Banking, Cybersecurity and Phishing - Cyber Security Informer

China-based SMS Phishing Triad Pivots to Banks

Krebs on Security

APRIL 10, 2025

China-based purveyors of SMS phishing kits are enjoying remarkable success converting phished payment card data into mobile wallets from Apple and Google. The site will then complain that the visitor’s bank needs to “verify” the transaction by sending a one-time code via SMS. Image: Ford Merrill.

Banking

Banking Phishing Mobile Retail

Crooks bank on Microsoft’s search engine to phish customers

Malwarebytes

NOVEMBER 4, 2024

We identified a new wave of phishing for banking credentials that targets consumers via Microsoft’s search engine. One particularly interesting detail is how a phishing website created barely two weeks ago is already indexed and displayed before the official one. We have reported the fraudulent sites to Microsoft already.

Engineering

Engineering Phishing Banking Authentication

Why Take9 Won’t Improve Cybersecurity

Schneier on Security

MAY 30, 2025

There’s a new cybersecurity awareness campaign: Take9. But the campaign won’t do much to improve cybersecurity. ” was an awareness campaign from 2016, by the Department of Homeland Security—this was before CISA—and the National Cybersecurity Alliance. First, the advice is not realistic.

Cybersecurity

Cybersecurity Scams Security Awareness Phishing

Coyote Banking Trojan targets Brazilian users, stealing data from 70+ financial apps and websites

Security Affairs

FEBRUARY 4, 2025

Coyote Banking Trojan targets Brazilian users, stealing data from over 70 financial applications and websites. FortiGuard Labs researchers detected a campaign using LNK files executing PowerShell commands to deploy the Coyote Banking Trojan. Then the malware starts monitoring the active window. ” concludes the report.

Banking

Banking Malware Antivirus Cyber threats

Phishing evolves beyond email to become latest Android app threat

Malwarebytes

FEBRUARY 11, 2025

There are plenty of phish in the sea, and the latest ones have little interest in your email inbox. In 2024, Malwarebytes detected more than 22,800 phishing apps on Android, according to the recent 2025 State of Malware report. These Android phishing apps may sound high-tech, but they are not.

Phishing

Phishing Passwords Authentication Mobile

Notorious Malware, Spam Host “Prospero” Moves to Kaspersky Lab

Krebs on Security

FEBRUARY 28, 2025

Security experts say the Russia-based service provider Prospero OOO (the triple O is the Russian version of “LLC”) has long been a persistent source of malicious software, botnet controllers, and a torrent of phishing websites. And BEARHOST has been cultivating its reputation since at least 2019.

Malware

Malware Antivirus DDOS Software

“Urgent reminder” tax scam wants to phish your Microsoft credentials

Malwarebytes

APRIL 1, 2025

If the receiver were to scan the QR code, they would be sent to a phishing site. The other big type of scams are phishing emails, like we saw above. Never send sensitive personal information such as your bank account, charge card, or Social Security number by email. Thank you for your prompt attention to this matter.

Scams

Scams Phishing Artificial Intelligence Social Engineering

Phishers Target Aviation Execs to Scam Customers

Krebs on Security

JULY 24, 2025

KrebsOnSecurity recently heard from a reader whose boss’s email account got phished and was used to trick one of the company’s customers into sending a large payment to scammers. A search at DomainTools found justyjohn50@yahoo.com has been registering one-off phishing domains since at least 2012.

Scams

Scams Phishing Cybercrime Accountability

Crooks are reviving the Grandoreiro banking trojan

Security Affairs

MARCH 28, 2025

Grandoreiro Banking Trojan resurfaces, targeting users in Latin America and Europe in new phishing campaigns. Forcepoint X-Labs researchers warn of new phishing campaigns targeting Latin America and Europe in new phishing campaigns. Attackers also employ encrypted or password-protected files to evade security detection.

Banking

Banking Phishing Malware Passwords

FBI: Spike in Hacked Police Emails, Fake Subpoenas

Krebs on Security

NOVEMBER 9, 2024

” In a hypothetical example, a scammer uses a hacked government email account to request that a service provider place a hold on a specific bank or crypto account that is allegedly subject to a garnishment order, or party to crime that is globally sanctioned, such as terrorist financing or child exploitation. dot-gov emails get hacked.

