Phishing - Cyber Security Informer

Search:

DAY

WEEK

MONTH

YEAR

Sep 16 - Sep 22

Sep 09 - Sep 15

Sep 02 - Sep 08

Aug 26 - Sep 01

MORE

MORE

MORE

MORE

Select your country:
Sign up | Log in

Phishing

article thumbnail

Why is.US Being Used to Phish So Many of Us?

Krebs on Security

SEPTEMBER 1, 2023

Domain names ending in “ US ” — the top-level domain for the United States — are among the most prevalent in phishing scams, new research shows. government, which is frequently the target of phishing domains ending in.US. US phishing domains.US This is noteworthy because.US is overseen by the U.S.

Phishing Telecommunications DDOS DNS

article thumbnail

Phishing Domains Tanked After Meta Sued Freenom

Krebs on Security

MAY 26, 2023

The number of phishing websites tied to domain name registrar Freenom dropped precipitously in the months surrounding a recent lawsuit from social networking giant Meta , which alleged the free domain name provider has a long history of ignoring abuse complaints about phishing websites while monetizing traffic to those abusive domains.

Phishing Malware

Join 29,000+

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Trending Sources

article thumbnail

68k Phishing Victims are Now Searchable in Have I Been Pwned, Courtesy of CERT Poland

Troy Hunt

AUGUST 30, 2023

They'd observed a phishing campaign that had collected 68k credentials from unsuspecting victims and asked if HIBP may be used to help alert these individuals to their exposure. Last week I was contacted by CERT Poland. Data accumulated by the malicious activity spanned from October 2022 until just last week.

Phishing Passwords Password Management Authentication

article thumbnail

Defeating Phishing-Resistant Multifactor Authentication

Schneier on Security

NOVEMBER 9, 2022

CISA is now pushing phishing-resistant multifactor authentication. Roger Grimes has an excellent post reminding everyone that “phishing-resistant” is not “phishing proof,” and that everyone needs to stop pretending otherwise. His list of different attacks is particularly useful.

Phishing Authentication

article thumbnail

Teach a Man to Phish and He’s Set for Life

Krebs on Security

AUGUST 4, 2023

One frustrating aspect of email phishing is the frequency with which scammers fall back on tried-and-true methods that really have no business working these days. The file included in this phishing scam uses what’s known as a “right-to-left override” or RLO character.

Phishing Scams Computers and Electronics Software

article thumbnail

QR codes in email phishing

SecureList

SEPTEMBER 27, 2023

Unlike phishing links that are easy to check and block, QR code is a headache for security solutions. Malevolent uses of QR codes in email Fraudsters use QR codes to encode links to phishing and scam pages. Use of IPFS in QR phishing Statistics From June through August 2023, we detected 8,878 phishing emails containing QR codes.

Phishing Passwords Scams Accountability

article thumbnail

Karma Catches Up to Global Phishing Service 16Shop

Krebs on Security

AUGUST 17, 2023

You’ve probably never heard of “ 16Shop ,” but there’s a good chance someone using it has tried to phish you. A 16Shop phishing page spoofing Apple and targeting Japanese users. Image: Akamai.com. The INTERPOL statement says the platform sold hacking tools to compromise more than 70,000 users in 43 countries.

Phishing Passwords Hacking Malware

article thumbnail

UPS Data Harvested for SMS Phishing Attacks

Schneier on Security

JUNE 23, 2023

I get UPS phishing spam on my phone all the time. Turns out that hackers have been harvesting actual UPS delivery data from a Canadian tracking tool for its phishing SMSs. I never click on it, because it’s so obviously spam.

Phishing Cybercrime

article thumbnail

Man-in-the-Middle Phishing Attack

Schneier on Security

AUGUST 25, 2022

Here’s a phishing campaign that uses a man-in-the-middle attack to defeat multi-factor authentication: Microsoft observed a campaign that inserted an attacker-controlled proxy site between the account users and the work server they attempted to log into.

Phishing Authentication Passwords Accountability

article thumbnail

LLMs and Phishing

Schneier on Security

APRIL 10, 2023

Here’s an experiment being run by undergraduate computer science students everywhere: Ask ChatGPT to generate phishing emails, and test whether these are better at persuading victims to respond or click on the link than the usual spam.

