Schneier on Security

JANUARY 17, 2025

I am always interested in new phishing tricks, and watching them spread across the ecosystem. A few days ago I started getting phishing SMS messages with a new twist. They were standard messages about delayed packages or somesuch, with the goal of getting me to click on a link and entering some personal information into a website.

Social Engineering 293

Social Engineering Engineering Phishing 293

Security Boulevard

JANUARY 9, 2025

A bad actor is using a Microsoft 365 test domain and a self-created distribution list to bypass traditional email protections and entice victims to hand over their PayPal account information in what Fortinet's CISO is calling a "phish-free" phishing campaign.

CISO 113

CISO Phishing Accountability Social Engineering 113

Krebs on Security

JULY 23, 2024

The Chinese company in charge of handing out domain names ending in “ top ” has been given until mid-August 2024 to show that it has put in place systems for managing phishing reports and suspending abusive domains, or else forfeit its license to sell domains. ” Image: Shutterstock. Interisle said.top has roughly 2.76

Phishing 336

Phishing DNS Scams Technology 336

SecureWorld News

NOVEMBER 22, 2024

The United States Department of Justice (DOJ) has unsealed charges against five individuals accused of orchestrating sophisticated phishing campaigns tied to the notorious Scattered Spider cybercrime group. As this case shows, phishing and hacking has become increasingly sophisticated and can result in enormous losses.

Phishing 108

Phishing Identity Theft Cryptocurrency Cybercrime 108

Malwarebytes

NOVEMBER 4, 2024

We identified a new wave of phishing for banking credentials that targets consumers via Microsoft’s search engine. One particularly interesting detail is how a phishing website created barely two weeks ago is already indexed and displayed before the official one. We have reported the fraudulent sites to Microsoft already.

Engineering 125

Engineering Phishing Banking Authentication 125

Penetration Testing

MAY 22, 2025

The Rhadamanthys stealer, a notorious information-stealing malware, has returned with a new wave of targeted phishing attacks sweeping The post Rhadamanthys Stealer Returns: Copyright Phishing Targets Europe appeared first on Daily CyberSecurity.

Phishing 102

Phishing Malware Cybersecurity Scams 102

Security Affairs

NOVEMBER 4, 2024

for phishing scams that stole millions by hacking email accounts. for phishing scams that resulted in the compromise of millions of email accounts. for phishing scams that resulted in the compromise of millions of email accounts. Nigerian Kolade Ojelade gets 26 years in U.S. ” reads the press release published by DoJ.

Scams 121

Scams Phishing Identity Theft Accountability 121

Malwarebytes

FEBRUARY 11, 2025

There are plenty of phish in the sea, and the latest ones have little interest in your email inbox. In 2024, Malwarebytes detected more than 22,800 phishing apps on Android, according to the recent 2025 State of Malware report. Another 4,800 could even read information from an Android devices Notifications bar to obtain the same info.

Phishing 127

Phishing Passwords Mobile Authentication 127

Malwarebytes

APRIL 1, 2025

Once logged in, follow the prompts to review and confirm your tax information. If the receiver were to scan the QR code, they would be sent to a phishing site. The IRS’s annual Dirty Dozen list of tax scams shows common schemes that threaten your tax and financial information. Please do not reply to this email.

Scams 136

Scams Phishing Artificial Intelligence Social Engineering 136

Security Boulevard

JANUARY 27, 2025

A large-scale phishing campaign is using PDF files and hidden malicious links, as well as posing at the U.S. Postal Service, in phishing campaign targeting mobile device users in hope that victims will divulge credentials and personal information, Zimperium researchers say.

Mobile 116

Mobile Scams Phishing Social Engineering 116

Krebs on Security

NOVEMBER 21, 2024

A visual depiction of the attacks by the SMS phishing group known as Scattered Spider, and Oktapus. Some SMS phishing messages told employees their VPN credentials were expiring and needed to be changed; other phishing messages advised employees about changes to their upcoming work schedule. com and ouryahoo-okta[.]com.

Identity Theft 267

Identity Theft Phishing Cryptocurrency Accountability 267

Security Affairs

NOVEMBER 29, 2024

Phishing tool Rockstar 2FA targets Microsoft 365 credentials, it uses adversary-in-the-middle (AitM) attacks to bypass multi-factor authentication. Trustwave researchers are monitoring malicious activity associated with Phishing-as-a-Service (PaaS) platforms, their latest report focuses on a toolkit called Rockstar 2FA.

