol or VPN connections or by using malware-laden phishing emails, reports security firm Group-IB, based on more than 700 attacks it investigated (..)

Phishing 245

Phishing Ransomware Access Security 245

KnowBe4

FEBRUARY 21, 2024

Researchers at VIPRE Security observed a 276% increase in malware delivered by phishing between Q1 and Q4 of 2023.

Phishing 113

Phishing Security 113

KnowBe4

MARCH 26, 2024

A Phishing-as-a-Service (PhaaS) platform called “Tycoon 2FA” has surged in popularity over the past several months, according to researchers at Sekoia. The phishing kit is notable for its focus on bypassing victims’ multi-factor authentication measures.

Phishing 116

Phishing Authentication IT Security 116

Security Affairs

JANUARY 22, 2024

Adaptive phishing campaigns are emerging as an increasingly sophisticated threat in the cybersecurity landscape. The phenomenon This phenomenon represents an evolution of traditional phishing tactics, as attackers seek to overcome defenses using more personalized and targeted approaches.

Phishing 98

Phishing Education Cybersecurity Data breaches 98

KnowBe4

JANUARY 30, 2024

Phishing attacks are increasingly using open redirects to evade detection by security filters, according to researchers at Trustwave.

Phishing 112

Phishing Security 112

KnowBe4

NOVEMBER 8, 2023

A phishing campaign is exploiting a large number of.top domains, according to researchers from WhoisXML API. In an article for CircleID, the researchers analyzed a phishing operation first uncovered by security researcher Dancho Danchev.

Phishing 102

Phishing Security 102

KnowBe4

OCTOBER 17, 2023

Phishing tests are the catalyst to achieve a sustainable security culture within your organization. They are actually the start of a virtuous cycle that helps you move up to the highest maturity level.

Phishing 93

Phishing Security 93

KnowBe4

DECEMBER 1, 2023

There is no doubt that more pervasive deepfake and AI technologies will make for more realistic, sophisticated, phishing attacks, and add to an already huge problem.

Security awareness 100

Security awareness Phishing Security 100

KnowBe4

OCTOBER 20, 2022

A phishing campaign is impersonating the US Social Security Administration (SSA) in an attempt to steal Social Security numbers, according to researchers at INKY.

Phishing 118

Phishing Security 118

KnowBe4

APRIL 15, 2024

The FBI has issued an alert warning of a widespread SMS phishing (smishing) campaign targeting people in several US states with phony notices of unpaid tolls, BleepingComputer reports.

Phishing 108

Phishing Security 108

Jamf

MAY 16, 2023

Following the release of the Jamf Security 360: Annual Threat Trends Report 2023 where we highlight security threat trends, we utilize threat intelligence gathered by Jamf to inform security professionals which threats from the previous year most critically affected the enterprise.

Phishing 98

Phishing Security Information Security IT 98

KnowBe4

MARCH 14, 2024

A majority of organizations have a false sense of security regarding their resistance to phishing attacks, according to a new report from researchers at IRONSCALES and Osterman Research.

Phishing 96

Phishing Security 96