Authentication, Phishing and Risk - Cyber Security Informer

FBI, Dutch Police Disrupt ‘Manipulaters’ Phishing Gang

Krebs on Security

JANUARY 31, 2025

Department of Justice refers to the cybercrime group as Saim Raza , after a pseudonym The Manipulaters communally used to promote their spam, malware and phishing services on social media. ” Manipulaters advertisement for Office 365 Private Page with Antibot phishing kit sold via Heartsender. Image: DomainTools. ” U.S.

Phishing

Phishing Cybercrime Advertising Malware

Gmail’s multi-factor authentication bypassed by hackers to pull off targeted attacks

Malwarebytes

JUNE 23, 2025

Russian hackers have bypassed Google’s multi-factor authentication (MFA) in Gmail to pull off targeted attacks, according to security researchers at Google Threat Intelligence Group (GTIG). However, because app passwords skip the second verification step, hackers can steal or phish them more easily than a full MFA login.

Authentication

Authentication Passwords Social Engineering Accountability

Operation Heart Blocker: International Police Disrupt Phishing Network

SecureWorld News

FEBRUARY 3, 2025

and Dutch law enforcement agencies have dismantled 39 domains and their associated servers in an effort to disrupt a Pakistan-based network of online marketplaces selling phishing and fraud-enabling tools. Organizations should enforce least privilege access and enable multi-factor authentication (MFA) on all accounts that have it available.

Phishing

Phishing Cybercrime Scams Authentication

Crooks bank on Microsoft’s search engine to phish customers

Malwarebytes

NOVEMBER 4, 2024

We identified a new wave of phishing for banking credentials that targets consumers via Microsoft’s search engine. One particularly interesting detail is how a phishing website created barely two weeks ago is already indexed and displayed before the official one. We have reported the fraudulent sites to Microsoft already.

Engineering

Engineering Phishing Banking Authentication

Phishing evolves beyond email to become latest Android app threat

Malwarebytes

FEBRUARY 11, 2025

There are plenty of phish in the sea, and the latest ones have little interest in your email inbox. In 2024, Malwarebytes detected more than 22,800 phishing apps on Android, according to the recent 2025 State of Malware report. These Android phishing apps may sound high-tech, but they are not.

Phishing

Phishing Passwords Authentication Mobile

All Gmail users at risk from clever replay attack

Malwarebytes

APRIL 22, 2025

Recently I was targeted by an extremely sophisticated phishing attack, and I want to highlight it here. Attackers increasingly use Google Sites to host phishing pages because the domain appears trustworthy to most users and can bypass many security filters. And that is exactly what the cybercriminals did.

Risk

Risk Scams Accountability Phishing

Arrest, Raids Tied to ‘U-Admin’ Phishing Kit

Krebs on Security

FEBRUARY 8, 2021

Cyber cops in Ukraine carried out an arrest and several raids last week in connection with the author of a U-Admin , a software package used to administer what’s being called “one of the world’s largest phishing services.” The U-Admin phishing panel interface. Image: fr3d.hk/blog. ” U-Admin, a.k.a.

Phishing

Phishing Scams Banking Mobile

Misconfigured AWS Accounts Are Fueling Phishing Campaigns

eSecurity Planet

MARCH 4, 2025

Cybersecurity researchers have uncovered a campaign where threat actors exploit misconfigured Amazon Web Services (AWS) environments to send phishing emails. How the attack works The JavaGhost group, active since 2019, initially focused on website defacements before shifting to financially motivated phishing attacks in 2022.

Phishing

Phishing Accountability Authentication Risk

Synthetic Sabotage: How AI Tools Are Fueling Tailored Phishing Campaigns at Scale

SecureWorld News

APRIL 28, 2025

The phishing game has evolved into synthetic sabotage a hybrid form of social engineering powered by AI that can personalize, localize, and scale attacks with unnerving precision. The quiet revolution of phishing-as-a-service (PhaaS) If you haven't noticed by now, phishing has gone SaaS. For phishing, this is a gold mine.

Phishing

Phishing Social Engineering Engineering Data breaches

Fake Booking.com phish uses fake CAPTCHAs to trick hotel staff into downloading malware

Malwarebytes

MARCH 26, 2025

A new phishing campaign that uses the fake CAPTCHA websites we reported about recently is targeting hotel staff in a likely attempt to access customer data, according to research from ThreatDown. However, there are a few things you can do to lower your risk. Enable two-factor authentication (2FA). Set up identity monitoring.

