Krebs on Security

DECEMBER 18, 2024

The message included a “Google Support Case ID number” and information about the Google representative supposedly talking to him on the phone, stating the rep’s name as “Ashton” — the same name given by the caller. I put my seed phrase into a phishing site, and that was it.”

Cryptocurrency 363

Cryptocurrency Accountability Authentication Phishing 363

Security Boulevard

JANUARY 9, 2025

A bad actor is using a Microsoft 365 test domain and a self-created distribution list to bypass traditional email protections and entice victims to hand over their PayPal account information in what Fortinet's CISO is calling a "phish-free" phishing campaign.

CISO 113

CISO Phishing Accountability Social Engineering 113

Krebs on Security

MARCH 31, 2020

A spear-phishing attack this week hooked a customer service employee at GoDaddy.com , the world’s largest domain name registrar, KrebsOnSecurity has learned. 49 (that domain is hobbled here because it is currently flagged as hosting a phishing site). It was starting to look like someone had gotten phished.

Phishing 345

Phishing DNS Social Engineering Accountability 345

Security Affairs

OCTOBER 30, 2024

Microsoft warns of a new phishing campaign by Russia-linked APT Midnight Blizzard targeting hundreds of organizations. “On October 22, 2024, Microsoft identified a spear-phishing campaign in which Midnight Blizzard sent phishing emails to thousands of users in over 100 organizations.

Phishing 126

Phishing Social Engineering Government Hacking 126

Security Boulevard

JANUARY 27, 2025

A large-scale phishing campaign is using PDF files and hidden malicious links, as well as posing at the U.S. Postal Service, in phishing campaign targeting mobile device users in hope that victims will divulge credentials and personal information, Zimperium researchers say.

Mobile 116

Mobile Scams Phishing Social Engineering 116

Security Affairs

MAY 24, 2025

law firms for 2 years using callback phishing and social engineering extortion tactics. law firms using phishing and social engineering. FBI warns Silent Ransom Group has targeted U.S. The FBI warns that the Silent Ransom Group, active since 2022 and also known as Luna Moth, has targeted U.S.

Social Engineering 116

Social Engineering Antivirus Phishing Authentication 116

eSecurity Planet

FEBRUARY 26, 2025

Cybercriminals are shifting their focus from emails to text messages, using mishing a more deceptive form of phishing to target mobile users and infiltrate corporate networks, according to new security research by Zimperium. Vishing: Also known as voice phishing. What is mishing? and 9%in Brazil.

Phishing 82

Phishing Mobile Social Engineering Data breaches 82

Malwarebytes

MAY 8, 2025

We discovered a new phishing kit targeting payroll and payment platforms that aims to not only steal victims’ credentials but also to commit wire fraud. Clicking on the ad sent employees and employers to a phishing website impersonating Deel. Phishing portal and 2FA The first phishing domain we saw was login-deel[.]app

Phishing 100

Phishing Authentication Engineering Banking 100

Krebs on Security

FEBRUARY 26, 2023

But it’s worth revisiting how this group typically got in to targeted companies: By calling employees and tricking them into navigating to a phishing website. But we do know the March 2020 attack was precipitated by a spear-phishing attack against a GoDaddy employee. In a filing with the U.S.

Hacking 332

Hacking Social Engineering Phishing Scams 332

The Last Watchdog

NOVEMBER 11, 2024

The technology, which first emerged primarily in the world of gaming and entertainment, now promises to reshape our reality with interactive information and immersive experiences. It could also help users identify various cybersecurity attacks, whether they are types of spoofing , phishing, social engineering, or malware.

Cybersecurity 130

Cybersecurity Social Engineering Technology Threat Detection 130

eSecurity Planet

OCTOBER 22, 2024

One of the most concerning tactics currently on the rise is the ClickFix campaign — a sophisticated phishing scheme targeting unsuspecting Google Meet users. ClickFix campaigns represent a new wave of phishing tactics that emerged in May 2024, aimed at exploiting users of popular software applications.

Scams 123

Scams Malware Phishing Social Engineering 123

Krebs on Security

AUGUST 21, 2020

The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) on Thursday issued a joint alert to warn about the growing threat from voice phishing or “ vishing ” attacks targeting companies. authenticate the phone call before sensitive information can be discussed.

Social Engineering 363

Social Engineering VPN Authentication Engineering 363

Duo's Security Blog

DECEMBER 14, 2023

The email informs John that the company suffered a security breach, and it is essential for all employees to update their passwords immediately. What is social engineering? Social engineering is often used to obtain access or information through a technique called phishing.

