Accountability, Blog, Cybersecurity and Phishing

TikTok Influencer Accounts Targeted in Major Phishing Campaign

Heimadal Security

NOVEMBER 18, 2021

Researchers have recently discovered a new phishing scam focused on stealing information and locking out over 125 high-profile TikTok accounts belonging to influencers, brand consultants, production companies, and influencers’ managers. How Did It Happen?

Phishing

Phishing Accountability Scams Cybersecurity

Watch Out! Verified Twitter Accounts Are Targeted in Phishing Attacks

Heimadal Security

MAY 4, 2022

As evidenced by multiple ongoing operations carried out by cybercriminals, phishing emails are increasingly targeting verified Twitter accounts with emails intended to collect their login information. On Twitter, a blue tick next to a user’s name indicates that the account has been verified. The post Watch Out!

Accountability

Accountability Phishing Authentication Cybersecurity

Cybercriminals Use Chipotle’s Marketing Account for Phishing Attacks

Heimadal Security

JULY 30, 2021

An email marketing account that belongs to the American chain of fast casual restaurants specializing in tacos Chipotle has been compromised by cybercriminals who used it to conduct a phishing campaign. Threat actors send out phishing emails in an attempt to convince their targets into clicking on malicious links.

Marketing

Marketing Phishing Accountability Cybersecurity

Twitter Verified Accounts Targeted as Part of a Large Phishing Attempt

Heimadal Security

DECEMBER 6, 2021

On Twitter, verified accounts are those that have a blue badge with a checkmark. These accounts often represent well-known influencers, celebrities, politicians, journalists, activists, as well as government and commercial entities. The blue verified badge on Twitter lets people know that an account of public interest is authentic.

Accountability

Accountability Phishing Authentication Government

Google Cybersecurity Action Team Threat Horizons Report #4 Is Out!

Anton on Security

OCTOBER 12, 2022

This is my completely informal, uncertified, unreviewed and otherwise completely unofficial blog inspired by my reading of our fourth Threat Horizons Report ( full version ) that we just released ( the official blog for #1 report , my unofficial blog for #2 , my unofficial blog for #3 ).

Cybersecurity

Cybersecurity Malware Accountability Authentication

GUEST ESSAY: A roadmap for the finance teams at small businesses to improve cybersecurity

The Last Watchdog

SEPTEMBER 25, 2023

If you’re a small business looking for the secret sauce to cybersecurity, the secret is out: start with a cybersecurity policy and make the commitment to security a business-wide priority. The average cost of a cybersecurity breach was $4.45 The average cost of a cybersecurity breach was $4.45 Adequate IT compliance.

Small Business

Small Business Cybersecurity Technology Accountability

Cybersecurity Awareness Month 2022: Recognizing & Reporting Phishing

NSTIC

OCTOBER 24, 2022

This blog will officially wrap up our 2022 Cybersecurity Awareness Month blog series — today we have a special interview from Marian Merritt, deputy director, lead for industry engagement for the National Initiative for Cybersecurity Education (NICE)! This week’s Cybersecurity Awareness

Phishing

Phishing Cybersecurity Education Accountability

Cybercriminals Target Senior U.S. Executives Using EvilProxy Phishing Kit

Heimadal Security

OCTOBER 25, 2023

Threat actors use EvilProxy phishing-as-a-service (PhaaS) toolkit to target senior executives in the U.S. in massive phishing campaigns. EvilProxy is an adversary-in-the-middle (AiTM) PhaaS designed to steal credentials and take over accounts. Executives Using EvilProxy Phishing Kit appeared first on Heimdal Security Blog.

Phishing

Phishing Financial Services Insurance Manufacturing

New PHP Malware Targets Business and Regular Facebook Accounts

Heimadal Security

OCTOBER 17, 2022

Cybersecurity researchers spotted a new ‘Ducktail’ phishing campaign that spreads Windows information-stealing malware written in PHP and uses it to steal Facebook accounts, browser data, and cryptocurrency wallets. Using social […].

Accountability

Accountability Malware Cryptocurrency Phishing

Arrest, Raids Tied to ‘U-Admin’ Phishing Kit

Krebs on Security

FEBRUARY 8, 2021

Cyber cops in Ukraine carried out an arrest and several raids last week in connection with the author of a U-Admin , a software package used to administer what’s being called “one of the world’s largest phishing services.” The U-Admin phishing panel interface. Image: fr3d.hk/blog. ” U-Admin, a.k.a.

