The State of Phishing and Email Security

Data Breach Today

Cofense's Tonia Dudley on What's Not Working, Threat Predictions "Credential phishing is off the charts," says Tonia Dudley of Cofense.

Initial Access Broker Phishing

KnowBe4

Cisco has disclosed a security incident that occurred as a result of sophisticated voice phishing attacks that targeted employees, according to researchers at Cisco Talos. Phishing

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scammers Piggyback on AWS to Phish Victims

Data Breach Today

AWS Domains Used to Send Phishing Emails and Steal Credentials Threat actors are using Amazon Web Services solutions to create phishing pages that bypass security scanners and scam victims into handing over credentials.

Phishing Attacks Dodge Email Security

Data Breach Today

Cofense: Fraudsters Use Trusted Web Services to Evade Security Protocols A fresh round of phishing attacks is relying on using trusted services and a well-designed social engineering scheme to trick users into enabling malware to bypass an end point's security protocols, says Aaron Higbee of the security firm Cofense.

U.K. Arrest in ‘SMS Bandits’ Phishing Service

Krebs on Security

Authorities in the United Kingdom have arrested a 20-year-old man for allegedly operating an online service for sending high-volume phishing campaigns via mobile text messages. ” SMS Bandits offered an SMS phishing (a.k.a.

SMS About Bank Fraud as a Pretext for Voice Phishing

Krebs on Security

“The person on the phone said they were from the fraud department and they needed to help her secure her account but needed information from her to make sure they were talking to the account owner and not the scammer.”

Large-scale AiTM phishing campaign targeted +10,000 orgs since 2021?

Security Affairs

A large-scale phishing campaign used adversary-in-the-middle (AiTM) phishing sites to hit more than 10,000 organizations. Microsoft experts believe that the AiTM phishing campaign was used to target more than 10,000 organizations since September 2021.

Man-in-the-Middle Phishing Attack

Schneier on Security

Here’s a phishing campaign that uses a man-in-the-middle attack to defeat multi-factor authentication: Microsoft observed a campaign that inserted an attacker-controlled proxy site between the account users and the work server they attempted to log into.

Feds Warn Healthcare Entities of 'Evernote' Phishing Scheme

Data Breach Today

Phishing Kit Imitates PayPal

KnowBe4

Researchers at Akamai have discovered a PayPal phishing kit that attempts to steal victims’ identities as well as their financial information. The phishing page looks identical to Paypal’s login page, and asks users to solve a captcha before entering their username and password.

Phishing Sites Targeting Scammers and Thieves

Krebs on Security

In late 2019, BriansClub changed its homepage to include doctored images of my Social Security and passport cards, credit report and mobile phone bill information. The payment message displayed by the carding site phishing domain BriansClub[.]com.

Phish Leads to Breach at Calif. State Controller

Krebs on Security

A phishing attack last week gave attackers access to email and files at the California State Controller’s Office (SCO), an agency responsible for handling more than $100 billion in public funds each year.

Experts spotted a phishing campaign impersonating security firm Proofpoint

Security Affairs

The phishing messages use mortgage payments as a lure, they have the subject “Re: Payoff Request.”. “The email claimed to contain a secure file sent via Proofpoint as a link.” The phishing message was sent from a legitimate individual’s compromised email account.

A new phishing scam targets American Express cardholders

Security Affairs

Cybersecurity firm Armorblox discovered a new phishing campaign aimed at American Express customers. Armorblox researchers uncovered a new phishing campaign that is targeting American Express customers.

The Makings of a Million-Dollar Facebook Phishing Campaign

Data Breach Today

How a Threat Actor Stole Credentials, Evaded Security Teams and Made Money Via Ads A phishing campaign used stolen credentials to log into Facebook user accounts and send links leading to phishing pages to the victims' friends to harvest their credentials.

AiTM phishing campaign also targets G Suite users

Security Affairs

The threat actors behind a large-scale adversary-in-the-middle (AiTM) phishing campaign now target Google G Suite users. Microsoft experts believe that the AiTM phishing campaign was used to target more than 10,000 organizations since September 2021.

Phishing Attack Uses Fake Google reCAPTCHA

Data Breach Today

Zscaler Says it Prevented Over 2,500 Phishing Attacks A Microsoft-themed phishing campaign is using phony Google reCAPTCHA in an attempt to steal credentials from senior employees of various organizations, a new report by security firm Zcaler says.

Phishing Attacks Leveraging Legitimate SaaS Platforms Soars 1100%

KnowBe4

As threat actors look for ways to evade detection by security solutions, the use of cloud applications has seen a material jump in the last 12 months, according to new data. Phishing

TodayZoo phishing kit borrows the code from other kits

Security Affairs

Microsoft uncovered an extensive series of credential phishing campaigns that employed a custom phishing kit tracked as TodayZoo. Microsoft researchers uncovered a custom phishing kit, dubbed TodayZoo, that was used in an extensive series of credential phishing campaigns.

Phishing Kit Can Change Lures and Text

Data Breach Today

Researchers: 'LogoKit' Found on 700 Domains Researchers at the security firm RiskIQ have discovered a phishing kit they call "LogoKit" that fraudsters can use to easily change lures, logos and text in real time to help trick victims into opening up messages and clicking on malicious links

Experts warn of the first known phishing attack against PyPI

Security Affairs

The Python Package Index (PyPI) warns of an ongoing phishing campaign to steal developer credentials and distribute malicious updates. “Today we received reports of a phishing campaign targeting PyPI users. This is the first known phishing attack against PyPI.”

