Items tagged with Phishing
A recent report of a highly sophisticated phishing attack exploiting Google services targeting a lead developer at Ethereum Foundation, Nick Johnson, proves that internet users need to take more precautions to protect themselves from social engineering tactics like phishing.
The attack's sophistication lies in...
Read more...
For tech-savvy users (and everyone, really), it goes without saying that you should never click on links in emails willy-nilly. In light of a recent account hijacking campaign, however, YouTube has taken to X/Twitter with a warning to "be cautious" of phishing tomfoolery as it investigates bogus emails making the...
Read more...
As threat actors get increasingly clever with thwarting security systems, staying informed about their tactics is important. A new report has surfaced that alerts iPhone users that cybercriminals have devised a technique to steal personal information by tricking them into turning off Apple's built-in iMessage phishing...
Read more...
Many people believe MacBooks are impervious to malware. While strong security measures such as Xprotect, Gatekeeper, and Sandboxing are in place on macOS, they do not offer foolproof protection. Case in point: Cyber security tech giant Check Point has issued an urgent security warning to millions of Mac users...
Read more...
Security researchers at Any.Run have found a new zero-day attack currently being used by threat actors to evade detection tools used by security professionals. This new technique “evades antivirus software, prevents uploads to sandboxes, and bypasses Outlook's spam filters, allowing the malicious emails to reach your...
Read more...
Apple, like many other big tech companies, goes to great lengths to protect your personal data from internet ne'er-do-wells. However, even the most powerful security features are useless in the face of determined human ignorance. There's a new Apple ID phishing scam going around, and if you think you're too smart to...
Read more...
Google announced it is making it easier for high-risk users to enroll in its Advanced Protection Program via a new single passkey option. Google implemented support for passkeys in early 2023, while later making passkeys the default method to sign into Google accounts.
Security is always on the minds of those who...
Read more...
Security firm Symantec has posted a bulletin about a smishing (SMS phishing) campaign currently targeting Apple users in the United States. The end of goal for these threat actors is to take over a user’s Apple ID, which provides them access to an individual’s personal information, financial information, and...
Read more...
Scammers are actively phishing for victims through a tried-and-true Paypal invoice scheme, in hopes of tricking people into thinking they've been charged for an Apple product. I know this because I received a fake invoice purporting to originate from an Apple Store, with the scammer claiming I made a $1,299 purchase...
Read more...
This week, researchers have reported that earlier this year, threat actors leveraged a vulnerability in Windows to deploy DarkGate malware after phishing the victim for initial access. The vulnerability tracked as CVE-2024-21412 led to users running fake Microsoft software installer (.MSI) packages that looked like...
Read more...
In 2021 the Framework laptop hit the market, revolutionizing the standard laptop model from being a one-and-done sort of deal to an upgradable and modular experience. Since then, the brand has expanded quite a bit. With several releases and reiterations, like the recent AMD Ryzen upgrade across the 13” and 16” models...
Read more...
Phishing emails traditionally come from threat actors looking to make a quick buck or steal some data for nefarious purposes. Things get confusing, however, when phishing-style emails come directly from an organization like Amazon. That is exactly what happened over the weekend, leaving many customers baffled...
Read more...
Gmail users around the world have been getting pop-up notifications in the past few days prompting them to up their security with Enhanced Safe Browsing. This feature, which is enabled across all Google products with a simple toggle, enables real-time security scanning and will help protect you against phishing and...
Read more...
Hackers recently managed to infiltrate Reddit and gain access to internal documents, source code, and internal business systems, an admin for the site disclosed. According to Reddit, the cyberattack was the result of a "sophisticated phishing campaign" against the site's employees. In a post detailing the security...
Read more...
We often report on phishing campaigns involving fraudulent customer support agents who trick victims into giving up sensitive information or installing malware on their systems. However, sometimes threat actors flip this script, instead posing as customers in need of help in order to prey on customer support agents...
Read more...
TA444 is an advanced persistent threat (APT) group believed to be associated with the North Korean government. However, rather than receiving financial backing from its government, the group seems to bring in revenue for the government. Unlike most state-backed APTs, such as China’s Aoqin Dragon or Iran’s Charming...
Read more...
Over the past week, Gmail users have been reporting abuse of the Google Ads platform. However, rather than conducting ad fraud or placing ads that distribute malware, the actors behind this recent activity are leveraging the Google Ads invitation system to direct traffic to various to risky websites. These sites are...
Read more...
Gemini, the cryptocurrency exchange founded by the Winklevoss twins, published a blog post this week warning about phishing campaigns targeting its customers. These phishing campaigns are likely related to a previously undisclosed data breach that exposed the email addresses of the exchange’s 5.7 million customers...
Read more...
Joint research conducted by cybersecurity firms Checkmarx and Illustria has revealed a massive phishing campaign that flooded open source repositories with over 144,000 packages. Unlike many other campaigns that involve the distribution of software packages, this newly discovered campaign didn’t attempt to distribute...
Read more...
The cuteness of kittens is widely recognized and appreciated on the internet, but there’s nothing cute about the Iranian Advanced Persistent Threat (APT) known as “Charming Kitten.” Also known as TA453 or APT42, this threat group has been conducting cyber espionage at the behest of the Iranian regime since at least...
Read more...
In most cases, it's pretty easy to recognize a phishing scam. Telltale signs include typos, bad grammar, unsolicited attachments, and spoofed email addresses and hyperlinks, to name just a few. So imagine my surprise when I received an email that exhibited none of those traits, at least not initially, in an attempt to...
Read more...
The holiday season at the end of the year is a busy time for online shoppers, between taking advantage of the best Black Friday and Cyber Monday deals and ordering gifts for friends and family. Sadly, threat actors have no qualms with taking advantage of the high volume of packages in transit during this time to...
Read more...