Phishing

Phishing Scams Banking Mobile

New RuneScape Phishing Scam Aimed at Stealing Accounts and In-game Item Bank PINs

Heimadal Security

JUNE 2, 2022

The post New RuneScape Phishing Scam Aimed at Stealing Accounts and In-game Item Bank PINs appeared first on Heimdal Security Blog. However, in 2016, the Java-based client was mostly phased out in favor of a standalone C++ […].

Scams

Scams Banking Phishing Accountability

Framework Discloses Data Breach After Third-Party Got Phished

Heimadal Security

JANUARY 12, 2024

Framework Computer announced the discovery of a data breach that exposed the private data of an unspecified number of its clients following a phishing attack on Keating Consulting Group, the company’s accounting service provider.

Data breaches

Data breaches Phishing Accountability Cybersecurity

Millions of Users Have Been Enticed to Phishing Pages in Massive Campaign Exploiting Facebook Messenger

Heimadal Security

JUNE 9, 2022

Cybersecurity specialists discovered a massive phishing campaign that used Facebook Messenger to trick millions of individuals into entering their login details and watching advertisements on phishing pages. American AI-focused cybersecurity […].

Phishing

Phishing Advertising Accountability Cybersecurity

Cybercriminals Use Azure Front Door in Phishing Attacks

Security Affairs

JUNE 21, 2022

Experts identified a spike in phishing content delivered via Azure Front Door (AFD), a cloud CDN service provided by Microsoft. USA) has identified a spike in phishing content delivered via Azure Front Door (AFD), a cloud CDN service provided by Microsoft. 1 – Example of Phishing Page Delivered by Azure Front Door (AFD).

Phishing

Phishing Accountability Hacking Scams

Cybersecurity Awareness Month 2023 – What it is and why we should be aware

Thales Cloud Protection & Licensing

OCTOBER 2, 2023

Cybersecurity Awareness Month 2023 – What it is and why we should be aware madhav Tue, 10/03/2023 - 05:33 The inception of Cybersecurity Awareness Month in 2004 came at a critical juncture in our technological history. As we are well and truly in the digital-first age, the need for robust cybersecurity measures is glaringly evident.

Cybersecurity

Cybersecurity Cyber threats Authentication Phishing

Remcos RAT campaign targets US accounting and tax return preparation firms

Security Affairs

APRIL 16, 2023

Microsoft warns of a new Remcos RAT campaign targeting US accounting and tax return preparation firms ahead of Tax Day. Tax Day, Microsoft has observed a new Remcos RAT campaign targeting US accounting and tax return preparation firms. The phishing attacks began in February 2023, the IT giant reported. Ahead of the U.S.

Accountability

Accountability Phishing Financial Services Surveillance

Social Engineering Attacks Target Morgan Stanley Client Accounts

Heimadal Security

MARCH 25, 2022

A new wave of social engineering attacks has been targeting Morgan Stanley client accounts as Morgan Stanley’s wealth and asset management subsidiary claims. The post Social Engineering Attacks Target Morgan Stanley Client Accounts appeared first on Heimdal Security Blog. Vishing means that […].

Social Engineering

Social Engineering Engineering Accountability Phishing

Successful Phishing Attack Causes Dropbox Data Breach

Heimadal Security

NOVEMBER 2, 2022

The threat actors gained access to one of company’s GitHub accounts after obtaining employee credentials in a successful phishing […]. The post Successful Phishing Attack Causes Dropbox Data Breach appeared first on Heimdal Security Blog.

Data breaches

Data breaches Phishing Accountability Cybersecurity

Google Cybersecurity Action Team Threat Horizons Report #5 Is Out!

Anton on Security

JANUARY 3, 2023

This is my completely informal, uncertified, unreviewed and otherwise completely unofficial blog inspired by my reading of our fifth Threat Horizons Report ( full version ) that we just released ( the official blog for #1 report , my unofficial blogs for #2 , #3 and #4 ). Now, go and read the report!

Cybersecurity

Cybersecurity Backups DDOS Accountability

Cybersecurity Researchers Warn About the Dangers of `Caffeine`

Heimadal Security

OCTOBER 12, 2022

A new phishing-as-a-service platform by the name of Caffeine has just made it easier for threat actors to engage in attacks. An open registration process allows anyone to set up an account, buy a monthly subscription, and start their own phishing campaigns.

Cybersecurity

Cybersecurity Phishing Accountability

Phishing Scams Are Targeting Netflix Users

Heimadal Security

SEPTEMBER 22, 2022

Scammers send phishing emails trying to convince Netflix users that their account is somehow in jeopardy, and […]. The post Phishing Scams Are Targeting Netflix Users appeared first on Heimdal Security Blog.

