Items tagged with Phishing
The holiday season at the end of the year is a busy time for online shoppers, between taking advantage of the best Black Friday and Cyber Monday deals and ordering gifts for friends and family. Sadly, threat actors have no qualms with taking advantage of the high volume of packages in transit during this time to...
Read more...
The cybersecurity firm Cyjax has published a new report detailing an ongoing phishing campaign that has made use of over 42,000 domains going back to 2017. The campaign targets WhatsApp users with surveys promising rewards from major international brands, such as McDonald’s and Coca-Cola. Cyjax researchers have...
Read more...
Earlier this year, threat researchers at the cybersecurity company IronNet discovered a phishing-as-a-service (PhaaS) platform known as Robin Banks. While the name may be humorous, the platform itself is no laughing matter, as it serves to aid cybercriminals in stealing innocent users’ banking credentials. After...
Read more...
As Elon Musk pushes to begin charging users to keep their coveted check marks, it appears scammers are beginning to target users who already have one by their username. The new CEO of Twitter has also mentioned that the verification process is currently being "revamped."
In what Musk says is an attempt to make...
Read more...
2K, the publisher of numerous video game series, including Borderlands, Civilization, and Bioshock, has issued a notice to warn customers that an unknown actor recently gained unauthorized access to its help desk platform. The threat actor in question abused this access to distribute malware by way of the 2K Games...
Read more...
The Cyber Division of the US Federal Bureau of Investigation (FBI) has published a notice warning the healthcare industry of cyberattacks targeting healthcare payment processors. The attacks generally come in the form of phishing attacks that leverage employees’ publicly available Personally Identifiable Information...
Read more...
Cybersecurity researchers at Proofpoint have been keeping tabs on an Advanced Persistent Threat (APT) known as TA453 and recently found the threat actor employing a phishing technique that makes use of sock puppet email accounts. Sock puppets are alternate accounts or personas used in a deceptive manner by a single...
Read more...
The cybersecurity firm Group-IB published research today detailing how various threat actors are stealing Steam login credentials using browser windows. Specialists from the computer emegency response team at Group-IB (CERT-GIB) discovered over 150 phishing resources mimicking Steam in just the month of July. Steam...
Read more...
Scammers and fraudsters have been targeting YouTube creators with sophisticated email campaigns. The emails pose as legitimate notices from Google which claim to be a copyright report and possible strike against the channel. These include a Google Drive link to the purported report, which actually contains a malware...
Read more...
Threat intelligence firm Recorded Future has published a report concerning a long-term credential theft campaign targeting humanitarian, think tank, and government organizations. A hacking group known as RedAlpha is carrying out this ongoing campaign, and is known to have been active as far back as 2015. However, it...
Read more...
Cloudflare says that it was hit by the same smishing (sms phishing) attack that recently resulted in a user data breach at Twilio. However, unlike Twilio, Cloudflare managed to prevent the attack from escalating to a data breach thanks to its strong security measures. While the attackers managed to steal login...
Read more...
If we’ve learned anything from reporting on phishing attacks, it’s that no company, organization, or institution is immune from becoming the victim of one. Even the US Department of Defense recently fell victim to a $23.5 million phishing scam. If anything, larger organizations simply make for larger and more...
Read more...
Malware campaigns employ different techniques to smuggle malicious software onto computing devices without the notice of users or anti-virus systems. Threat actors who develop and distribute malware frequently rely on various forms of mimicry to take advantage of users’ trust in legitimate websites, services, and...
Read more...
While malware and phishing are two different kinds of cyberattacks, threat actors sometimes use both methods in malicious campaigns. A threat actor known as Roaming Mantis appears to be doing exactly that in a new campaign documented by researchers at the cybersecurity firm SEKOIA. Roaming Mantis has previously...
Read more...
Phishing attacks employ various methods to trick users into handing over sensitive information, such as login credentials. Over time, as users have become more suspicious and email clients, web browsers, and IT departments have implemented anti-phishing measures, scammers have had to get creative and devise more...
Read more...
Popular portrayals of hackers tend to show them as computer geniuses who use their elite technical skills to breach computer systems. However, in real life, bad actors often don’t bother to directly hack computer systems when they can access those same systems by hacking people instead. People are often willing to...
Read more...
It’s a new week, and there’s another proof of concept for a phishing technique. Last week, we covered a phishing technique for hijacking WhatsApp accounts, and the week before that we reported on a phishing campaign targeting Intuit QuickBooks users. This new proof of concept leverages an established phishing...
Read more...
WhatsApp, the messaging app owned by Meta that employs the end-to-end encryption Signal Protocol, is massively popular worldwide. The app boasts more than 2 billion users, which is over a fourth of the world's population. Unsurprisingly, given the app’s popularity, scammers and hackers often target WhatsApp and its...
Read more...
The only real certainties in life are death, taxes, and scammers trying to swindle you out of your money. In the digital age, that means phishing scams run rampant, as it's a relatively low effort and potentially high reward ruse. Some efforts are more convincing than others, perhaps such as the one that is targeting...
Read more...
We’ve recently covered a number of sophisticated phishing scam techniques, including fake animated windows designed to steal passwords and automated call bots that trick victims into giving away multi-factor authentication codes. While ransomware attacks are currently on track to surpass phishing attacks as the number...
Read more...
No place on the internet is safe from scams. Social media sites, including Facebook, are especially irresistible targets to those with nasty intentions. Many of us have become quite familiar with signs of a phishing scam, but bad actors have gotten more creative. A recent Facebook phishing scam directed victims to a...
Read more...
We’ve written before about how two-factor authentication (2FA) provides much stronger protection against attackers attempting to access user accounts than a single password. Even so, it’s still important to remain vigilant, as 2FA doesn’t make user accounts unbreachable. We recently reported on Android malware that...
Read more...