Hacking

Hacking Accountability Government Social Engineering

Israel–Iran Conflict Escalates in Cyberspace: Banks and Crypto Hit, Internet Cut

SecureWorld News

JUNE 19, 2025

Bank Sepah, one of Iran's oldest and most strategically essential banks, suffered major outages across its ATMs and online services on June 17th. Harden financial and cloud infrastructure This conflict has already demonstrated the vulnerability of fintech, crypto platforms, and core banking systems.

Internet

Internet Internet Banking CISO

Grandoreiro Trojan Resurges in Phishing Attacks

Penetration Testing

APRIL 8, 2025

Cybercriminals are actively distributing the Grandoreiro banking trojan through large-scale phishing campaigns, primarily targeting banking users in Latin America and Europe. According to a report by Forcepoint X-Labs, this resurgence involves the use of advanced techniques to evade detection and maximize impact.

Phishing

Phishing Banking Cybersecurity Malware

March Madness Meets Cyber Mayhem: How Cybercriminals Are Playing Offense this Season

SecureWorld News

MARCH 20, 2025

March Madness is here, and while fans are busy filling out brackets and making last-minute bets, cybercriminals are running their own full-court presstargeting unsuspecting fans with phishing scams, fake betting apps, and credential-harvesting schemes. This scenario follows the common phishing tactics: strike at personal interest.

Scams

Scams Social Engineering Phishing Mobile

Luxury, Loyalty and Lateral Movement: Retail and Banking Attacks Surge

SecureWorld News

JUNE 4, 2025

In a matter of days, three major cybersecurity incidents have hit the retail and financial services sectors, drawing renewed attention to supply chain vulnerabilities, credential-based attacks, and the increasing value of non-financial customer data. The reputational damage could be immense." That's why MFA adoption remains low in many cases."

Retail

Retail Banking Financial Services Social Engineering

The Anatomy of a Phishing Email

Security Through Education

JULY 22, 2025

One of the most common tactics threat actors use to trick individuals into giving up sensitive information, like login credentials, is phishing emails. According to Proofpoint’s 2024 report 91% of all cyber-attacks start with phishing. Spear phishing emails on the other hand are carefully crafted to target a specific individual.

Phishing

Phishing Social Engineering Accountability Passwords

Scammers Target Netflix Users: Expert Issues Urgent Warning

eSecurity Planet

MARCH 31, 2025

Streaming giant Netflix is at the center of a rising wave of online scams, cybersecurity experts warn. Karin Zilberstein, vice president of Product at cybersecurity company Guardio, says the platform consistently ranks among the top 10 most imitated companies in phishing schemes. Instead, visit Netflix.com directly.

Scams

Scams Artificial Intelligence Phishing Accountability

The Role and Benefits of AI in Cybersecurity

SecureWorld News

APRIL 13, 2025

In this article, we'll explore how AI enhances cybersecurity, its key benefits, and why businesses are increasingly relying on AI-driven security solutions. How does AI work in cybersecurity? This speeds up response times and reduces the burden on cybersecurity teams.

Cybersecurity

Cybersecurity Artificial Intelligence Threat Detection Cyber threats

Mishing Is the New Phishing — And It’s More Dangerous

eSecurity Planet

FEBRUARY 26, 2025

Cybercriminals are shifting their focus from emails to text messages, using mishing a more deceptive form of phishing to target mobile users and infiltrate corporate networks, according to new security research by Zimperium. Vishing: Also known as voice phishing. What is mishing? and 9%in Brazil.

Phishing

Phishing Mobile Social Engineering Data breaches

Are Cybersecurity Jobs in High Demand?

Hacker's King

OCTOBER 19, 2024

Cybersecurity has become one of the most critical fields in technology, ensuring that data, networks, and systems are protected from unauthorized access and malicious attacks. As cyber threats escalate, the demand for skilled professionals in cybersecurity is skyrocketing. trillion annually.

Cybersecurity

Cybersecurity Healthcare Cyber threats Government

New Linux FASTCash Variant: Threats to Banking Systems

Hacker's King

DECEMBER 17, 2024

The cybersecurity world has been abuzz with news of a new Linux variant of FASTCash, a sophisticated malware targeting the banking sector. FASTCash has gained notoriety for its ability to bypass banking security protocols, enabling cybercriminals to withdraw massive amounts of cash from ATMs.

Banking

Banking Social Engineering Malware Phishing

As Seen on Channel 5’s Vanessa (Feltz) Show: What to Do if You’re Targeted by a Scam

Jane Frankland

MAY 16, 2025

Here’s a breakdown of the most widespread and damaging scams today: Impersonation Scams (51% of fraud cases) where fraudsters pose as: Banks, HMRC, DVLA, or government agencies. Guilt or Authority Pressure: Messages from “your boss,” “the bank,” or “your child” asking for urgent help or discretion.