Phishing

Phishing Malware Passwords Password Management

How AI was used in an advanced phishing campaign targeting Gmail users

Malwarebytes

FEBRUARY 13, 2025

Phishers are using AI-based phishing attacks which have proven to raise the effectiveness of phishing campaigns. Around the same time, users receive legitimate looking emails from what appears to be an authentic Google domain to add credibility to what the caller is claiming to have happened.

Phishing

Phishing Identity Theft Artificial Intelligence Accountability

Phishing-Resistant MFA: Why FIDO is Essential

Thales Cloud Protection & Licensing

MAY 7, 2025

Phishing-Resistant MFA: Why FIDO is Essential madhav Thu, 05/08/2025 - 04:47 Phishing attacks are one of the most pervasive and insidious threats, with businesses facing increasingly sophisticated and convincing attacks that exploit human error.

Phishing

Phishing Authentication Passwords Social Engineering

Mishing Is the New Phishing — And It’s More Dangerous

eSecurity Planet

FEBRUARY 26, 2025

Cybercriminals are shifting their focus from emails to text messages, using mishing a more deceptive form of phishing to target mobile users and infiltrate corporate networks, according to new security research by Zimperium. Vishing: Also known as voice phishing. What is mishing? and 9%in Brazil.

Phishing

Phishing Mobile Social Engineering Data breaches

‘The Manipulaters’ Improve Phishing, Still Fail at Opsec

Krebs on Security

APRIL 3, 2024

Roughly nine years ago, KrebsOnSecurity profiled a Pakistan-based cybercrime group called “ The Manipulaters ,” a sprawling web hosting network of phishing and spam delivery platforms. Manipulaters advertisement for “Office 365 Private Page with Antibot” phishing kit sold on the domain heartsender,com.

Phishing

Phishing Cybercrime Malware Advertising

GUEST ESSAY: How the FIDO Alliance helps drive the move to passwordless authentication

The Last Watchdog

DECEMBER 6, 2021

This traditional authentication method is challenging to get rid of, mostly because it’s so common. And for businesses, transitioning to new authentication solutions can be expensive and time-consuming. It supports standards that make implementing newer, stronger authentication methods possible for businesses.

Authentication

Authentication Passwords Mobile Phishing

LW ROUNDTABLE: Predictive analytics, full-stack visualization to solidify cyber defenses in 2025

The Last Watchdog

DECEMBER 18, 2024

Shashanka Dr. Madhu Shashanka , Chief Data Scientist, Concentric AI Generative AI in 2025 will bring transformative opportunities but heightened cybersecurity risks, including data exposure, AI misuse, and novel threats like prompt injection attacks. Organizations face rising risks of AI-driven social engineering and personal device breaches.

Risk

Risk Threat Detection Technology Phishing

GUEST ESSAY: Advanced tools, tactics required to defend latest attack variant — ‘DeepSea phishing’

The Last Watchdog

JULY 14, 2022

Phishing itself is not a new or a particularly complicated threat. But the emergence of advanced phishing techniques – “DeepSea Phishing” – poses an entirely new challenge for enterprises. The financial impact of phishing attacks quadrupled over the past six years, with the average cost for U.S. companies rising to $14.8

Phishing

Phishing Education Cybersecurity Threat Detection

10 Behaviors That Will Reduce Your Risk Online

Daniel Miessler

MAY 14, 2020

What follows is a set of basic security hygiene steps that will significantly reduce your risk online. Enable two-factor authentication on all critical accounts. Go to each of those high-priority accounts and ensure two-factor authentication (often called strong authentication) is turned on. Everything.

Risk

Risk Password Management Passwords Accountability

Phishing Campaign Impersonates Booking.com, Plants Malware

eSecurity Planet

MARCH 14, 2025

A recent phishing campaign has raised alarms among cybersecurity professionals after it impersonated Booking.com to deliver a suite of credential-stealing malware. The phishing messages include links or attachments that direct users to fake Booking.com pages.

Phishing

Phishing Malware Social Engineering Authentication

Video: How Hackers Steal Your Cookies & How to Stop Them

eSecurity Planet

NOVEMBER 6, 2024

Attackers can steal your cookies through phishing, malware, and MITM attacks, leading to data theft, financial loss, and identity theft. Initial Attack Vector Attackers might send phishing emails or create fake websites. Though cookies themselves don’t steal passwords, they can be hijacked to access sensitive data.

Identity Theft

Identity Theft Passwords Phishing Accountability

Scammers can easily phish your multi-factor authentication codes. Here’s how to avoid it

Malwarebytes

MAY 16, 2024

More and more websites and services are making multi-factor-authentication (MFA) mandatory, which makes it much harder for cybercriminals to access your accounts. A type of phishing we’re calling authentication-in-the-middle is showing up in online media. That’s a great thing. Use security software.

