Krebs on Security

JULY 24, 2025

KrebsOnSecurity recently heard from a reader whose boss’s email account got phished and was used to trick one of the company’s customers into sending a large payment to scammers. A search at DomainTools found justyjohn50@yahoo.com has been registering one-off phishing domains since at least 2012.

Scams

Malwarebytes

APRIL 1, 2025

If the receiver were to scan the QR code, they would be sent to a phishing site. One of the pitfalls the IRS warns about is bad tax advice provided on social media, as submitting false information to the IRS could land you in serious trouble. The other big type of scams are phishing emails, like we saw above.

Scams

The Last Watchdog

MARCH 24, 2025

24, 2025, CyberNewswire — Arsen , a leading cybersecurity company specializing in social engineering defense, today announced the full release of Conversational Phishing, a groundbreaking feature embedded in its phishing simulation platform. To learn more about Conversational Phishing, users can visit [link].

Social Engineering

Security Affairs

NOVEMBER 23, 2024

Microsoft disrupted the ONNX phishing service, seizing 240 sites and naming an Egyptian man as the operator behind the operation. Microsoft announced the disruption of the ONNX phishing service, another success against cybercrime which led to the seizure of 240 sites. Microsoft has tracked Nady, linked to phishing services since 2017.

Phishing

Security Affairs

FEBRUARY 3, 2025

The Russian-speaking Crazy Evil group runs over 10 social media scams, tricking victims into installing StealC, AMOS, and Angel Drainer malware. Since 2021, the Crazy Evil gang has become a major cybercriminal group, using phishing, identity fraud, and malware to steal cryptocurrency. Victim losses range from $0.10

Scams

Malwarebytes

MARCH 26, 2025

A new phishing campaign that uses the fake CAPTCHA websites we reported about recently is targeting hotel staff in a likely attempt to access customer data, according to research from ThreatDown. Our free Digital Footprint scan searches the dark web, social media, and other online sources, to tell you where your data has been exposed.

Phishing

Krebs on Security

DECEMBER 18, 2024

GRAND THEFT AUTOMATED Just days after Griffin was robbed, a scammer impersonating Google managed to phish 45 bitcoins — approximately $4,725,000 at today’s value — from Tony , a 42-year-old professional from northern California. I put my seed phrase into a phishing site, and that was it.” My brain went haywire.

Cryptocurrency

The Last Watchdog

JUNE 13, 2025

3, 2025, CyberNewswire– Arsen , the cybersecurity startup known for defending organizations against social engineering threats, has announced the release of its new Vishing Simulation module, a cutting-edge tool designed to train employees against one of the fastest-growing attack vectors: voice phishing (vishing). Paris, Jun.

Phishing

Krebs on Security

FEBRUARY 28, 2025

Security experts say the Russia-based service provider Prospero OOO (the triple O is the Russian version of “LLC”) has long been a persistent source of malicious software, botnet controllers, and a torrent of phishing websites. And BEARHOST has been cultivating its reputation since at least 2019.

Malware

Krebs on Security

NOVEMBER 9, 2024

A review of EDR vendors across many cybercrime forums shows that some fake EDR vendors sell the ability to send phony police requests to specific social media platforms, including forged court-approved documents. “Unfortunately, a lot of this is phishing or malware campaigns,” Donahue said. dot-gov emails get hacked.

Hacking

Malwarebytes

AUGUST 7, 2025

A few weeks ago we warned our readers of a phishing campaign targeting Instagram users that didn’t resort to the usual links to phishing websites, but used mailto: links instead. The email addresses these messages will be sent to are the same as the ones we saw with the Instagram phish: prestige@vacasa[.]uk.com

Phishing

Security Affairs

DECEMBER 1, 2024

From generating deepfakes to enhancing phishing campaigns, GAI is evolving into a tool for large-scale cyber offenses GAI has captured the attention of researchers and investors for its transformative potential across industries. An example of this misuse is the creation of fraudulent social media profiles using GAI.

