Many movies and other media may have a bit of a warped idea of what hackers do, exactly. But one show that got it right is Mr. Robot, which shows that a company’s weakest spot is usually its people. The “human factor” they call it. It’s true that a lot of data breaches and other […]
The U.S. Department of Justice (DOJ) announced the seizure of two C&C domains used by threat actors to deploy complex spear phishing campaigns mimicking legitimate communications from the U.S. Agency for International Development (USAID). Microsoft even released a security alert related to the operators of these campaigns, noting that this attack was based on mass […]
Cybersecurity specialists reported the detection of an ambitious phishing campaign in which operators try to trick users while posing as employees of a paid service that must be cancelled. The goal of these hackers is to infect the attacked systems with the BazaLoader malware variant. This malware is able to implant a backdoor on Windows […]
Spanish authorities report the emergence of a new phishing variant targeting users of social media platforms like Instagram. According to the report, threat actors try to take control of accounts with powerful and level of interactions by sending fraudulent messages. The campaign was deployed throughout April, with multiple users reporting that their accounts were subjected […]
So far, Facebook Messenger users in 80 countries have been targeted by this phishing scam, reports Group-IB. The Singapore-based cybersecurity firm Group-IB has released a new report providing details of a new phishing campaign affecting users in over 80 countries. The ‘global threat hunting and adversary-centric cyber intelligence agency’ revealed in its report that threat actors are […]
Click Studios, the Australian software firm which confirmed a supply chain attack affecting its Passwordstate password management application, has warned customers of an ongoing phishing attack by an unknown threat actor. “We have been advised a bad actor has commenced a phishing attack with a small number of customers having received emails requesting urgent action,” […]
An unprecedented event occurred a few hours ago when, by mistake, thousands of users received an email from Twitter requesting users to confirm their accounts, giving the impression of being a massive phishing attack. This incident, which began around 10:00 PM on Thursday, impacted individual and business accounts alike. The subject line of these messages […]
A new phishing campaign targets specific targets by trying to distribute various remote access Trojan (RAT) variants. According to Cisco Talos Intelligence researchers, this hacking campaign was identified as “Fajan” and could be being operated from an Arabic-speaking country. Experts believe this campaign would have started in early March, starting with a commitment to “low-profile” […]
A cybercriminal group is deploying a phishing campaign that uses a fraudulent website to collect Microsoft Office 365 credentials by creating html snippets stored locally and remotely. This method involves integrating various hidden HTML pieces into JavaScript files to get the fake login interface in which the victim delivers their sensitive information. Potential victims receive […]
Phishing, which started off as Nigerian Prince scams in the 1990s, has become a common attack vector ever since. As though phishing wasn’t enough of a cybersecurity menace, overtime many different kinds of phishing have come into being. Among many forms of this cyberthreat, spear-phishing attacks are the most challenging to stop. Spear phishing attacks […]
Security analysts at Area 1 Security have recently discovered a new sophisticated Office 365 phishing scam that is targeting the execs of the insurance and financial departments. The threat actors are hunting down the employees of insurance and financial departments through this Office 365 phishing scam to collect their precious credentials and launch BEC attacks. […]
Cybersecurity specialists report that multiple phishing websites are using JavaScript to prevent detection, checking whether users are browsing from a virtual machine or a secure environment, also known as headless service devices. These devices and services allow cybersecurity firms and researchers to determine whether a website is used for fraudulent purposes. On the other hand, […]
The specialized team FireEye Email Security has published a report on the detection of multiple phishing campaigns in which operators use source code obfuscation of compromised or malicious domains. Threat actors seek to extract confidential information, mainly victims’ banking details. On the topic used in this campaign, threat actors are trying to take advantage of […]
Here’s how to spot scams where criminals use deceptive text messages to hook and reel in their marks
A recent cybersecurity report is referring to the detection of a sensitive data stealing campaign affecting United Kingdom citizens. The local media mentioned that operators of this phishing scheme are using the Netflix name and branding to access non-prevented users’ banking accounts. It all starts with an email supposedly sent by the streaming platform in […]
MaskPhish is a simple script to hide phishing URL under a normal looking URL(google.com or facebook.com). Legal Disclaimer: Usage of MaskPhish for attacking targets without prior mutual consent is illegal. It’s the end user’s responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any […]
The scam starts with a text warning victims of suspicious activity on their accounts
Is the message real or fake? Take our Phishing Derby quiz to find out how much you know about phishing.
A Cofense Intelligence report details the finding of a phishing campaign that uses the issue of COVID-19 disease to infect victims with a new version of the Hentai OniChan ransomware. Formerly known as King Engine, this variant filters victim data and charges a much larger ransom than other detected variants. The infection campaigns that used […]
The concept of phishing is gaining immense popularity during the Covid-19 pandemic. People, by and large, are becoming victims of such fraudulent activities. Therefore, we have come up with 5 ways businesses can avoid getting trapped with emails that are meant to deteriorate their online identity. Based on recent Phishing records, almost 90 percent of companies […]
The concept of phishing is gaining immense popularity during the Covid-19 pandemic. People, by and large, are becoming victims of such fraudulent activities. Therefore, we have come up with 5 ways businesses can avoid getting trapped with emails that are meant to deteriorate their online identity. Based on recent Phishing records, almost 90 percent of companies […]