Social Engineering 130

Social Engineering Engineering Phishing Passwords 130

SecureWorld News

JANUARY 7, 2025

Their themes touch on phishing, man-in-the middle attacks, cryptography and decryption, incident response, and more. Lured by the Sweet: Avoiding the Phishing Trap Similar to Hansel and Gretel, who were tempted by a candy-coated trap, phishing attacks entice victims with seemingly irresistible offers or legitimate-looking emails and websites.

Cybersecurity 113

Cybersecurity Social Engineering Phishing Engineering 113

NetSpi Executives

OCTOBER 25, 2024

This year’s theme is “Secure Our World” with an emphasis on recognizing phishing and vishing attempts – two prevalent tactics used by bad actors to exploit unsuspecting individuals. Read on as we uncover real tactics and discuss effective strategies to protect your company and its sensitive information in today’s digital landscape.

Social Engineering 98

Social Engineering Engineering Phishing Penetration Testing 98

Security Affairs

SEPTEMBER 2, 2023

Identity services provider Okta warned customers of social engineering attacks carried out by threat actors to obtain elevated administrator permissions. Okta is warning customers of social engineering attacks carried out in recent weeks by threat actors to obtain elevated administrator permissions.

Social Engineering 144

Social Engineering Engineering Authentication Accountability 144

Digital Shadows

OCTOBER 25, 2024

During the investigation, we discovered a wider trend: a campaign of escalated social engineering tactics originally associated with the ransomware group “Black Basta.” Threat actors are using domains like the following for this QR-code phishing activity: qr-s1[.]com What Happened? com qr-s2[.]com com qr-s3[.]com com qr-s4[.]com

Social Engineering 128

Social Engineering Engineering Phishing Accountability 128

Krebs on Security

DECEMBER 29, 2024

Fittingly, Radaris now pimps OneRep as a service when consumers request that their personal information be removed from the data broker’s website. Look for a story here in early 2025 that will explore the internal operations of these ruthless and ephemeral voice phishing gangs.

Scams 241

Scams Cybercrime Cryptocurrency Social Engineering 241

Krebs on Security

OCTOBER 1, 2018

Most of us have been trained to be wary of clicking on links and attachments that arrive in emails unexpected, but it’s easy to forget scam artists are constantly dreaming up innovations that put a new shine on old-fashioned telephone-based phishing scams. “She said, ‘One moment while I access that information.'”

Scams 279

Scams Phishing Banking Mobile 279

eSecurity Planet

MARCH 14, 2025

A recent phishing campaign has raised alarms among cybersecurity professionals after it impersonated Booking.com to deliver a suite of credential-stealing malware. Heres what comes next: These emails lure victims with urgent requests, from resolving guest review issues to verifying account information.

Phishing 62

Phishing Malware Social Engineering Authentication 62

Security Affairs

OCTOBER 11, 2024

. “CyberAv3nger accounts also asked our models high-level questions about how to obfuscate malicious code, how to use various security tools often associated with post-compromise activity, and for information on both recently disclosed and older vulnerabilities from a range of products.” ” continues the report.

Malware 139

Malware Social Engineering Engineering Hacking 139

Security Affairs

NOVEMBER 15, 2024

Glove Stealer is a.NET-based information stealer that targets browser extensions and locally installed software to steal sensitive data. The malware could harvest a huge trove of data from infected systems, including cookies, autofill, cryptocurrency wallets, 2FA authenticators, password managers, and email client information.

Encryption 119

Encryption Password Management Cryptocurrency Social Engineering 119

Duo's Security Blog

MAY 28, 2025

The Duo difference: End-to-end phishing resistance For too long, defenders have focused solely on login protection with multi-factor authentication (MFA). Duos IAM solution rises to this challenge by now offering end-to-end phishing resistance as a core feature, delivered right out of the box. This creates a real identity crisis.

Social Engineering 126

Social Engineering Engineering Phishing Marketing 126

eSecurity Planet

MAY 28, 2025

Adam Mosseri, the head of Instagram, revealed that he nearly fell for a highly convincing phishing attack that appeared to come from Google. The scam, which combined a phone call and a cleverly disguised email, highlights just how advanced phishing methods are becoming, even fooling seasoned tech leaders.

Scams 72

Scams Phishing Passwords Media 72

Krebs on Security

NOVEMBER 21, 2020

In March, a voice phishing scam targeting GoDaddy support employees allowed attackers to assume control over at least a half-dozen domain names, including transaction brokering site escrow.com. “Our security team investigated and confirmed threat actor activity, including social engineering of a limited number of GoDaddy employees.

