Phishing - Cyber Security Informer

AI Will Increase the Quantity—and Quality—of Phishing Scams

Schneier on Security

JUNE 3, 2024

Recent research showed that 60% of participants fell victim to artificial intelligence (AI)-automated phishing, which is comparable to the success rates of non-AI-phishing messages created by human experts. Here’s the full text.

Phishing

Phishing Artificial Intelligence Scams

Spear Phishing vs Phishing: What Are The Main Differences?

Tech Republic Security

FEBRUARY 6, 2024

There are a few differences between spear phishing and phishing that can help you identify and protect your organization from threats. Learn about these differences.

Phishing

Phishing Antivirus VPN Software

When spear phishing met mass phishing

SecureList

JULY 11, 2024

Introduction Bulk phishing email campaigns tend to target large audiences. Yet, certain elements of spear phishing recently started to be used in regular mass phishing campaigns. Spear phishing vs. mass phishing Spear phishing is a type of attack that targets a specific individual or small group.

Phishing

Phishing Technology DNS Education

Defeating Phishing-Resistant Multifactor Authentication

Schneier on Security

NOVEMBER 9, 2022

CISA is now pushing phishing-resistant multifactor authentication. Roger Grimes has an excellent post reminding everyone that “phishing-resistant” is not “phishing proof,” and that everyone needs to stop pretending otherwise. His list of different attacks is particularly useful.

Authentication

Authentication Phishing

5 Key Findings From the 2023 FBI Internet Crime Report

The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI).

Identity Theft

Fake Lawsuit Threat Exposes Privnote Phishing Sites

Krebs on Security

APRIL 4, 2024

The disclosure revealed a profitable network of phishing sites that behave and look like the real Privnote, except that any messages containing cryptocurrency addresses will be automatically altered to include a different payment address controlled by the scammers. A screenshot of the phishing domain privatemessage dot net.

Phishing

Phishing Cryptocurrency DDOS Internet

10 Million Users Compromised in Z-Library Phishing Site Hack

Penetration Testing

JULY 26, 2024

On the popular pirate e-book site Z-Library, or rather its phishing clone Z-lib, created in late 2022, there was a recent data breach affecting nearly 10 million users. On June 27, 2024, the Cybernews... The post 10 Million Users Compromised in Z-Library Phishing Site Hack appeared first on Cybersecurity News.

Phishing

Phishing Hacking Data breaches Cybersecurity

Man-in-the-Middle Phishing Attack

Schneier on Security

AUGUST 25, 2022

Here’s a phishing campaign that uses a man-in-the-middle attack to defeat multi-factor authentication: Microsoft observed a campaign that inserted an attacker-controlled proxy site between the account users and the work server they attempted to log into.

Phishing

Phishing Authentication Passwords Accountability

Phishing Domains Tanked After Meta Sued Freenom

Krebs on Security

MAY 26, 2023

The number of phishing websites tied to domain name registrar Freenom dropped precipitously in the months surrounding a recent lawsuit from social networking giant Meta , which alleged the free domain name provider has a long history of ignoring abuse complaints about phishing websites while monetizing traffic to those abusive domains.

Phishing

Phishing Malware

‘The Manipulaters’ Improve Phishing, Still Fail at Opsec

Krebs on Security

APRIL 3, 2024

Roughly nine years ago, KrebsOnSecurity profiled a Pakistan-based cybercrime group called “ The Manipulaters ,” a sprawling web hosting network of phishing and spam delivery platforms. Manipulaters advertisement for “Office 365 Private Page with Antibot” phishing kit sold on the domain heartsender,com.

Phishing

Phishing Cybercrime Malware Advertising

UPS Data Harvested for SMS Phishing Attacks

Schneier on Security

JUNE 23, 2023

I get UPS phishing spam on my phone all the time. Turns out that hackers have been harvesting actual UPS delivery data from a Canadian tracking tool for its phishing SMSs. I never click on it, because it’s so obviously spam.

Phishing

Phishing Cybercrime

FLUXROOT: Phishing Hackers Exploit Serverless Google Cloud

Penetration Testing

JULY 25, 2024

A financially motivated hacker group, codenamed FLUXROOT, has been identified in Latin America, utilizing serverless Google Cloud projects to orchestrate phishing attacks.

Phishing

Phishing Cybersecurity Malware

IRONSCALES Applies Generative AI to Phishing Simulation

Security Boulevard

JUNE 19, 2024

IRONSCALES has made generally available a phishing simulation tool that makes use of generative artificial intelligence (AI) to enable cybersecurity teams to create as many as 2,000 simulations of a spear phishing attack in less than an hour.