Scams

Scams Password Management Passwords Banking

Billions of logins for Apple, Google, Facebook, Telegram, and more found exposed online

Malwarebytes

JUNE 19, 2025

But that doesn’t take away from the fact that these credentials are in the hands of cybercriminals who can use them for: Account takeovers : Cybercriminals can use stolen credentials to hijack social media, banking, or corporate accounts. Some forms of 2FA can be phished just as easily as a password.

Identity Theft

Identity Theft Passwords Phishing Accountability

Columbus Ransomware Attack Exposes 500,000+ Residents’ Data: How to Stay Safe

eSecurity Planet

NOVEMBER 6, 2024

In a stunning blow to the city’s cybersecurity defenses, Columbus, Ohio, recently became the target of a massive cyberattack that exposed over half a million residents’ sensitive information. This data reportedly includes everything from names and addresses to Social Security numbers and bank account details.

Ransomware

Ransomware Authentication Identity Theft Penetration Testing

Warning: Hackers could take over your email account by stealing cookies, even if you have MFA

Malwarebytes

NOVEMBER 5, 2024

With access to your email account, a cybercriminal can find a lot of useful information about you, such as where you bank, your account numbers, your favorite shops, and more. Cybercriminals could use your account to spread spam and phishing emails to your contacts. You should be able to find this option in your account settings.

Accountability

Accountability Authentication Banking Malware

Fake Social Security Statement emails trick users into installing remote tool

Malwarebytes

APRIL 30, 2025

They access and exfiltrate sensitive information such as banking details, personal identification numbers, and confidential files. There are several circumstances that make this campaign hard to detect: The cybercriminals send phishing emails from compromised WordPress sites, so the domains themselves appear legitimate and not malicious.

Computers and Electronics

Computers and Electronics Identity Theft Phishing Banking

AI-Driven Fraud and Impersonation: The New Face of Financial Crime

SecureWorld News

JULY 17, 2025

banks and financial firms are being targeted by scammers using deepfake videos, AI-generated voices, and advanced chatbots to deceive employees and customers. security leaders and bank executives, defending against this high-tech impostor has become a top priority in 2025. In 2025, U.S. In 2025, numerous U.S.

Banking

Banking Scams Social Engineering Financial Services

QR codes sent in attachments are the new favorite for phishers

Malwarebytes

APRIL 3, 2025

Recently weve been seeing quite a few phishing campaigns using QR codes in email attachments. The lure and the targets are varied, but the use of a QR code to get someone to visit the phishing site is fast becoming a preferred method for cybercriminals. For example, banking apps will be often be installed on the same device.

Phishing

Phishing Banking Mobile Accountability

How Website Localization Strengthens Cybersecurity in Global Markets

SecureWorld News

FEBRUARY 4, 2025

This made the need for strengthening cybersecurity so apparent to everyone that U.S. The best approach one can adopt is always having cybersecurity at the forefront of their mind whichever aspect of their business they approach. The intersection of localization and cybersecurity Now, how does localization affect cybersecurity?

Marketing

Marketing Cybersecurity eCommerce Data breaches

Amazon warns 200 million Prime customers that scammers are after their login info

Malwarebytes

JULY 16, 2025

At Malwarebytes, we’ve seen emails pretending to be from Amazon that tried to drive customers to fake websites like amazons.digital, a site we block for phishing. Install web protection that can warn you of phishing sites, card skimmers, and other nasties that could lead to your data being taken.

Scams

Scams Accountability Phishing Passwords

GUESST ESSAY: Cybercrime for hire: small businesses are the new bullseye of the Dark Web

The Last Watchdog

MAY 15, 2025

Yet despite their importance, many lack the cybersecurity expertise and resources to fend off a rising tide of digital threats. AI is now supercharging these threats helping cybercriminals scale attacks, tailor phishing lures, write malware, and even evade detection. For small businesses, smart prioritization is key.

Small Business

Small Business Cybercrime Cyber Insurance Phishing

City of Columbus breach affects around half a million citizens

Malwarebytes

NOVEMBER 4, 2024

In a data breach notification filed by the Attorney General for the state of Maine, the cybersecurity incident that affected Columbus, Ohio impacted half a million people. Some forms of two-factor authentication (2FA) can be phished just as easily as a password. 2FA that relies on a FIDO2 device can’t be phished. Take your time.