Scams

Scams Phishing Social Engineering Engineering

New Attack Vector: 144k Phishing Packages Found on Open-source Repositories

Heimadal Security

DECEMBER 15, 2022

Threat actors found a new attack vector spamming open-source ecosystem with packages that contain links to phishing campaigns. 144,294 phishing-related packages have been uploaded to open-source package repositories, like NPM, PyPi, and NuGet.

Phishing

Phishing Accountability Cybersecurity

Phishing Attack Uses Facebook Posts to Evade Email Security

Heimadal Security

DECEMBER 16, 2022

Phishing scams have become more complex over time, and scammers are finding new ways to obtain information about their victims. This new phishing campaign is no different. The crook hides text in the Facebook posts to trick potential victims into giving up their account credentials and personally identifiable information.

Phishing

Phishing Scams Accountability Cybersecurity

'Caffeine' Phishing Toolkit Could Keep Microsoft 365 Users up at Night

SecureWorld News

OCTOBER 17, 2022

A low-cost Phishing-as-a-Service (PhaaS) platform that has an open registration process could allow just about anyone with email to become a cybercriminal. While phishing campaigns are nothing new, this "as-a-service" approach is a bit concerning, as it makes it easier for people with nefarious intentions to access and use the type of attack.

Phishing

Phishing Cybercrime Accountability Advertising

Passwordless sign-in with passkeys is now available for Google accounts

Security Affairs

MAY 3, 2023

Google announced the introduction of the passwordless secure sign-in with Passkeys for Google Accounts on all platforms. Google is rolling out the passwordless secure sign-in with Passkeys for Google Accounts on all platforms. In 2022, Google announced it would begin work to support passkeys on its platform to replace passwords.

Accountability

Accountability Passwords Password Management Phishing

Countries Assisting Ukraine Refugees Targeted in Phishing Cyberattacks

Heimadal Security

MARCH 3, 2022

European government personnel involved in helping Ukraine refugees with logistics support has been the target of a spear-phishing campaign, a new report underlines. The post Countries Assisting Ukraine Refugees Targeted in Phishing Cyberattacks appeared first on Heimdal Security Blog.

Phishing

Phishing Government Accountability Cybersecurity

Ukraine warns of attacks aimed at taking over Telegram accounts

Security Affairs

APRIL 6, 2022

Ukraine’s technical security and intelligence service warns of threat actors targeting aimed at gaining access to users’ Telegram accounts. State Service of Special Communication and Information Protection (SSSCIP) of Ukraine spotted a new wave of cyber attacks aimed at gaining access to users’ Telegram accounts.

Accountability

Accountability Phishing Passwords Hacking

U.S. Energy Company Targeted by QR Code Phishing Campaign

SecureWorld News

AUGUST 28, 2023

In May 2023, a phishing campaign was launched that targeted a major U.S. The emails in the campaign purported to be from Microsoft, and they claimed that the recipient needed to update their account security settings or activate two-factor authentication (2FA)/multi-factor authentication (MFA) within 72 hours.

Phishing

Phishing Scams Mobile Media

Microsoft Email Security Eluded by Instagram Credential Phishing Attacks

Heimadal Security

NOVEMBER 23, 2022

Malicious actors operated a brand impersonation phishing campaign on 22,000 students and managed to bypass the Microsoft email security system. The hackers were aiming to obtain the victim`s Instagram credentials in order to gain full access to their accounts.

Phishing

Phishing Accountability Cybersecurity

UK National Health Service Email Accounts Compromised by Hackers to Steal Microsoft Logins

Heimadal Security

MAY 5, 2022

For about six months, more than 100 National Health Service (NHS) employees in the United Kingdom had their email accounts used in various phishing attacks, some of which intended to steal Microsoft logins.

Accountability

Accountability Phishing Authentication Hacking

GUEST ESSAY: These advanced phishing tactics should put all businesses on high alert

The Last Watchdog

SEPTEMBER 28, 2022

Phishing attacks are nothing new, but scammers are getting savvier with their tactics. Other Iranian-based cyberattacks have included hackers targeting Albanian government systems and spear phishing scams. Here are four new phishing trends keeping businesses on their toes. Spear phishing. Phishing via texting.