Artificial Intelligence

The Last Watchdog

OCTOBER 23, 2024

Cybersecurity training for small businesses is critical, and SMBs should invest in training programs to help employees recognize threats such as phishing attacks, ransomware, and other malicious activities. 2 – Keeping the files on 2 different media types to protect against different types of hazards.

Small Business

Malwarebytes

JUNE 19, 2025

Take the 184 million logins for social media accounts we reported about recently. But that doesn’t take away from the fact that these credentials are in the hands of cybercriminals who can use them for: Account takeovers : Cybercriminals can use stolen credentials to hijack social media, banking, or corporate accounts.

Identity Theft

Malwarebytes

MAY 1, 2025

Phishing In phishing scams, cybercriminals trick people and businesses into handing over sensitive information like credit card numbers or login details for vital online accounts. In phishing attacks, there never is a genuine problem with a users account, and there never is a real request for information from the company.

Small Business

eSecurity Planet

MAY 28, 2025

Adam Mosseri, the head of Instagram, revealed that he nearly fell for a highly convincing phishing attack that appeared to come from Google. The scam, which combined a phone call and a cleverly disguised email, highlights just how advanced phishing methods are becoming, even fooling seasoned tech leaders.

Scams

Graham Cluley

JUNE 5, 2025

ⓘ MailerLite warns of phishing campaign Graham Cluley @ 4:13 pm, June 5, 2025 @grahamcluley.com @ [email protected] The team at MailerLite have contacted their customers warning them about a phishing campaign that is trying to steal login details. Sync across unlimited devices. Integrated 2FA. Found this article interesting?

Phishing

Thales Cloud Protection & Licensing

JANUARY 31, 2025

Level Up Your Security: Embrace Passkeys and Phishing-Resistant 2FA andrew.gertz@t Fri, 01/31/2025 - 15:17 Celebrate Change Your Password Day and 2FA Day by embracing passkeys and phishing-resistant 2FA. of automated attacks and dramatically reduces the success of phishing attempts. Why Use Passkeys?

Phishing

Security Affairs

JUNE 11, 2025

Meanwhile, Hong Kong Police analyzed over 1,700 intel items from INTERPOL, uncovering 117 command-and-control servers used for phishing, fraud, and social media scams. In coordinated raids, Sri Lanka and Nauru authorities arrested 14 people and identified 40 victims. said Neal Jetton, INTERPOL’s Director of Cybercrime.

Cybercrime

Jane Frankland

JANUARY 19, 2025

In it, she highlighted a fascinating shift in social media behaviour: the most common action people are now taking isnt liking or commenting on public postsits actually having private conversations in direct messages or small, private groups. A few minutes earlier, Id been scrolling through LinkedIn when a video caught my attention.

Cybersecurity

IT Security Guru

APRIL 25, 2025

Phishing is a great example of this, with it evolving from simple email scams to more malicious and carefully thought-out attacks. As more people shift to online financial platforms or cryptocurrencies, digital wallets have become a common target for phishing scams.

Scams

Security Affairs

MAY 1, 2025

Hive0117 targets Russian firms in multiple sectors with phishing attacks using a modified version of the DarkWatchman malware. A cybercrime group named Hive0117 is behind a fresh phishing campaign that targeted Russian organizations with a new version of the DarkWatchman malware, according to Russian cybersecurity firm F6.

Malware

Malwarebytes

JULY 16, 2025

At Malwarebytes, we’ve seen emails pretending to be from Amazon that tried to drive customers to fake websites like amazons.digital, a site we block for phishing. Install web protection that can warn you of phishing sites, card skimmers, and other nasties that could lead to your data being taken.

Scams

Malwarebytes

DECEMBER 5, 2024

The FBI official added: “People looking to further protect their mobile device communications would benefit from considering using a cellphone that automatically receives timely operating system updates, responsibly managed encryption and phishing resistant multi-factor authentication for email, social media, and collaboration tool accounts.”