Authentication

Authentication Phishing Password Management Scams

Warning: Hackers could take over your email account by stealing cookies, even if you have MFA

Malwarebytes

NOVEMBER 5, 2024

The Federal Bureau of Investigation (FBI) has issued a warning that cybercriminals are taking over email accounts via stolen session cookies, allowing them to bypass the multi-factor authentication (MFA) a user has set up. Cybercriminals could use your account to spread spam and phishing emails to your contacts.

Accountability

Accountability Authentication Banking Malware

Billions of logins for Apple, Google, Facebook, Telegram, and more found exposed online

Malwarebytes

JUNE 19, 2025

Targeted phishing : Combining leaked data allows cybercriminals to engage in very convincing and personalized scams. Enable two-factor authentication (2FA) for every account you can. Some forms of 2FA can be phished just as easily as a password. 2FA that relies on a FIDO2 device can’t be phished.

Identity Theft

Identity Theft Passwords Phishing Accountability

Tax deadline threat: QuickBooks phishing scam exploits Google Ads

Malwarebytes

APRIL 8, 2025

Brand impersonation: from Google ad to phishing page Accounting and tax preparation software has traditionally been a common lure for scammers, particularly those related to online support operating out of large call centres in India and surrounding areas. Protect yourand your family’spersonal information by using identity protection.

Phishing

Phishing Scams Accountability Authentication

The great Google Ads heist: criminals ransack advertiser accounts via fake Google ads

Malwarebytes

JANUARY 15, 2025

Table of contents Overview Criminals impersonate Google Ads Lures hosted on Google Sites Phishing for Google account credentials Victimology Who is behind these campaigns? Figure 12: The actual phishing page that follows Finally, all the data is combined with the username and password and sent to the remote server via a POST request.

Advertising

Advertising Accountability Phishing Scams

How Spread Betting Platforms Safeguard Traders Against Cyber Risks

IT Security Guru

JANUARY 30, 2025

So, lets explore how spread betting platforms are rising to this challenge and ensuring that their platforms are cyber risk-free. Cyber Risks Facing Spread Betting Platforms Cyber threats are becoming more dangerous than ever, and spread betting platforms are a major target for most of these cyberattacks. Thats true.

Cyber Risk

Cyber Risk Risk Penetration Testing Accountability

Level Up Your Security: Embrace Passkeys and Phishing-Resistant 2FA

Thales Cloud Protection & Licensing

JANUARY 31, 2025

Level Up Your Security: Embrace Passkeys and Phishing-Resistant 2FA andrew.gertz@t Fri, 01/31/2025 - 15:17 Celebrate Change Your Password Day and 2FA Day by embracing passkeys and phishing-resistant 2FA. Learn why these modern security practices are essential for safer, stronger authentication. Passwordless authentication.

Phishing

Phishing Passwords Password Management Authentication

We have failed to stop phishing, even after 2 decades. Can we finally agree that emails need digital signatures?

Joseph Steinberg

NOVEMBER 15, 2021

There has likely not been a single hour during the last decade, for example, during which criminals did not carry out successful phishing-based attacks by exploiting the inherent lack of security within standard and ubiquitous email technology. And such issues are just the tip of the iceberg when it comes to email security.

Phishing

Phishing Artificial Intelligence Technology Scams

How 1-Time Passcodes Became a Corporate Liability

Krebs on Security

AUGUST 30, 2022

A recent spate of SMS phishing attacks from one cybercriminal group has spawned a flurry of breach disclosures from affected companies, which are all struggling to combat the same lingering security threat: The ability of scammers to interact directly with employees through their mobile devices.

Phishing

Phishing Mobile Authentication Accountability

Voice Phishers Targeting Corporate VPNs

Krebs on Security

AUGUST 19, 2020

The COVID-19 epidemic has brought a wave of email phishing attacks that try to trick work-at-home employees into giving away credentials needed to remotely access their employers’ networks. The employee phishing page bofaticket[.]com. Image: urlscan.io.

Phishing

Phishing VPN Social Engineering Accountability

Predatory app downloaded 100,000 times from Google Play Store steals data, uses it for blackmail

Malwarebytes

FEBRUARY 25, 2025

Enable two-factor authentication (2FA). Some forms of two-factor authentication (2FA) can be phished just as easily as a password. 2FA that relies on a FIDO2 device cant be phished. We dont just report on phone securitywe provide it Cybersecurity risks should never spread beyond a headline.