Phishing

Phishing Artificial Intelligence Cybersecurity Security Awareness

Phishing Threat Actor Leverages AI to Target Multiple Crypto Brands

Security Boulevard

JULY 18, 2024

A crypto phishing campaign has been identified in which a threat actor employs AI-generated content to create 17,000 phishing lure sites impersonating more than 30 major cryptocurrency brands, including Coinbase, Crypto.com, Metamask and Trezor.

Phishing

Phishing Cryptocurrency Social Engineering Engineering

Four Automated Anti-Phishing Techniques

Security Boulevard

JULY 23, 2024

The post Four Automated Anti-Phishing Techniques appeared first on AI-enhanced Security Automation. The post Four Automated Anti-Phishing Techniques appeared first on Security Boulevard.

Phishing

CrowdStrike Warns of New Phishing Scam Targeting German Customers

The Hacker News

JULY 25, 2024

The cybersecurity company said it identified what it described as an unattributed spear-phishing attempt on July 24, 2024, distributing an inauthentic CrowdStrike Crash Reporter

Phishing

Phishing Scams Cybersecurity

A Guide to Phishing Attacks

Schneier on Security

JANUARY 27, 2023

This is a good list of modern phishing techniques.

Phishing

AI vs AI: Next front in phishing wars

Tech Republic Security

JUNE 16, 2023

Threat intelligence firm Abnormal Software is seeing cybercriminals using generative AI to go phishing; the same technology is part of the defense. The post AI vs AI: Next front in phishing wars appeared first on TechRepublic.

Phishing

Phishing Technology Software Artificial Intelligence

Void Banshee Group Used ‘Windows Relic’ IE in Phishing Campaign

Security Boulevard

JULY 17, 2024

The post Void Banshee Group Used ‘Windows Relic’ IE in Phishing Campaign appeared first on Security Boulevard. The APT group Void Banshee exploited a now-patched Windows security flaw and the retired Internet Explorer browser to distributed the Atlantida malware to steal system information and sensitive data from victims.

Phishing

Phishing Internet Internet Malware

Router maker's support portal responds with MetaMask phishing

Bleeping Computer

JULY 1, 2024

BleepingComputer has verified that the helpdesk portal of a router manufacturer is currently sending MetaMask phishing emails in response to newly filed support tickets, in what appears to be a compromise. [.]

Phishing

Phishing Manufacturing

New FishXProxy Phishing Kit Lowers Barriers for Cybercriminals

Security Boulevard

JULY 11, 2024

This is the deceptive power of new FishXProxy Phishing Kit, a new phishing toolkit emerging from the cybercrime underground. The post New FishXProxy Phishing Kit Lowers Barriers for Cybercriminals appeared first on Security Boulevard.

Phishing

Phishing Cybercrime

Recognizing and Reporting Phishing

Duo's Security Blog

OCTOBER 18, 2023

Once delivered, a phish typically wants to invoke emotion and prey on our natural desires to act and help fix a problem, such as “you have to do X, or else X will happen”. Phishing requires you to act with a specific set of instructions Don’t engage and trust nothing. Look beyond the email sender and website URLs used.

Phishing

Phishing Security Awareness Software Media

This AI-Powered Cybercrime Service Bundles Phishing Kits with Malicious Android Apps

The Hacker News

JULY 26, 2024

A Spanish-speaking cybercrime group named GXC Team has been observed bundling phishing kits with malicious Android applications, taking malware-as-a-service (MaaS) offerings to the next level.

Cybercrime

Cybercrime Phishing Malware Cybersecurity

TransparentTribe’s Spear-Phishing Targeting Indian Government Departments

Security Boulevard

JULY 23, 2024

Overview Leveraging our global threat hunting system, NSFOCUS Security Research Labs discovered spear-phishing email attacks by the APT group TransparentTribe targeting Indian government departments on February 2, 2024. The post TransparentTribe’s Spear-Phishing Targeting Indian Government Departments appeared first on Security Boulevard.

Government

Government Phishing Cyber Attacks

A “Meta” Facebook Phish

Security Boulevard

JULY 10, 2024

Found in Environments Protected By: Microsoft By Andrew Mann, Cofense Phishing Defense Center Everyone today has some form of social media, whether it is Instagram, X, YouTube or Facebook. The post A “Meta” Facebook Phish appeared first on Security Boulevard. The post A “Meta” Facebook Phish appeared first on Security Boulevard.

Phishing

Phishing Media

New Phishing Technique Exploits Progressive Web Apps for Credible Attacks

Penetration Testing

JUNE 13, 2024

A new phishing technique exploiting Progressive Web Apps (PWAs) has been brought to light by cybersecurity researcher Mr.d0x, highlighting a potential vulnerability in this increasingly popular web technology.