Cryptocurrency 364

Cryptocurrency Scams Social Engineering VPN 364

Security Affairs

NOVEMBER 21, 2024

Scattered Spider members are part of a broader cybercriminal community called “The Com,” where hackers brag about high-profile cyber thefts, typically initiated through social engineering tactics like phone, email, or SMS scams to gain access to corporate networks. ” reads the press release published by DoJ.

Cybercrime 113

Cybercrime Identity Theft Cryptocurrency Phishing 113

Security Affairs

DECEMBER 10, 2024

This social engineering scheme has been amplified by targeted phishing, smishing, and vishing activities, with a noticeable increase around the winter holidays. billion (equal to USD 326 million) between 2021 and 2023. The actors became more creative. Notably, some of them were registered between September and November 2024.

Social Engineering 114

Social Engineering Phishing Banking DNS 114

Malwarebytes

JUNE 18, 2025

They can profess their empty love to you across your social media apps. They can bombard your email inbox with phishing attempts, impersonate a family member through a phone call, and even trick you into visiting malicious versions of legitimate websites. They can text you fraudulent tracking links for packages you never bought.

Scams 101

Scams Social Engineering Media Engineering 101

The Last Watchdog

NOVEMBER 29, 2022

A new development in phishing is the “nag attack.” The fraudster commences the social engineering by irritating the targeted victim, and then follows up with an an offer to alleviate the annoyance. Nag attacks add to the litany of phishing techniques. Spear phishing. Related: Thwarting email attacks. Human nature.

Phishing 214

Phishing Social Engineering Scams Software 214

Krebs on Security

JANUARY 29, 2020

. “These conversations include minimal customer information and are used for frontline reps to escalate issues to managers,” said Lisa Belot , Sprint’s communications manager. Earlier this week, vice.com reported that hackers are phishing workers at major U.S.

Social Engineering 326

Social Engineering Telecommunications Data privacy Engineering 326

Krebs on Security

APRIL 6, 2022

LAPSUS$ typically threatens to release sensitive data unless paid a ransom, but with most victims the hackers ended up publishing any information they stole (mainly computer source code). “Someone was trying to phish employee credentials, and they were good at it,” Wired reported. “voice phishing” a.k.a.

Social Engineering 293

Social Engineering Phishing Accountability Engineering 293

Security Affairs

MARCH 24, 2025

The breach was detected in February , leading to notifications to the FBI, Virginia State Police, and the Virginia Information Technologies Agency. Chief Deputy AG Steven Popps called it a sophisticated attack. Investigations are ongoing to assess the impact and source of the attack. ” reads a report published by Halcyon.

Ransomware 106

Ransomware Hacking Social Engineering Manufacturing 106

SecureWorld News

JUNE 9, 2025

Additionally, a distributed workforce, ranging from remote maintenance technicians to cabin crews, multiplies entry points for social-engineering tactics like phishing. Aircraft themselves are nodes on data networks, constantly transmitting telemetry, engine performance metrics, and passenger connectivity data.

Cybersecurity 111

Cybersecurity Social Engineering Computers and Electronics Risk 111

eSecurity Planet

APRIL 21, 2025

A Russian state-linked hacking group is ramping up its cyberattacks against diplomatic targets across Europe, using a new stealthy malware tool known as GrapeLoader to deliver malicious payloads through cleverly disguised phishing emails. The phishing emails come with a tempting subject: wine tasting.

Scams 57

Scams Phishing Social Engineering Malware 57

Malwarebytes

MARCH 19, 2025

.” Whether it’s a so-called “subsidy program,” a “government grant,” or a “relief card,” these scams all share the same underlying goalto manipulate people into giving away their personal information, orworsetheir hard-earned cash. ” The goal? gov domains). gov domains).

Scams 93

Scams Government Identity Theft Phishing 93

Security Affairs

JUNE 4, 2024

Resecurity uncovered a cybercriminal group that is providing a sophisticated phishing kit, named V3B, to target banking customers in the EU. The kit is designed to intercept sensitive information, including banking credentials, credit card and personal information, and OTP/TAN codes.

Banking 132

Banking Phishing Social Engineering Authentication 132

Krebs on Security

AUGUST 30, 2022

A recent spate of SMS phishing attacks from one cybercriminal group has spawned a flurry of breach disclosures from affected companies, which are all struggling to combat the same lingering security threat: The ability of scammers to interact directly with employees through their mobile devices.

Mobile 342

Mobile Phishing Authentication Accountability 342