Phishing Scams Surveillance Cryptocurrency

article thumbnail

PayPal Phishing Scam Uses Invoices Sent Via PayPal

Krebs on Security

AUGUST 18, 2022

” A copy of the phishing message included in the PayPal.com invoice. While the phishing message attached to the invoice is somewhat awkwardly worded, there are many convincing aspects of this hybrid scam. Details of this scam were shared Wednesday with PayPal’s anti-abuse (phish@paypal.com) and media relations teams.

Scams

Scams Phishing Accountability Software

article thumbnail

AI vs AI: Next front in phishing wars

Tech Republic Security

JUNE 16, 2023

Threat intelligence firm Abnormal Software is seeing cybercriminals using generative AI to go phishing; the same technology is part of the defense. The post AI vs AI: Next front in phishing wars appeared first on TechRepublic.

Phishing Software Technology Artificial Intelligence

article thumbnail

APT34 Deploys Phishing Attack With New Malware

Trend Micro

SEPTEMBER 28, 2023

We observed and tracked the advanced persistent threat (APT) APT34 group with a new malware variant accompanying a phishing attack comparatively similar to the SideTwist backdoor malware. Following the campaign, the group abused a fake license registration form of an African government agency to target a victim in Saudi Arabia.

Phishing Malware Government Cyber threats

article thumbnail

Using AI to Scale Spear Phishing

Schneier on Security

AUGUST 13, 2021

The problem with spear phishing it that it takes time and creativity to create individualized enticing phishing emails. The real risk isn’t that AI-generated phishing emails are as good as human-generated ones, it’s that they can be generated at much greater scale. Defcon presentation and slides.

Phishing Risk Artificial Intelligence Social Engineering

article thumbnail

Phishing Sites Targeting Scammers and Thieves

Krebs on Security

AUGUST 9, 2021

The payment message displayed by the carding site phishing domain BriansClub[.]com. However, upon registering at the phishing site and clicking to fund my account, I was presented with the exact same Bitcoin address that Mitch said he paid. Shortly after it came online as a phishing site last year, BriansClub[.]com com, vclub[.]cards,

Phishing Cybercrime Hacking Accountability

article thumbnail

‘Tis the Season for the Wayward Package Phish

Krebs on Security

NOVEMBER 4, 2021

Here’s a look at a fairly elaborate SMS-based phishing scam that spoofs FedEx in a bid to extract personal and financial information from unwary recipients. One of dozens of FedEx-themed phishing sites currently being advertised via SMS spam. ” Attempting to visit the domain in the phishing link — o001cfedeex[.]com

Phishing Scams DNS Passwords

article thumbnail

New phishing and business email compromise campaigns increase in complexity, bypass MFA

Tech Republic Security

JUNE 13, 2023

Read the technical details about a new AiTM phishing attack combined with a BEC campaign as revealed by Microsoft, and learn how to mitigate this threat. The post New phishing and business email compromise campaigns increase in complexity, bypass MFA appeared first on TechRepublic.

Phishing Network Security

article thumbnail

Revisiting 16shop Phishing Kit, Trend-Interpol Partnership

Trend Micro

AUGUST 31, 2023

In this entry, we summarize the security analyses and investigations done on phishing-as-a-service 16shop through the years. We also outline the partnership between Trend Micro and Interpol in taking down the main administrators and servers of this massive phishing campaign.

Phishing Cyber threats Malware

article thumbnail

A Guide to Phishing Attacks

Schneier on Security

JANUARY 27, 2023

This is a good list of modern phishing techniques.

Phishing

article thumbnail

Abnormal Security: Microsoft Tops List of Most-Impersonated Brands in Phishing Exploits

Tech Republic Security

AUGUST 29, 2023

A new study from Abnormal found that 4.31% of phishing attacks mimicked Microsoft, far ahead of second most-spoofed brand PayPal.

Phishing Artificial Intelligence Social Engineering Cybersecurity

article thumbnail

The Telegram phishing market

SecureList

APRIL 5, 2023

They have become adept at using Telegram both for automating their activities and for providing various services — from selling phishing kits to helping with setting up custom phishing campaigns — to all willing to pay. ” Links to the channels are spread via YouTube, GitHub and phishing kits they make.

Phishing Scams Marketing Passwords

article thumbnail

Massive adversary-in-the-middle phishing campaign bypasses MFA and mimics Microsoft Office

Tech Republic Security

MARCH 23, 2023

Microsoft has already seen millions of phishing emails sent every day by attackers using this phishing kit. The post Massive adversary-in-the-middle phishing campaign bypasses MFA and mimics Microsoft Office appeared first on TechRepublic. Learn how to protect your business from this AitM campaign.