Phishing

Phishing Technology Cybersecurity

PINEAPPLE and FLUXROOT Hacker Groups Abuse Google Cloud for Credential Phishing

The Hacker News

JULY 22, 2024

A Latin America (LATAM)-based financially motivated actor codenamed FLUXROOT has been observed leveraging Google Cloud serverless projects to orchestrate credential phishing activity, highlighting the abuse of the cloud computing model for malicious purposes.

Phishing

Phishing Architecture

Generative AI Can Write Phishing Emails, But Humans Are Better At It, IBM X-Force Finds

Tech Republic Security

OCTOBER 24, 2023

Hacker Stephanie "Snow" Carruthers and her team found phishing emails written by security researchers saw a 3% better click rate than phishing emails written by ChatGPT.

Phishing

Phishing Artificial Intelligence

New phishing and business email compromise campaigns increase in complexity, bypass MFA

Tech Republic Security

JUNE 13, 2023

Read the technical details about a new AiTM phishing attack combined with a BEC campaign as revealed by Microsoft, and learn how to mitigate this threat. The post New phishing and business email compromise campaigns increase in complexity, bypass MFA appeared first on TechRepublic.

Phishing

Phishing Network Security

TA547 Phishing Attack: German Companies Hit With Infostealer

Security Boulevard

APRIL 22, 2024

Researchers at Proofpoint have found out that the TA547 phishing attack campaigns have been targeting different German companies. The TA547 phishing […] The post TA547 Phishing Attack: German Companies Hit With Infostealer appeared first on TuxCare. This information is then used by several cybercriminal threat actors.

Phishing

Phishing Cybersecurity

New Tricks in the Phishing Playbook: Cloudflare Workers, HTML Smuggling, GenAI

The Hacker News

MAY 27, 2024

Cybersecurity researchers are alerting of phishing campaigns that abuse Cloudflare Workers to serve phishing sites that are used to harvest users' credentials associated with Microsoft, Gmail, Yahoo!, and cPanel Webmail.

Phishing

Phishing Cybersecurity

New EvilProxy Phishing Attack Uses Indeed.com Redirector to Target US Executives

Tech Republic Security

OCTOBER 6, 2023

Microsoft, the Dark Web and the name John Malkovich all factor into this EvilProxy phishing attack. The good news is there are steps IT can take to mitigate this security threat.

Phishing

Phishing Cybersecurity

Phishing emails abuse Windows search protocol to push malicious scripts

Bleeping Computer

JUNE 12, 2024

A new phishing campaign uses HTML attachments that abuse the Windows search protocol (search-ms URI) to push batch files hosted on remote servers that deliver malware. [.]

Phishing

Phishing Malware

The Telegram phishing market

SecureList

APRIL 5, 2023

They have become adept at using Telegram both for automating their activities and for providing various services — from selling phishing kits to helping with setting up custom phishing campaigns — to all willing to pay. ” Links to the channels are spread via YouTube, GitHub and phishing kits they make.

Phishing

Phishing Marketing Scams Accountability

How to Prevent Phishing Attacks with Multi-Factor Authentication

Tech Republic Security

JANUARY 25, 2024

Learn how to protect yourself and your sensitive information from phishing attacks by implementing multi-factor authentication.

Authentication

Authentication Phishing

Massive adversary-in-the-middle phishing campaign bypasses MFA and mimics Microsoft Office

Tech Republic Security

MARCH 23, 2023

Microsoft has already seen millions of phishing emails sent every day by attackers using this phishing kit. The post Massive adversary-in-the-middle phishing campaign bypasses MFA and mimics Microsoft Office appeared first on TechRepublic. Learn how to protect your business from this AitM campaign.

Phishing

Phishing Authentication Cybersecurity

How to recognize AI-generated phishing mails

Malwarebytes

DECEMBER 26, 2023

Phishing is the art of sending an email with the aim of getting users to open a malicious file or click on a link to then steal credentials. But most phishers aren’t very good, and the success rate is relatively low: In 2021, the average click rate for a phishing campaign was 17.8%. So how do you recognize AI phishing emails?

Phishing

Phishing Software Risk Cybersecurity

Phishing Threats Rise as Malicious Actors Target Messaging Platforms

Security Boulevard

MARCH 13, 2024

As messaging apps like Telegram gain popularity, cybercriminals are increasingly finding they are an attractive vector for phishing attacks. The post Phishing Threats Rise as Malicious Actors Target Messaging Platforms appeared first on Security Boulevard.

Phishing

Phishing Social Engineering Engineering Mobile

New phishing toolkit uses PWAs to steal login credentials

Bleeping Computer

JUNE 12, 2024

A new phishing kit has been released that allows red teamers and cybercriminals to create progressive web Apps (PWAs) that display convincing corporate login forms to steal credentials. [.]

Phishing

Report: The Dark Side of Phishing Protection

The Hacker News

MAY 27, 2024

The transition to the cloud, poor password hygiene and the evolution in webpage technologies have all enabled the rise in phishing attacks. But despite sincere efforts by security stakeholders to mitigate them - through email protection, firewall rules and employee education - phishing attacks are still a very risky attack vector.