Encryption

Hacker's King

DECEMBER 16, 2024

Phishing and Social Engineering : Phishing remains a popular attack method, leveraging emails, fake websites, and social media to deceive users into providing sensitive information. Cybercriminals are also increasingly using social media to gather intelligence, exploit personal information, and initiate attacks.

Cyber Attacks

Security Affairs

NOVEMBER 7, 2024

The initial attack vector is a phishing email containing a link to a malicious application disguised as a link to a PDF document relating to a cryptocurrency topic such as “Hidden Risk Behind New Surge of Bitcoin Price”, “Altcoin Season 2.0-The The attackers exploit a unique, novel persistence method via the zshenv configuration file.

Malware

eSecurity Planet

JULY 16, 2025

Welcome to the deepfake era, where synthetic media is not just plausible — it’s prolific. From AI-generated phishing calls to deepfakes of biometric footage, these technologies are now part of the modern threat landscape. You can even generate a “live” Zoom call with someone who isn’t real… and no one would know the difference.

Scams

Malwarebytes

JUNE 18, 2025

They can profess their empty love to you across your social media apps. They can bombard your email inbox with phishing attempts, impersonate a family member through a phone call, and even trick you into visiting malicious versions of legitimate websites. Scammers love your smartphone.

Scams

eSecurity Planet

MAY 11, 2025

At the center of this disturbing new trend is a previously unknown infostealer called Noodlophile Stealer, now being secretly distributed through fraudulent websites promoted on social media. Be cautious of too-good-to-be-true AI offers on social media. How to stay safe Avoid downloading executables from unknown AI tool websites.

Malware

SecureWorld News

FEBRUARY 14, 2025

And 2025 will be no different, as increasingly sophisticated online hackers seek to take advantage of Valentine's themed email traffic, social media advertisements, or marketing campaigns, and exploit heightened emotions and a desire to connect. Last year saw a 110% rise in cybercrime in the lead up to Valentine's Day.

Scams

SecureWorld News

APRIL 22, 2025

Attack methodology: a step-by-step breakdown The Elusive Comet campaign begins with cybercriminals impersonating venture capitalists, media representatives, or business partners to lure cryptocurrency professionals into Zoom meetings. Victims are sent unsolicited invitations to join Zoom calls, often via links in phishing emails or messages.

Cryptocurrency

Malwarebytes

NOVEMBER 4, 2024

Later, a security researcher disclosed information about the content of the stolen data with the media. Some forms of two-factor authentication (2FA) can be phished just as easily as a password. 2FA that relies on a FIDO2 device can’t be phished. Watch out for fake vendors. The thieves may contact you posing as the vendor.

Data breaches

SecureWorld News

DECEMBER 19, 2024

Phishing has been striking dread into the hearts of IT security teams all over the world almost since email came into use, with the term first appearing in 1995. Since then, phishing attacks have increased, become more widespread and frequent, and developed more sophisticated methods. However, there are no shortcuts.

Phishing

Webroot

MAY 5, 2025

Phishing attacks are a significant threat to consumers, with cybercriminals constantly evolving their tactics to deceive unsuspecting individuals. The integration of artificial intelligence (AI) into phishing schemes has made these attacks even more sophisticated and challenging to detect. How AI enhances phishing attacks 1.

Phishing

Thales Cloud Protection & Licensing

OCTOBER 30, 2024

From AI-generated phishing attacks to badly behaved bots, these digital ghouls are more than just scary stories—they're real threats to your business and personal security. Just recently, Taylor Swift took to social media to address the AI-generated “her” circulating online. Bad Bots, Whatcha Gonna Do?

Phishing

Security Affairs

FEBRUARY 2, 2025

The HeartSender group has sold phishing tools to criminals since 2020, causing over $3 million in U.S. The Saim Raza group run multiple marketplaces that advertised and facilitated the sale of hacking and fraud tools, including malware, phishing kits and email extractors.

Cybercrime

The Hacker News

MAY 12, 2025

Instead of relying on traditional phishing or cracked software sites, they build convincing AI-themed platforms often advertised via legitimate-looking Facebook groups and viral social media campaigns,"

Artificial Intelligence