Phishing Authentication Cybersecurity

article thumbnail

Major US Energy Company Hit by QR Code Phishing Campaign

Tech Republic Security

AUGUST 24, 2023

This QR code phishing campaign is targeting multiple industries and using legitimate services such as Microsoft Bing to increase its efficiency and bypass security.

Phishing Cybersecurity

article thumbnail

Microsoft Teams Phishing Attacks: Ransomware Group Shifts Tactics

Heimadal Security

SEPTEMBER 13, 2023

Storm-0324 recently moved from deploying ransomware to breaching corporate networks through Microsoft Teams phishing attacks. More about the Teams Phishing Attacks Microsoft stated […] The post Microsoft Teams Phishing Attacks: Ransomware Group Shifts Tactics appeared first on Heimdal Security Blog.

Phishing Ransomware Cybersecurity

article thumbnail

Microsoft Teams phishing attack pushes DarkGate malware

Bleeping Computer

SEPTEMBER 9, 2023

A new phishing campaign is abusing Microsoft Teams messages to send malicious attachments that install the DarkGate Loader malware. [.]

Phishing Malware

article thumbnail

Humans are still better at creating phishing emails than AI — for now

Tech Republic Security

MARCH 15, 2023

AI-generated phishing emails, including ones created by ChatGPT, present a potential new threat for security professionals, says Hoxhunt. The post Humans are still better at creating phishing emails than AI — for now appeared first on TechRepublic.

Phishing Artificial Intelligence Cybersecurity

article thumbnail

LockBit Green and phishing that targets organizations

SecureList

JUNE 22, 2023

For this post, we selected three private reports, namely those related to LockBit and phishing campaigns targeting businesses, and prepared excerpts from these. Phishing and a kit Recently we stumbled upon a Business Email Compromise (BEC) case, active since at least Q3 2022.

Phishing Ransomware Encryption Cybercrime

article thumbnail

How to Stop Phishing Attacks with Protective DNS

Security Boulevard

OCTOBER 2, 2023

Phishing Threats Are Increasing in Scale and Sophistication Phishing remains one of the most dangerous and widespread cybersecurity threats. Phishing is now the most common initial attack vector, overtaking stolen or compromised credentials. Phishing attacks are becoming more difficult to detect. billion USD globally.

DNS

DNS Phishing Cyber threats Social Engineering

article thumbnail

How to Identify and Avoid Holiday Phishing Scams

Identity IQ

AUGUST 31, 2023

How to Identify and Avoid Holiday Phishing Scams IdentityIQ The holiday season brings joy, celebrations, and… a surge in online scams. Holiday phishing scams are an ongoing issue that ramps up when folks are feeling the most festive. What Is a Phishing Scam? How Does Phishing Work? What Are the Types of Phishing Attacks?

Phishing Scams Identity Theft Antivirus

article thumbnail

Google Looker Studio abused in cryptocurrency phishing attacks

Bleeping Computer

SEPTEMBER 7, 2023

Cybercriminals are abusing Google Looker Studio to create counterfeit cryptocurrency phishing websites that phish digital asset holders, leading to account takeovers and financial losses. [.]

Phishing Cryptocurrency Accountability

article thumbnail

More phishing campaigns are using IPFS network protocol

Tech Republic Security

APRIL 7, 2023

Learn how IPFS is used in phishing attacks and why it’s especially tricky to remove the impacted pages, as well as how to protect from this security threat. The post More phishing campaigns are using IPFS network protocol appeared first on TechRepublic.

Phishing Cybercrime Cybersecurity

article thumbnail

Akamai’s new study: Bots, phishing and server attacks making commerce a cybersecurity hotspot

Tech Republic Security

JUNE 16, 2023

The study shows attackers are using more bots and doing more sophisticated phishing exploits and server attacks, especially targeting retail. The post Akamai’s new study: Bots, phishing and server attacks making commerce a cybersecurity hotspot appeared first on TechRepublic.

Phishing Cybersecurity Retail Network Security

article thumbnail

2023 Phishing Report Reveals 47.2% Surge in Phishing Attacks Last Year

Security Boulevard

APRIL 18, 2023

Phishing attacks continue to be one of the most significant threats facing organizations today. As businesses increasingly rely on digital communication channels, cybercriminals exploit vulnerabilities in email, SMS, and voice communications to launch sophisticated phishing attacks.

