Items tagged with Phishing

TA444 is an advanced persistent threat (APT) group believed to be associated with the North Korean government. However, rather than receiving financial backing from its government, the group seems to bring in revenue for the government. Unlike most state-backed APTs, such as China’s Aoqin Dragon or Iran’s Charming... Read more...
Over the past week, Gmail users have been reporting abuse of the Google Ads platform. However, rather than conducting ad fraud or placing ads that distribute malware, the actors behind this recent activity are leveraging the Google Ads invitation system to direct traffic to various to risky websites. These sites are... Read more...
Gemini, the cryptocurrency exchange founded by the Winklevoss twins, published a blog post this week warning about phishing campaigns targeting its customers. These phishing campaigns are likely related to a previously undisclosed data breach that exposed the email addresses of the exchange’s 5.7 million customers... Read more...
Joint research conducted by cybersecurity firms Checkmarx and Illustria has revealed a massive phishing campaign that flooded open source repositories with over 144,000 packages. Unlike many other campaigns that involve the distribution of software packages, this newly discovered campaign didn’t attempt to distribute... Read more...
The cuteness of kittens is widely recognized and appreciated on the internet, but there’s nothing cute about the Iranian Advanced Persistent Threat (APT) known as “Charming Kitten.” Also known as TA453 or APT42, this threat group has been conducting cyber espionage at the behest of the Iranian regime since at least... Read more...
In most cases, it's pretty easy to recognize a phishing scam. Telltale signs include typos, bad grammar, unsolicited attachments, and spoofed email addresses and hyperlinks, to name just a few. So imagine my surprise when I received an email that exhibited none of those traits, at least not initially, in an attempt to... Read more...
The holiday season at the end of the year is a busy time for online shoppers, between taking advantage of the best Black Friday and Cyber Monday deals and ordering gifts for friends and family. Sadly, threat actors have no qualms with taking advantage of the high volume of packages in transit during this time to... Read more...
The cybersecurity firm Cyjax has published a new report detailing an ongoing phishing campaign that has made use of over 42,000 domains going back to 2017. The campaign targets WhatsApp users with surveys promising rewards from major international brands, such as McDonald’s and Coca-Cola. Cyjax researchers have... Read more...
Earlier this year, threat researchers at the cybersecurity company IronNet discovered a phishing-as-a-service (PhaaS) platform known as Robin Banks. While the name may be humorous, the platform itself is no laughing matter, as it serves to aid cybercriminals in stealing innocent users’ banking credentials. After... Read more...
As Elon Musk pushes to begin charging users to keep their coveted check marks, it appears scammers are beginning to target users who already have one by their username. The new CEO of Twitter has also mentioned that the verification process is currently being "revamped." In what Musk says is an attempt to make... Read more...
2K, the publisher of numerous video game series, including Borderlands, Civilization, and Bioshock, has issued a notice to warn customers that an unknown actor recently gained unauthorized access to its help desk platform. The threat actor in question abused this access to distribute malware by way of the 2K Games... Read more...
The Cyber Division of the US Federal Bureau of Investigation (FBI) has published a notice warning the healthcare industry of cyberattacks targeting healthcare payment processors. The attacks generally come in the form of phishing attacks that leverage employees’ publicly available Personally Identifiable Information... Read more...
Cybersecurity researchers at Proofpoint have been keeping tabs on an Advanced Persistent Threat (APT) known as TA453 and recently found the threat actor employing a phishing technique that makes use of sock puppet email accounts. Sock puppets are alternate accounts or personas used in a deceptive manner by a single... Read more...
The cybersecurity firm Group-IB published research today detailing how various threat actors are stealing Steam login credentials using browser windows. Specialists from the computer emegency response team at Group-IB (CERT-GIB) discovered over 150 phishing resources mimicking Steam in just the month of July. Steam... Read more...
Scammers and fraudsters have been targeting YouTube creators with sophisticated email campaigns. The emails pose as legitimate notices from Google which claim to be a copyright report and possible strike against the channel. These include a Google Drive link to the purported report, which actually contains a malware... Read more...
Threat intelligence firm Recorded Future has published a report concerning a long-term credential theft campaign targeting humanitarian, think tank, and government organizations. A hacking group known as RedAlpha is carrying out this ongoing campaign, and is known to have been active as far back as 2015. However, it... Read more...
Cloudflare says that it was hit by the same smishing (sms phishing) attack that recently resulted in a user data breach at Twilio. However, unlike Twilio, Cloudflare managed to prevent the attack from escalating to a data breach thanks to its strong security measures. While the attackers managed to steal login... Read more...
If we’ve learned anything from reporting on phishing attacks, it’s that no company, organization, or institution is immune from becoming the victim of one. Even the US Department of Defense recently fell victim to a $23.5 million phishing scam. If anything, larger organizations simply make for larger and more... Read more...
Malware campaigns employ different techniques to smuggle malicious software onto computing devices without the notice of users or anti-virus systems. Threat actors who develop and distribute malware frequently rely on various forms of mimicry to take advantage of users’ trust in legitimate websites, services, and... Read more...
While malware and phishing are two different kinds of cyberattacks, threat actors sometimes use both methods in malicious campaigns. A threat actor known as Roaming Mantis appears to be doing exactly that in a new campaign documented by researchers at the cybersecurity firm SEKOIA. Roaming Mantis has previously... Read more...
Phishing attacks employ various methods to trick users into handing over sensitive information, such as login credentials. Over time, as users have become more suspicious and email clients, web browsers, and IT departments have implemented anti-phishing measures, scammers have had to get creative and devise more... Read more...
Popular portrayals of hackers tend to show them as computer geniuses who use their elite technical skills to breach computer systems. However, in real life, bad actors often don’t bother to directly hack computer systems when they can access those same systems by hacking people instead. People are often willing to... Read more...
1 2 3 4 Next