Phishing

Phishing Scams Cybercrime Passwords

Hackers Use Gmail Accounts to Execute Baiting Attacks

Heimadal Security

NOVEMBER 12, 2021

As the frequency of bait attacks, also known as reconnaissance attacks, increases, it seems that cybercriminals who send this type of phishing email choose to run their operations using Gmail accounts. The post Hackers Use Gmail Accounts to Execute Baiting Attacks appeared first on Heimdal Security Blog.

Accountability

Accountability Phishing Cybersecurity

Intro to Phishing: How Dangerous Is Phishing in 2023?

Duo's Security Blog

APRIL 20, 2023

Through the first two months of 2023 alone, the Australian Competition and Consumer Commission’s Scamwatch reported more than 19,000 phishing reports with estimated financial losses of more than $5.2 What is phishing? This is part of what makes phishing attacks so dangerous.

Phishing

Phishing Social Engineering Authentication Engineering

Phish or Be Phished. That is the question!

Security Boulevard

SEPTEMBER 7, 2022

Phish or Be Phished. Email phishing attacks are becoming more challenging to spot. Why did the email provider’s email anti-spam and anti-phish protection layer not quarantine the message? Even with a generic greeting, you would think an AL-powered anti-phishing protection engine would have blocked the message.

Phishing

Phishing Social Engineering Identity Theft Engineering

Medical Records of 12,000 Revere Health Patients Exposed in Phishing Attack

Heimadal Security

AUGUST 25, 2021

Revere Health, the largest independent multispecialty physician group in Utah, has recently revealed that an employee was targeted by a phishing operation. On June 21st, the email account of one of the physician group’s employees […]. What Happened?

Phishing

Phishing Accountability Data breaches Cybersecurity

Cybercriminals Deliver IRS Tax Scams & Phishing Campaigns By Mimicking Government Vendors

Security Affairs

APRIL 21, 2022

Threat intelligence firm Resecurity details how crooks are delivering IRS tax scams and phishing attacks posing as government vendors. The identified phishing e-mail warned the victims about overdue payments to the IRS, which should then be paid via PayPal, the e-mail contained an HTML attachment imitating an electronic invoice.

Scams

Scams Phishing Government Passwords

Scam Alert! Unsubscribe Spam Emails Used by Spammers to Confirm Legitimate Email Accounts

Heimadal Security

MAY 31, 2021

In order to confirm authentic email addresses that can be utilized in future phishing and spam operations, fraudsters are now employing false unsubscribe spam emails. Unsubscribe Spam Emails Used by Spammers to Confirm Legitimate Email Accounts appeared first on Heimdal Security Blog. The post Scam Alert!

Scams

Scams Accountability Phishing Authentication

Russian Threat Actors Tempt YouTubers with Bogus Paid Collaborations to Hijack their Accounts

Heimadal Security

OCTOBER 21, 2021

According to Google, YouTube influencers have been targeted with password-stealing malware in a phishing campaign allegedly conducted by Russian-speaking cybercriminals. The post Russian Threat Actors Tempt YouTubers with Bogus Paid Collaborations to Hijack their Accounts appeared first on Heimdal Security Blog.

Accountability

Accountability Phishing Passwords Malware

Ongoing Nobelium Phishing Campaign Impersonates USAID, Microsoft Warns

Heimadal Security

MAY 28, 2021

According to Corporate Vice President Tom Burt, Nobelium is currently conducting a phishing campaign after the Russian-backed group managed to take control of the account used by USAID on the Constant Contact […].

Phishing

Phishing Accountability Cybersecurity

LinkedIn introduces new security features to combat fake accounts

Malwarebytes

NOVEMBER 1, 2022

LinkedIn knows it has a problem with bots and fake accounts, and has acknowledged this on more than one occasion. For years, it has been aware of spam, fake job offers, phishing, fraudulent investments, and (at times) malware, and has been trying to combat those issues. Cybersecurity risks should never spread beyond a headline.

Accountability

Accountability Cryptocurrency Education Technology

Phishing scheme shows CEOs may be ‘most valuable asset,’ and ‘greatest vulnerability’

SC Magazine

JANUARY 26, 2021

companies as a primary target of a new phishing scheme. Cybercriminals have been using a phishing kit featuring fake Office 365 password alerts as a lure to target the credentials of chief executives, business owners and other high-level corporate leaders. The company could not be certain, however, if the V4 phishing kit was involved.

Phishing

Phishing Passwords Security Awareness Social Engineering

Google Cybersecurity Action Team Threat Horizons Report #4 Is Out!

Security Boulevard

OCTOBER 12, 2022

This is my completely informal, uncertified, unreviewed and otherwise completely unofficial blog inspired by my reading of our fourth Threat Horizons Report ( full version ) that we just released ( the official blog for #1 report , my unofficial blog for #2 , my unofficial blog for #3 ). Google Cloud.