Passwords

Passwords Password Management Phishing Authentication

From Notifications to Deepfakes: How Human Behaviour Is Shifting and What It Means for Cybersecurity

Jane Frankland

JANUARY 19, 2025

Cybersecurity Risks As people become more selective in their engagement of technology, the behavioural changes were now experiencing have significant implications for cybersecurity. Deepfake Technology Amplifying Risks: The evolution and democratisation of deepfake technology have blurred the line between reality and fabrication.

Cybersecurity

Cybersecurity Scams Technology Risk

Warning over free online file converters that actually install malware

Malwarebytes

MARCH 17, 2025

Other passwords and session tokens that could allow the scammers to bypass multi-factor authentication (MFA). By using one of these online converters you could be at risk of getting infected with ransomware or enable criminals to steal your data or identity in full. com (phishing) convertitoremp3[.]it Email addresses.

Malware

Malware Adware Education Phishing

GUEST ESSAY: Best practices to shrink the ever-present risk of Exchange Server getting corrupted

The Last Watchdog

FEBRUARY 5, 2024

One critical issue faced by organizations that rely on Exchange Server is the risk of a corrupt Exchange Server database cropping up. Navigating new risks Today, heavy reliance on cloud-centric IT infrastructure and cloud-hosted applications has become the norm. Here are a few ‘dos:’ •Rigorous vulnerability management.

Risk

Risk Backups Software Education

News alert: SpyCloud operationalizes darknet data, pioneers shift to holistic identity threat protection

The Last Watchdog

FEBRUARY 4, 2025

This innovative approach empowers security teams to proactively protect against previously unseen risks, including the darknet exposures of identity and authentication data stolen about employees, consumers, and suppliers that have been beyond their visibility to date.

Cybercrime

Cybercrime Phishing Accountability Malware

AI Dilemma: Emerging Tech as Cyber Risk Escalates

Trend Micro

JULY 2, 2025

Move faster than your adversaries with powerful purpose-built XDR, cyber risk exposure management, and zero trust capabilities Learn more Extend Your Team Extend Your Team.

Cyber Risk

Cyber Risk Risk Cyber threats Artificial Intelligence

Cyber criminals impersonate payroll, HR and benefits platforms to steal information and funds

Malwarebytes

MAY 8, 2025

We discovered a new phishing kit targeting payroll and payment platforms that aims to not only steal victims’ credentials but also to commit wire fraud. Clicking on the ad sent employees and employers to a phishing website impersonating Deel. Phishing portal and 2FA The first phishing domain we saw was login-deel[.]app

Phishing

Phishing Authentication Engineering Banking

American Water Shuts Down Services After Cybersecurity Breach

eSecurity Planet

OCTOBER 15, 2024

While American Water has not disclosed the exact method of attack, such incidents often involve tactics like ransomware or phishing , where hackers gain access to sensitive systems and either steal or encrypt data, demanding a ransom in return for restoring access.

Cybersecurity

Cybersecurity Penetration Testing Cyber threats Firewall

5 million payment card details stolen in painful reminder to monitor Christmas spending

Malwarebytes

DECEMBER 17, 2024

In this case we dont know whos behind the leak, although it seems clear from the screenshots that its a phishing operation and the credit and debit card information was exactly the data they were after. Phishing using websites that were especially set up for this task. Shy away from sites making too-good-to-be-true offers.

Identity Theft

Identity Theft Phishing Banking Accountability

Protecting Retailers Against Cyber Risks on Black Friday and Cyber Monday

Thales Cloud Protection & Licensing

NOVEMBER 26, 2024

Protecting Retailers Against Cyber Risks on Black Friday and Cyber Monday josh.pearson@t… Tue, 11/26/2024 - 08:01 As Black Friday and Cyber Monday loom, the stakes for retailers extend far beyond enticing deals and record sales. trillion, the risk of a data breach extends beyond immediate financial losses. trillion and $5.28

Retail

Retail Cyber Risk Risk DDOS

Columbus Ransomware Attack Exposes 500,000+ Residents’ Data: How to Stay Safe

eSecurity Planet

NOVEMBER 6, 2024

This breach has exposed residents to potential risks like identity theft and financial fraud, compounding the urgency for more robust cybersecurity measures in the public sector. Businesses that handle customer data or interact with city networks are now faced with heightened risks.

Ransomware

Ransomware Authentication Identity Theft Penetration Testing

Understanding MFA Fatigue: Why Cybercriminals Are Exploiting Human Behaviour

IT Security Guru

FEBRUARY 25, 2025

A prime example is multi-factor authentication (MFA), a security process that requires users to verify their identity in two or more ways, such as a password, a code sent to their phone, or a fingerprint. Advanced authentication systems can analyse contextual factors, like location, device, and login behaviour, to detect anomalies.