Phishing 111

Phishing Accountability Authentication Advertising 111

Security Affairs

FEBRUARY 16, 2025

Russia-linked group Storm-2372 used the device code phishing technique since Aug 2024 to steal login tokens from governments, NGOs, and industries. ” Device code phishing attacks exploit authentication flows to steal tokens, granting attackers access to accounts and data. . ” continues the report.

Phishing 112

Phishing Authentication Telecommunications Accountability 112

Security Affairs

JANUARY 5, 2025

The backdoor is distributed through: Phishing emails with themes such as code of conduct to trick users into downloading the malware. Google researchers analyzed a new malware family called PLAYFULGHOST that supports multiple features, including keylogging, screen and audio capture, remote shell, and file transfer/execution.

Malware 127

Malware Encryption Phishing Hacking 127

Malwarebytes

MAY 8, 2025

We discovered a new phishing kit targeting payroll and payment platforms that aims to not only steal victims’ credentials but also to commit wire fraud. Clicking on the ad sent employees and employers to a phishing website impersonating Deel. Phishing portal and 2FA The first phishing domain we saw was login-deel[.]app

Phishing 98

Phishing Authentication Engineering Social Engineering 98

eSecurity Planet

NOVEMBER 25, 2024

Quishing (QR code phishing) is a cybercrime tactic where cybercriminals exploit deceptive QR codes to trick unsuspecting individuals. Learn how to recognize the warning signs of quishing attacks and protect yourself from this growing threat to safeguard your personal information.

Cybercrime 101

Cybercrime Phishing 101

Troy Hunt

AUGUST 30, 2023

They'd observed a phishing campaign that had collected 68k credentials from unsuspecting victims and asked if HIBP may be used to help alert these individuals to their exposure. Last week I was contacted by CERT Poland. Data accumulated by the malicious activity spanned from October 2022 until just last week.

Phishing 362

Phishing Password Management Passwords Banking 362

Malwarebytes

MARCH 26, 2025

A new phishing campaign that uses the fake CAPTCHA websites we reported about recently is targeting hotel staff in a likely attempt to access customer data, according to research from ThreatDown. If you have any questions or need more information, please contact the guest directly or through our platform. Press Ctrl + V.

Phishing 117

Phishing Malware Passwords Password Management 117

The Hacker News

MAY 27, 2025

The campaign leverages "information technology (IT) themed social engineering calls, and callback phishing emails, to gain remote access to systems or devices and steal sensitive data to extort the victims,"

Social Engineering 113

Social Engineering Phishing Engineering Technology 113

Krebs on Security

MARCH 28, 2024

Here’s the story of a recent thread hijacking attack in which a journalist was copied on a phishing email from the unwilling subject of a recent scoop. An analysis of the webpage reveals it would check any submitted credentials at the real Microsoft website, and return an error if the user entered bogus account information.

Phishing 314

Phishing Scams Accountability Passwords 314

Krebs on Security

SEPTEMBER 19, 2024

Many GitHub users this week received a novel phishing email warning of critical security holes in their code. Please contact us at [link] to get more information on how to fix this issue.” A reader named Chris shared an email he received this week that spoofed GitHub’s security team and warned: “Hey there!

Phishing 325

Phishing Scams Malware Passwords 325

eSecurity Planet

FEBRUARY 26, 2025

Cybercriminals are shifting their focus from emails to text messages, using mishing a more deceptive form of phishing to target mobile users and infiltrate corporate networks, according to new security research by Zimperium. Vishing: Also known as voice phishing. What is mishing? and 9%in Brazil.

Phishing 87

Phishing Mobile Social Engineering Data breaches 87

Krebs on Security

MARCH 14, 2025

In November 2024, KrebsOnSecurity reported that hundreds of hotels that use booking.com had been subject to targeted phishing attacks. From there, they sent out phishing messages asking for financial information from people who’d just booked travel through the company’s app. Source: Sekoia.

Phishing 283

Phishing Malware Scams Passwords 283

SecureWorld News

APRIL 7, 2025

One of the most pressing challenges in cybersecurity is the rise of AI-driven phishing campaigns. Recent findings from Hoxhunt reveal that artificial intelligence is now outpacing human red teams in developing more sophisticated phishing attacks.