Data breaches

Data breaches Passwords Phishing Ransomware

Warning over free online file converters that actually install malware

Malwarebytes

MARCH 17, 2025

Financial information, like your banking credentials and crypto wallets. com (phishing) convertitoremp3[.]it com (Phishing) convertix-api[.]xyz org (Riskware) We don’t just report on threats – we help safeguard your entire digital identity Cybersecurity risks should never spread beyond a headline.

Malware

Malware Adware Education Phishing

5 million payment card details stolen in painful reminder to monitor Christmas spending

Malwarebytes

DECEMBER 17, 2024

In this case we dont know whos behind the leak, although it seems clear from the screenshots that its a phishing operation and the credit and debit card information was exactly the data they were after. Phishing using websites that were especially set up for this task.

Identity Theft

Identity Theft Phishing Banking Accountability

Understanding MFA Fatigue: Why Cybercriminals Are Exploiting Human Behaviour

IT Security Guru

FEBRUARY 25, 2025

The common maxim in cybersecurity is that the industry is always on the back foot. While cybersecurity practitioners build higher walls, adversaries are busy creating taller ladders. MFA Fatigue: The I Give Up Button in Cybersecurity While MFA is extremely effective at preventing unauthorized access, it is not impervious to abuse.

Social Engineering

Social Engineering Authentication Risk Accountability

Grubhub Suffers Data Breach in Third-Party Vendor Incident

SecureWorld News

FEBRUARY 6, 2025

Grubhub confirmed that Marketplace customer passwords, merchant login credentials, full payment card numbers, and bank account details were not exposed. However, even seemingly limited breaches can have downstream effects, enabling phishing attacks and social engineering schemes. How did this happen?

Data breaches

Data breaches Accountability Social Engineering Risk

Europol takes down criminal data hub Manson Market in busy month for law enforcement

Malwarebytes

DECEMBER 6, 2024

The scammers participated in fraudulent phone calls in which they impersonated bank employees to extract sensitive information, such as addresses and security answers, from their victims. A network of fake online shops set up to phish for payment information provided one of the sources of stolen data.

Marketing

Marketing Banking Encryption Phishing

Security Affairs newsletter Round 496 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

NOVEMBER 3, 2024

Chinese threat actors use Quad7 botnet in password-spray attacks FBI arrested former Disney World employee for hacking computer menus and mislabeling allergy info Sophos details five years of China-linked threat actors’ activity targeting network devices worldwide PTZOptics cameras zero-days actively exploited in the wild New LightSpy spyware (..)

Cryptocurrency

Cryptocurrency Hacking Phishing Cyber Attacks

South African telecom provider Cell C disclosed a data breach following a cyberattack

Security Affairs

APRIL 13, 2025

Compromised data includes full names, contact details, ID numbers, banking information, drivers license numbers, medical records and passport details. “Cell C is aware that data compromised in the recent cybersecurity incident has been unlawfully disclosed by RansomHouse, the threat actor claiming responsibility.”

Data breaches

Data breaches Unstructured Data Identity Theft Healthcare

News Alert: SquareX, Fortune 500 CISOs to debut bowser security guide at Black Hat USA 2025

The Last Watchdog

JULY 17, 2025

Major contributors include: •Rathi Murthy, CTO of Varo Bank, Fmr. By delivering unparalleled visibility and control directly within the browser, SquareX enables security leaders to reduce their attack surface, gain actionable intelligence, and strengthen their enterprise cybersecurity posture against the newest threat vector – the browser.

CISO

CISO Ransomware Banking Media

Tax Season = Prime Time for Scammers — Here’s How to Stay Safe

eSecurity Planet

MARCH 28, 2025

From bogus IRS messages to sneaky links designed to swipe your refund (and identity), phishing scams are ramping up. Cybersecurity experts urge the taxpayers to stay sharp and skeptical. Mishing and phishing are two common types to watch out for. Early detection is crucial in mitigating potential damage.

Scams

Scams Phishing Identity Theft Accountability

Romantic Lawsuit for Two? Don't Let Cybercriminals Scam You this Valentine's Day

SecureWorld News

FEBRUARY 14, 2025

Avoid phishing emails and messages You may receive emails or texts with fake Valentine's Day deals, electronic greeting cards (e-cards), or delivery notifications. Never share sensitive information like address, phone number, or banking details with someone you just met online.