Phishing

Phishing Firewall Education Passwords

'Darcula' Phishing Service Unleashes Sophisticated Smishing Attacks

SecureWorld News

APRIL 1, 2024

A new Phishing-as-a-Service (PhaaS) threat called "darcula" is taking advantage of encrypted mobile messaging services to unleash a wave of sophisticated smishing attacks targeting organizations across more than 100 countries. Mobile devices tend to have weaker security compared to desktop systems, making them an attractive target vector."

Phishing

Phishing Mobile Encryption Technology

Crypto Phishing Kit Impersonating Login Pages: Stay Informed

Security Boulevard

MARCH 15, 2024

In the ever-evolving landscape of cybersecurity, a fresh menace has emerged, targeting crypto enthusiasts through a sophisticated phishing kit. Learning how to avoid crypto phishing is crucial […] The post Crypto Phishing Kit Impersonating Login Pages: Stay Informed appeared first on TuxCare.

Phishing

Phishing Cryptocurrency Mobile Engineering

VCURMS: New Java RATs Unleashed in Sophisticated Phishing Scheme

Penetration Testing

MARCH 12, 2024

A recently uncovered phishing campaign demonstrates a concerning level of sophistication in its efforts to infiltrate systems and deploy an array of powerful Remote Access Trojans (RATs).

Phishing

Phishing Penetration Testing Malware

Beware of the Latest Phishing Tactic Targeting Employees

Security Boulevard

JULY 15, 2024

Found in Environments Protected By: Google, Outlook 365, Proofpoint By Sabi Kiss, Cofense Phishing Defense Center Phishing attacks are becoming increasingly sophisticated, and the latest attack strategy targeting employees highlights this evolution.

Phishing

AI Will Increase the Quantity—and Quality—of Phishing Scams

Spear Phishing vs Phishing: What Are The Main Differences?

Trending Sources

When spear phishing met mass phishing

Defeating Phishing-Resistant Multifactor Authentication

5 Key Findings From the 2023 FBI Internet Crime Report

Fake Lawsuit Threat Exposes Privnote Phishing Sites

10 Million Users Compromised in Z-Library Phishing Site Hack

Man-in-the-Middle Phishing Attack

Phishing Domains Tanked After Meta Sued Freenom

‘The Manipulaters’ Improve Phishing, Still Fail at Opsec

UPS Data Harvested for SMS Phishing Attacks

FLUXROOT: Phishing Hackers Exploit Serverless Google Cloud

IRONSCALES Applies Generative AI to Phishing Simulation

Phishing Threat Actor Leverages AI to Target Multiple Crypto Brands

Four Automated Anti-Phishing Techniques

CrowdStrike Warns of New Phishing Scam Targeting German Customers

A Guide to Phishing Attacks

AI vs AI: Next front in phishing wars

Void Banshee Group Used ‘Windows Relic’ IE in Phishing Campaign

Router maker's support portal responds with MetaMask phishing

New FishXProxy Phishing Kit Lowers Barriers for Cybercriminals

Recognizing and Reporting Phishing

This AI-Powered Cybercrime Service Bundles Phishing Kits with Malicious Android Apps

TransparentTribe’s Spear-Phishing Targeting Indian Government Departments

A “Meta” Facebook Phish

New Phishing Technique Exploits Progressive Web Apps for Credible Attacks

PINEAPPLE and FLUXROOT Hacker Groups Abuse Google Cloud for Credential Phishing

Generative AI Can Write Phishing Emails, But Humans Are Better At It, IBM X-Force Finds

New phishing and business email compromise campaigns increase in complexity, bypass MFA

TA547 Phishing Attack: German Companies Hit With Infostealer

New Tricks in the Phishing Playbook: Cloudflare Workers, HTML Smuggling, GenAI

New EvilProxy Phishing Attack Uses Indeed.com Redirector to Target US Executives

Phishing emails abuse Windows search protocol to push malicious scripts

The Telegram phishing market

How to Prevent Phishing Attacks with Multi-Factor Authentication

Massive adversary-in-the-middle phishing campaign bypasses MFA and mimics Microsoft Office

How to recognize AI-generated phishing mails

Phishing Threats Rise as Malicious Actors Target Messaging Platforms

New phishing toolkit uses PWAs to steal login credentials

Report: The Dark Side of Phishing Protection

'Darcula' Phishing Service Unleashes Sophisticated Smishing Attacks

Crypto Phishing Kit Impersonating Login Pages: Stay Informed

VCURMS: New Java RATs Unleashed in Sophisticated Phishing Scheme

Beware of the Latest Phishing Tactic Targeting Employees

Stay Connected