Cybersecurity

Cybersecurity Malware Accountability Authentication

Exclusive: Welcome “Frappo” – Resecurity identified a new Phishing-as-a-Service

Security Affairs

MAY 10, 2022

“Frappo” acts as a Phishing-as-a-Service and enables cybercriminals the ability to host and generate high-quality phishing pages which impersonate major online banking, e-commerce, popular retailers, and online-services to steal customer data. Detailed analysis of the Phishing-As-A-Service Frappo is available here: [link].

Phishing

Phishing Banking Retail Financial Services

Zix tricks: Phishing campaign creates false illusion that emails are safe

SC Magazine

MAY 11, 2021

Researchers last week spotted a phishing campaign that leveraged an online email authentication solution from Zix, in hopes that potential victims would be lulled into a false sense of security. The post Zix tricks: Phishing campaign creates false illusion that emails are safe appeared first on SC Media.

Phishing

Phishing Authentication Social Engineering Scams

TikTok Influencer Accounts Targeted in Major Phishing Campaign

Watch Out! Verified Twitter Accounts Are Targeted in Phishing Attacks

Trending Sources

Cybercriminals Use Chipotle’s Marketing Account for Phishing Attacks

Twitter Verified Accounts Targeted as Part of a Large Phishing Attempt

Google Cybersecurity Action Team Threat Horizons Report #4 Is Out!

GUEST ESSAY: A roadmap for the finance teams at small businesses to improve cybersecurity

Cybersecurity Awareness Month 2022: Recognizing & Reporting Phishing

Cybercriminals Target Senior U.S. Executives Using EvilProxy Phishing Kit

New PHP Malware Targets Business and Regular Facebook Accounts

Arrest, Raids Tied to ‘U-Admin’ Phishing Kit

New RuneScape Phishing Scam Aimed at Stealing Accounts and In-game Item Bank PINs

Framework Discloses Data Breach After Third-Party Got Phished

Millions of Users Have Been Enticed to Phishing Pages in Massive Campaign Exploiting Facebook Messenger

Cybercriminals Use Azure Front Door in Phishing Attacks

Cybersecurity Awareness Month 2023 – What it is and why we should be aware

Remcos RAT campaign targets US accounting and tax return preparation firms

Social Engineering Attacks Target Morgan Stanley Client Accounts

Successful Phishing Attack Causes Dropbox Data Breach

Google Cybersecurity Action Team Threat Horizons Report #5 Is Out!

Cybersecurity Researchers Warn About the Dangers of `Caffeine`

Phishing Scams Are Targeting Netflix Users

New Attack Vector: 144k Phishing Packages Found on Open-source Repositories

Phishing Attack Uses Facebook Posts to Evade Email Security

'Caffeine' Phishing Toolkit Could Keep Microsoft 365 Users up at Night

Passwordless sign-in with passkeys is now available for Google accounts

Countries Assisting Ukraine Refugees Targeted in Phishing Cyberattacks

Ukraine warns of attacks aimed at taking over Telegram accounts

U.S. Energy Company Targeted by QR Code Phishing Campaign

Microsoft Email Security Eluded by Instagram Credential Phishing Attacks

UK National Health Service Email Accounts Compromised by Hackers to Steal Microsoft Logins

GUEST ESSAY: These advanced phishing tactics should put all businesses on high alert

Hackers Use Gmail Accounts to Execute Baiting Attacks

Intro to Phishing: How Dangerous Is Phishing in 2023?

Phish or Be Phished. That is the question!

Medical Records of 12,000 Revere Health Patients Exposed in Phishing Attack

Cybercriminals Deliver IRS Tax Scams & Phishing Campaigns By Mimicking Government Vendors

Scam Alert! Unsubscribe Spam Emails Used by Spammers to Confirm Legitimate Email Accounts

Russian Threat Actors Tempt YouTubers with Bogus Paid Collaborations to Hijack their Accounts

Ongoing Nobelium Phishing Campaign Impersonates USAID, Microsoft Warns

LinkedIn introduces new security features to combat fake accounts

Phishing scheme shows CEOs may be ‘most valuable asset,’ and ‘greatest vulnerability’

Google Cybersecurity Action Team Threat Horizons Report #4 Is Out!

Exclusive: Welcome “Frappo” – Resecurity identified a new Phishing-as-a-Service

Zix tricks: Phishing campaign creates false illusion that emails are safe

Stay Connected