Scams

Scams Cybercrime Phishing Social Engineering

Financial cyberthreats in 2024

SecureList

MARCH 25, 2025

Note that for mobile banking malware, we retrospectively revised the 2023 numbers to provide more accurate statistics. We also changed the methodology for PC banking malware by removing obsolete families that no longer use Trojan banker functionality, hence the sharp drop in numbers against 2023. million detections compared to 5.84

Phishing

Phishing Banking Scams Mobile

PayPal scam abuses Docusign API to spread phishy emails

Malwarebytes

MARCH 4, 2025

PayPal scammers are using an old Docusign trick to enhance the trustworthiness of their phishing emails. If you think you are the victim of this type of phishing: Check your PayPal account: Log in to your PayPal account and review your recent transactions to search for and identify the suspicious payment.

Scams

Scams Accountability Phishing Banking

Mastering Subscription Management: The Unexpected Cybersecurity Connection You Need to Know

Responsible Cyber

MARCH 2, 2025

But while managing these subscriptions can feel like a mundane task, theres a hidden layer that many overlook: the critical role subscription management plays in cybersecurity. This is where subscription management steps in as a hero and where cybersecurity risks start to creep in if youre not careful.

Cybersecurity

Cybersecurity Accountability Banking Scams

China-based SMS Phishing Triad Pivots to Banks

Crooks bank on Microsoft’s search engine to phish customers

Trending Sources

Why Take9 Won’t Improve Cybersecurity

Coyote Banking Trojan targets Brazilian users, stealing data from 70+ financial apps and websites

Phishing evolves beyond email to become latest Android app threat

Notorious Malware, Spam Host “Prospero” Moves to Kaspersky Lab

“Urgent reminder” tax scam wants to phish your Microsoft credentials

Phishers Target Aviation Execs to Scam Customers

Crooks are reviving the Grandoreiro banking trojan

FBI: Spike in Hacked Police Emails, Fake Subpoenas

Israel–Iran Conflict Escalates in Cyberspace: Banks and Crypto Hit, Internet Cut

Grandoreiro Trojan Resurges in Phishing Attacks

March Madness Meets Cyber Mayhem: How Cybercriminals Are Playing Offense this Season

Luxury, Loyalty and Lateral Movement: Retail and Banking Attacks Surge

The Anatomy of a Phishing Email

Scammers Target Netflix Users: Expert Issues Urgent Warning

The Role and Benefits of AI in Cybersecurity

Mishing Is the New Phishing — And It’s More Dangerous

Are Cybersecurity Jobs in High Demand?

New Linux FASTCash Variant: Threats to Banking Systems

As Seen on Channel 5’s Vanessa (Feltz) Show: What to Do if You’re Targeted by a Scam

Billions of logins for Apple, Google, Facebook, Telegram, and more found exposed online

Columbus Ransomware Attack Exposes 500,000+ Residents’ Data: How to Stay Safe

Warning: Hackers could take over your email account by stealing cookies, even if you have MFA

Fake Social Security Statement emails trick users into installing remote tool

AI-Driven Fraud and Impersonation: The New Face of Financial Crime

QR codes sent in attachments are the new favorite for phishers

How Website Localization Strengthens Cybersecurity in Global Markets

Amazon warns 200 million Prime customers that scammers are after their login info

GUESST ESSAY: Cybercrime for hire: small businesses are the new bullseye of the Dark Web

City of Columbus breach affects around half a million citizens

Warning over free online file converters that actually install malware

5 million payment card details stolen in painful reminder to monitor Christmas spending

Understanding MFA Fatigue: Why Cybercriminals Are Exploiting Human Behaviour

Grubhub Suffers Data Breach in Third-Party Vendor Incident

Europol takes down criminal data hub Manson Market in busy month for law enforcement

Security Affairs newsletter Round 496 by Pierluigi Paganini – INTERNATIONAL EDITION

South African telecom provider Cell C disclosed a data breach following a cyberattack

News Alert: SquareX, Fortune 500 CISOs to debut bowser security guide at Black Hat USA 2025

Tax Season = Prime Time for Scammers — Here’s How to Stay Safe

Romantic Lawsuit for Two? Don't Let Cybercriminals Scam You this Valentine's Day

Financial cyberthreats in 2024

PayPal scam abuses Docusign API to spread phishy emails

Mastering Subscription Management: The Unexpected Cybersecurity Connection You Need to Know

Stay Connected