Social Engineering

Social Engineering Authentication Risk Accountability

Deceptive Google Meet Invites Lures Users Into Malware Scams

eSecurity Planet

OCTOBER 22, 2024

One of the most concerning tactics currently on the rise is the ClickFix campaign — a sophisticated phishing scheme targeting unsuspecting Google Meet users. ClickFix campaigns represent a new wave of phishing tactics that emerged in May 2024, aimed at exploiting users of popular software applications. What Are ClickFix Campaigns?

Scams

Scams Malware Phishing Social Engineering

Google's AI Trends Report: Key Insights and Cybersecurity Implications

SecureWorld News

FEBRUARY 25, 2025

Deepfake phishing, AI-generated malware, and automated spear-phishing campaigns are already on the rise. From the report: "Generative AI is being used to create highly convincing phishing emails, fake voices, and even deepfake videosmaking social engineering attacks more difficult to detect.

Cybersecurity

Cybersecurity Social Engineering Artificial Intelligence Cyber threats

FBI, Dutch Police Disrupt ‘Manipulaters’ Phishing Gang

Gmail’s multi-factor authentication bypassed by hackers to pull off targeted attacks

Trending Sources

Operation Heart Blocker: International Police Disrupt Phishing Network

Crooks bank on Microsoft’s search engine to phish customers

Phishing evolves beyond email to become latest Android app threat

All Gmail users at risk from clever replay attack

Arrest, Raids Tied to ‘U-Admin’ Phishing Kit

Misconfigured AWS Accounts Are Fueling Phishing Campaigns

Synthetic Sabotage: How AI Tools Are Fueling Tailored Phishing Campaigns at Scale

Fake Booking.com phish uses fake CAPTCHAs to trick hotel staff into downloading malware

How AI was used in an advanced phishing campaign targeting Gmail users

Phishing-Resistant MFA: Why FIDO is Essential

Mishing Is the New Phishing — And It’s More Dangerous

‘The Manipulaters’ Improve Phishing, Still Fail at Opsec

GUEST ESSAY: How the FIDO Alliance helps drive the move to passwordless authentication

LW ROUNDTABLE: Predictive analytics, full-stack visualization to solidify cyber defenses in 2025

GUEST ESSAY: Advanced tools, tactics required to defend latest attack variant — ‘DeepSea phishing’

10 Behaviors That Will Reduce Your Risk Online

Phishing Campaign Impersonates Booking.com, Plants Malware

Video: How Hackers Steal Your Cookies & How to Stop Them

Scammers can easily phish your multi-factor authentication codes. Here’s how to avoid it

Warning: Hackers could take over your email account by stealing cookies, even if you have MFA

Billions of logins for Apple, Google, Facebook, Telegram, and more found exposed online

Tax deadline threat: QuickBooks phishing scam exploits Google Ads

The great Google Ads heist: criminals ransack advertiser accounts via fake Google ads

How Spread Betting Platforms Safeguard Traders Against Cyber Risks

Level Up Your Security: Embrace Passkeys and Phishing-Resistant 2FA

We have failed to stop phishing, even after 2 decades. Can we finally agree that emails need digital signatures?

How 1-Time Passcodes Became a Corporate Liability

Voice Phishers Targeting Corporate VPNs

Predatory app downloaded 100,000 times from Google Play Store steals data, uses it for blackmail

From Notifications to Deepfakes: How Human Behaviour Is Shifting and What It Means for Cybersecurity

Warning over free online file converters that actually install malware

GUEST ESSAY: Best practices to shrink the ever-present risk of Exchange Server getting corrupted

News alert: SpyCloud operationalizes darknet data, pioneers shift to holistic identity threat protection

AI Dilemma: Emerging Tech as Cyber Risk Escalates

Cyber criminals impersonate payroll, HR and benefits platforms to steal information and funds

American Water Shuts Down Services After Cybersecurity Breach

5 million payment card details stolen in painful reminder to monitor Christmas spending

Protecting Retailers Against Cyber Risks on Black Friday and Cyber Monday

Columbus Ransomware Attack Exposes 500,000+ Residents’ Data: How to Stay Safe

Understanding MFA Fatigue: Why Cybercriminals Are Exploiting Human Behaviour

Deceptive Google Meet Invites Lures Users Into Malware Scams

Google's AI Trends Report: Key Insights and Cybersecurity Implications

Stay Connected