article thumbnail

ONNX phishing service targets Microsoft 365 accounts at financial firms

Bleeping Computer

A new phishing-as-a-service (PhaaS) platform called ONNX Store is targeting Microsoft 365 accounts for employees at financial firms using QR codes in PDF attachments. [.]

Phishing 100
article thumbnail

New MFA-bypassing phishing kit targets Microsoft 365, Gmail accounts

Bleeping Computer

Cybercriminals have been increasingly using a new phishing-as-a-service (PhaaS) platform named 'Tycoon 2FA' to target Microsoft 365 and Gmail accounts and bypass two-factor authentication (2FA) protection. [.]

Phishing 143
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Man-in-the-Middle Phishing Attack

Schneier on Security

Here’s a phishing campaign that uses a man-in-the-middle attack to defeat multi-factor authentication: Microsoft observed a campaign that inserted an attacker-controlled proxy site between the account users and the work server they attempted to log into.

Phishing 329
article thumbnail

Framework discloses data breach after accountant gets phished

Bleeping Computer

Framework Computer disclosed a data breach exposing the personal information of an undisclosed number of customers after Keating Consulting Group, its accounting service provider, fell victim to a phishing attack. [.]

article thumbnail

Phishing Campaign Bypasses MFA to Target Meta Business Accounts, Putting Millions at Risk

Penetration Testing

Cybersecurity firm Cofense has exposed a sophisticated phishing campaign that is actively targeting Meta business accounts worldwide.

article thumbnail

Verified Twitter accounts phished via hate speech!

Javvad Malik

The first was around verified Twitter accounts receiving direct messages apparently from Twitter which claimed their accounts had been flagged for hate speech. The second was a Discord phishing campaign where people would recieve messages being accsed of sending explicit photos. The techniques of these phishing attacks vary.

article thumbnail

PayPal Phishing Scam Uses Invoices Sent Via PayPal

Krebs on Security

The missives — which come from Paypal.com and include a link at Paypal.com that displays an invoice for the supposed transaction — state that the user’s account is about to be charged hundreds of dollars. ” A copy of the phishing message included in the PayPal.com invoice.

Scams 317