Phishing 99

Phishing Artificial Intelligence Cyber threats Cybersecurity 99

Security Affairs

MARCH 17, 2025

Using CSS properties like text-indent , they conceal phishing text from victims while bypassing security parsers. The following phishing message impersonates the Blue Cross Blue Shield organization. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,phishing)

Phishing 114

Phishing Engineering Media Hacking 114

Malwarebytes

FEBRUARY 13, 2025

Phishers are using AI-based phishing attacks which have proven to raise the effectiveness of phishing campaigns. How to avoid AI Gmail phishing Never click on links or download files from unexpected emails or messages. Don’t enter personal information on a website unless you are certain it is legitimate.

Phishing 107

Phishing Artificial Intelligence Identity Theft Accountability 107

Krebs on Security

AUGUST 28, 2024

Multiple media reports this week warned Americans to be on guard against a new phishing scam that arrives in a text message informing recipients they are not yet registered to vote. The information requested from people who visited votewin.org via the SMS campaign. Image: WDIV Detroit on Youtube. Red flag #1.

Phishing 314

Phishing Scams Mobile Advertising 314

Krebs on Security

NOVEMBER 9, 2024

. “Cybercriminals are likely gaining access to compromised US and foreign government email addresses and using them to conduct fraudulent emergency data requests to US based companies, exposing the personal information of customers to further use for criminal purposes,” the FBI warned. Don’t be discouraged.

Hacking 293

Hacking Accountability Government Social Engineering 293

Security Boulevard

MAY 28, 2025

Online threats have become increasingly sophisticated, and phishing attacks are no exception. The post The latest in phishing scams: stealing your information through fake online forms appeared first on Security Boulevard.

Scams 59

Scams Phishing Threat Reports Technology 59

Security Affairs

MARCH 31, 2025

Morphing Meerkat phishing kits exploit DNS MX records to deliver spoofed login pages, targeting over 100 brands. Threat actors are exploiting DNS techniques to enhance phishing attacks, using MX records to dynamically serve spoofed login pages. “We discovered cyber campaigns that used the phishing kits as early as January 2020.

DNS 81

DNS Phishing Banking Passwords 81

Security Affairs

APRIL 28, 2025

A large-scale phishing campaign targets WordPress WooCommerce users with a fake security alert urging them to download a ‘critical patch’ hiding a backdoor. Patchstack researchers uncovered a large-scale phishing campaign targeting WordPress WooCommerce users with a fake security alert. com , woocommerce-api[.]com

Phishing 85

Phishing Accountability DDOS Hacking 85

Security Affairs

MAY 1, 2025

The FBI shared 42K phishing domains tied to LabHost, a PhaaS platform shut down in April 2024, to boost awareness and help identify compromises. The domain list helps prevent future malicious use, allows security teams to scan past logs for breaches, and supports phishing analysis and model training.

Phishing 72

Phishing Banking Threat Detection Authentication 72

eSecurity Planet

OCTOBER 28, 2024

We’ll also look at increased phishing attacks, a couple of different Cisco flaws, and a Fortinet vulnerability that took some time to get its own CVE. Google researchers Xingyu Jin and Clement Lecigene recently provided exploit information on the bug as part of Google’s Project Zero. webflow.io, which indicates a phishing site.

Phishing 102

Phishing Authentication Software VPN 102

Security Affairs

APRIL 14, 2025

The operators of the Phishing-as-a-Service (PhaaS) platform Tycoon2FA have rolled out significant updates to enhance its evasion capabilities. Tycoon2FA, a phishing kit discovered in 2023 by cybersecurity firm Sekoia, was recently updated to improve its evasion capabilities. ” reported Trustwave.

Phishing 76

Phishing Hacking Cybersecurity Cybercrime 76

Malwarebytes

NOVEMBER 1, 2024

The threat, dubbed “Phish ‘n Ships” by the researchers, reportedly infected more than 1,000 websites and built 121 fake web stores to trick consumers. If you are suspicious, it’s a good idea to try the input validation of the shipping information. So, what can consumers do to stay safe?

Phishing 118

Phishing Advertising Engineering Risk 118

Krebs on Security

FEBRUARY 28, 2025

Security experts say the Russia-based service provider Prospero OOO (the triple O is the Russian version of “LLC”) has long been a persistent source of malicious software, botnet controllers, and a torrent of phishing websites. And BEARHOST has been cultivating its reputation since at least 2019.

Malware 260

Malware Antivirus Software DDOS 260

eSecurity Planet

MAY 27, 2025

The FBI has issued a new warning to US law firms about an ongoing and increasingly aggressive phishing campaign orchestrated by the cybercriminal group Luna Moth. This is information that, if leaked, could have severe legal and financial consequences. That includes client records, litigation strategies, contracts, and communications.

Phishing 70

Phishing Scams Antivirus Backups 70