Phishing Attack Used Spoofed COVID-19 Vaccination Forms

Data Breach Today

Researchers Find Fraudsters Pose as HR Execs to Harvest Credentials A recently uncovered phishing campaign used fake COVID-19 vaccination forms - and took advantage of confusion over whether employees will return to their offices this fall - to harvest workers' email credentials, according to analysts with security firm INKY.

Cybercriminals Use Azure Front Door in Phishing Attacks

Security Affairs

Experts identified a spike in phishing content delivered via Azure Front Door (AFD), a cloud CDN service provided by Microsoft. USA) has identified a spike in phishing content delivered via Azure Front Door (AFD), a cloud CDN service provided by Microsoft.

‘Tis the Season for the Wayward Package Phish

Krebs on Security

Here’s a look at a fairly elaborate SMS-based phishing scam that spoofs FedEx in a bid to extract personal and financial information from unwary recipients. One of dozens of FedEx-themed phishing sites currently being advertised via SMS spam.

Microsoft Details Yearlong Office 365 Phishing Campaign

Data Breach Today

Researchers Found Hackers Deploying Morse Code to Help Evade Detection A yearlong phishing campaign used various techniques to help evade security tools while attempting to harvest the credentials of Office 365 users, according to Microsoft researchers.

[Live Demo] Ridiculously Easy Security Awareness Training and Phishing

KnowBe4

Phishing Security Awareness Training KnowBe4Old-school awareness training does not hack it anymore. Your email filters have an average 7-10% failure rate; you need a strong human firewall as your last line of defense.

Phishing Emails Spoof Australia's Cyber Security Center

Data Breach Today

Messages Contain Malware, Attempt to Steal Banking Credentials The Australian Cyber Security Center is warning that fraudsters have recently started sending phishing emails that spoof the agency and contain malware designed to steal banking credentials

New Phishing Campaign is Targeting TrustWallet With Impersonation Emails

KnowBe4

Vade Secure warns that a phishing campaign is targeting TrustWallet cryptocurrency wallet users with phony verification emails. Phishing

Unusual Phishing Campaign Extracted Office 365 Credentials

Data Breach Today

Researchers: Fraudsters Used Combination of Techniques Security researchers at Armorblox uncovered an unusual invoice-themed phishing campaign designed to extract victims' Microsoft Office 365 login credentials, alternate email addresses and phone numbers

The Number of Phishing Attack Cases in Japan Hit an All-Time High

KnowBe4

The number of reported cases of phishing to Japan’s Council of Anti-Phishing reached over 100,000 in July, just as a notice of scams impersonating Japan’s National Tax Agency is released. Phishing Security Awareness Training

Phishing Campaign Impersonates Shipping Giant Maersk

KnowBe4

Researchers at Vade Secure warn of a large phishing campaign that's impersonating shipping giant Maersk to target thousands of users in New Zealand. Phishing

COVID-19 Phishing Schemes Escalate; FBI Issues Warning

Data Breach Today

Latest Schemes Target At-Home Employees; Some Spoof Health Agencies As the global COVID-19 pandemic worsens, security firms and law enforcement, including the FBI, are warning of increasing phishing and other the cybercriminal scams targeting a largely at-home workforce

Microsoft Warns of Office 365 Phishing Attacks

Data Breach Today

Fraudsters Using Evasive Techniques to Bypass Secure Email Gateways Microsoft's Security Intelligence team is warning users of the Office 365 suite about an ongoing phishing campaign that appears to be harvesting victims' credentials.

Phishing Attack Bypassed Office 365 Multifactor Protections

Data Breach Today

Researchers: Campaign Designed to Steal Users' Credentials, Launch Other Attacks A recent phishing campaign bypassed multifactor authentication protections within Microsoft Office 365 to steal users' credentials stored in the cloud or launch other attacks, according to the security firm Cofense

Complete Guide to Phishing Attacks: What Are the Different Types and Defenses?

eSecurity Planet

As web security improves, email security has become a bigger problem than ever. The overwhelming majority of malware attacks now come from email — as high as 89 percent , according to HP Wolf Security research. What is Phishing? Spear Phishing. Clone Phishing.

[MSP News] Manage Your Multiple KnowBe4 Accounts Faster with Managed Training and Phishing Rolled Into One

KnowBe4

You wanted the ability to manage both phishing and training campaigns across multiple KnowBe4 accounts, and we listened! Phishing Security Awareness Training KnowBe4

Phishing for Apples, Bobbing for Links

Krebs on Security

Anyone searching for a primer on how to spot clever phishing links need look no further than those targeting customers of Apple , whose brand by many measures remains among the most-targeted. Apple phishing

LogoKit update – The phishing kit leveraging Open Redirect Vulnerabilities

Security Affairs

LogoKit – Threat actors leveraging Open Redirect Vulnerabilities popular in online services and apps to bypass spam filters in phishing campaigns. LogoKit relies on sending users phishing links that contain their email addresses.

Ransomware Attack Vectors: RDP and Phishing Still Dominate

Data Breach Today

Watch out for Omicron COVID-19-themed phishing messages!

Security Affairs

Threat actors have started to exploit the interest in the Omicron COVID-19 variant and are using it as a lure in phishing campaigns. Crooks have already started exploiting the interest in the Omicron COVID-19 variant and are using it as a lure in phishing attacks.