article thumbnail

New MFA-bypassing phishing kit targets Microsoft 365, Gmail accounts

Bleeping Computer

Cybercriminals have been increasingly using a new phishing-as-a-service (PhaaS) platform named 'Tycoon 2FA' to target Microsoft 365 and Gmail accounts and bypass two-factor authentication (2FA) protection. [.]

Phishing 144
article thumbnail

Framework discloses data breach after accountant gets phished

Bleeping Computer

Framework Computer disclosed a data breach exposing the personal information of an undisclosed number of customers after Keating Consulting Group, its accounting service provider, fell victim to a phishing attack. [.]

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Watch out, this LastPass email with "Important information about your account" is a phish

Malwarebytes

The consequences of last year's LastPass breach continue to be felt, with the latest insult to users coming in the form of a highly convincing phishing email. Armed with this data, attackers can send targeted phishing emails that attempt to steal the passwords needed to unlock the stolen password vaults.

Phishing 139
article thumbnail

Verified Twitter accounts phished via hate speech!

Javvad Malik

The first was around verified Twitter accounts receiving direct messages apparently from Twitter which claimed their accounts had been flagged for hate speech. The second was a Discord phishing campaign where people would recieve messages being accsed of sending explicit photos. The techniques of these phishing attacks vary.

article thumbnail

Man-in-the-Middle Phishing Attack

Schneier on Security

Here’s a phishing campaign that uses a man-in-the-middle attack to defeat multi-factor authentication: Microsoft observed a campaign that inserted an attacker-controlled proxy site between the account users and the work server they attempted to log into.

Phishing 305
article thumbnail

PayPal Phishing Scam Uses Invoices Sent Via PayPal

Krebs on Security

The missives — which come from Paypal.com and include a link at Paypal.com that displays an invoice for the supposed transaction — state that the user’s account is about to be charged hundreds of dollars. ” A copy of the phishing message included in the PayPal.com invoice.

Scams 310
article thumbnail

68k Phishing Victims are Now Searchable in Have I Been Pwned, Courtesy of CERT Poland

Troy Hunt

They'd observed a phishing campaign that had collected 68k credentials from unsuspecting victims and asked if HIBP may be used to help alert these individuals to their exposure. Last week I was contacted by CERT Poland. Data accumulated by the malicious activity spanned from October 2022 until just last week.

Phishing 337