Phishing Data breaches Scams Social Engineering

article thumbnail

What does ChatGPT know about phishing?

SecureList

MAY 1, 2023

Can ChatGPT detect phishing links? We work on applying machine learning technologies to cybersecurity tasks, specifically models that analyze websites to detect threats such as phishing. live/login.php Yes, it is likely a phishing attempt. Is it phishing? Please explain why.

Phishing Cybersecurity DNS Internet

article thumbnail

New AtlasCross hackers use American Red Cross as phishing lure

Bleeping Computer

SEPTEMBER 26, 2023

A new APT hacking group named 'AtlasCross' targets organizations with phishing lures impersonating the American Red Cross to deliver backdoor malware. [.]

Phishing Malware Hacking

article thumbnail

How phishing attacks are exploiting Amazon Web Services

Tech Republic Security

AUGUST 18, 2022

By using a legitimate service like AWS to create phishing pages, attackers can bypass traditional security scanners, says Avanan. The post How phishing attacks are exploiting Amazon Web Services appeared first on TechRepublic.

Phishing Cybersecurity

article thumbnail

When ChatGPT Goes Phishing

Security Boulevard

MAY 18, 2023

Experts are worried that ChatGPT’s ability to source recent data about an organization could make social engineering and phishing attacks more effective than ever. The post When ChatGPT Goes Phishing appeared first on Security Boulevard.

Phishing Social Engineering Engineering Technology

article thumbnail

Axiad and Okta Partner to Revolutionize Authentication with Phishing Resistant MFA

Security Boulevard

SEPTEMBER 25, 2023

The post Axiad and Okta Partner to Revolutionize Authentication with Phishing Resistant MFA appeared first on Axiad. The post Axiad and Okta Partner to Revolutionize Authentication with Phishing Resistant MFA appeared first on Security Boulevard. Passwords present several pain points, both from a security and usability standpoint.

Phishing Authentication Passwords

article thumbnail

Ukrainian Military Targeted in Phishing Campaign Leveraging Drone Manuals

The Hacker News

SEPTEMBER 25, 2023

Ukrainian military entities are the target of a phishing campaign that leverages drone manuals as lures to deliver a Go-based open-source post-exploitation toolkit called Merlin.

Phishing Malware

article thumbnail

Ransomware access broker steals accounts via Microsoft Teams phishing

Bleeping Computer

SEPTEMBER 12, 2023

Microsoft says an initial access broker known for working with ransomware groups has recently switched to Microsoft Teams phishing attacks to breach corporate networks. [.]

Phishing Ransomware Accountability

article thumbnail

Sophisticated Phishing Campaign Deploying Agent Tesla, OriginBotnet, and RedLine Clipper

The Hacker News

SEPTEMBER 12, 2023

A sophisticated phishing campaign is using a Microsoft Word document lure to distribute a trifecta of threats, namely Agent Tesla, OriginBotnet, and RedLine Clipper, to gather a wide range of information from compromised Windows machines. "A

Phishing

article thumbnail

Watch out, this LastPass email with "Important information about your account" is a phish

Malwarebytes

SEPTEMBER 13, 2023

The consequences of last year's LastPass breach continue to be felt, with the latest insult to users coming in the form of a highly convincing phishing email. Armed with this data, attackers can send targeted phishing emails that attempt to steal the passwords needed to unlock the stolen password vaults. Use a password manager.

Phishing Accountability Passwords Password Management

article thumbnail

Red Cross-Themed Phishing Attacks Distributing DangerAds and AtlasAgent Backdoors

The Hacker News

SEPTEMBER 27, 2023

A new threat actor known as AtlasCross has been observed leveraging Red Cross-themed phishing lures to deliver two previously undocumented backdoors named DangerAds and AtlasAgent.

Phishing

article thumbnail

Investigators uncover crypto scammers baiting ‘phish’ hooks on YouTube

Tech Republic Security

FEBRUARY 15, 2023

The post Investigators uncover crypto scammers baiting ‘phish’ hooks on YouTube appeared first on TechRepublic. A report reveals a new network of malefactors in the lucrative crypto fraud market using videos, channels and web apps.

Phishing Marketing Cryptocurrency