Phishing News, Articles and Updates

Increased dark web interest in hacking the leisure and gaming industries.

Given the volumes of cash swashing around, it's no surprise that leisure and gaming industries have become a target for cyber-crime; new reports suggest there is growing interest on the Dark Web in attacks on the gaming industry.

Beware Catphishing attacks targeting the hearts of security pros

Malwarebytes researchers are warning IT workers seeking love online to beware "CatPhishing" scams which can leave entire companies devastated.

Office DDE feature used by hackers in new targeted phishing campaign

Security researchers have warned that a new phishing campaign is using the DDE feature in Microsoft Office to deliver DNSMessenger malware undetected.

Marcher banking trojan campaign attacks Austrians' finances three different ways

An attack campaign targeting Android users in Austria has been employing a novel trio of techniques to steal their funds: a credentials phishing web page, malicious banking app overlays, and credit card phishing screens.

Shooting phish in a barrel - as malicious URL emails surge 600%

Phishing is on an upward trajectory, with a 600% surge in the number of malicious URL emails in Q3 2017. But there are policies and procedures which can be implemented to help prevent users from falling victim to a phishing attack.

Swiss phishing scam aims to download Retefe banking trojan

Researchers with PhishMe have released the details of a phishing campaign, currently being run in Switzerland, that uses a tax dodge to entice its victims to open an attached file, which will then download the Retefe banking trojan.

Phishing campaigns used victim's location to determine whether to deliver Locky or Trickbot

Researchers at PhishMe recently detected two email-based phishing campaigns that infected users with either Lockyransomware or the Trickbot banking trojan based on the victim's geographical location.

Spear-phishers hijack in-progress conversation in highly-targeted attack

Middle-eastern bank, international sporting organisation and Asian individuals were victims of a highly-targeted attack that interrupted an in-progress conversation using compromised credentials.

Devastating phishing attacks dominate 2017

2017 first half: Kaspersky Labs products blocked 51 million phishing attempts; mobile ransomware attacks up 250% percent; Ironscales' own research estimates 95 percent of successful attacks start with phishing says Eyal Benishti

Malicious PowerPoint slide show files deliver REMCOS RAT

Malware distributors are now maliciously crafting PowerPoint Open XML Slide Show (PPSX) files to take advantage of a Microsoft Office vulnerability.

SSL encrypted malware doubles this year, phishing over SSL/TLS up 400%

Increasingly sophisticated malware strains are using SSL to encrypt their activity with malicious SSL-encrypted content more than doubling in the last six months according to a study from Zscaler ThreatLabZ.

'Unverified app' warning adds anti-phishing protection to G Suite

Google claims new 'unverified app' warning will cut down on phishing attacks from within G Suite by giving users information on potentially dodgy apps and scripts.

25% of Australian companies hit by phishing attack this week

The phishing attacks against Australian energy customers grew yesterday with Mailguard reporting an enormous number of phishing attempts made centered on fake Origin Energy bills.

Phishers add dash of punctuation to fool mobile victims with padded URLs

Hyphens galore as cyber-criminals attempt to hide the web addresses of phishing sites on mobile phones with a lot of punctuation.

Phishing scams used by cyber-criminals to steal crypto-currencies

With the value of crypto-currencies like bitcoin continuing to climb, cyber-criminals are looking to expand the tricks they use to steal these virtual dollars.

InfoSec 2017: "If security doesn't work for people, it doesn't work"

People are now officially the strongest link in cyber-security and this people-centric approach demands that vendors make their tech easier to use, and organisations implement policies that people will choose to follow.

Email phishing is rampant- it is time to consider the alternatives

Rick McElroy discusses recent revelations around email phishing and why the sophistication of attacks is going to continue to increase.

Phishing in 2017 - there are steps we must take to protect ourselves

Stu Sjouwerman explains what organisations need to do to protect themselves from phishing attacks and how to better educate and train employees.

Terror exploit kit evolving into greater danger - drops multiple exploits

New exploit kit taking the place of Angler and others as it rapidly evolves to target its victims.

Phishing campaign from 'Bank of France' targets French consumers

Cyber-criminals are attempting to steal credentials from French companies and consumers, yet the campaign is falsely attributed to the Bank of France.

ICYMI: £77m phish; Czech win; ATM theft; Netflix ransom; Bank squat

In Case You Missed It: Google & Facebook phished; Czechs win exercise; ATM theft; Netflix ransom snub; Bank domains spoofed

Under-the-radar KONNI malware campaign found targeting North Korea

A new malware family has been discovered with belief that it has been in use for more than three years to target officials and organisations with ties to North Korea.

New 'Dok' dropper variant found delivering Mac malware

A Malwarebytes researcher on Monday discovered a new variant of the "Dokument.app" dropper that was recently found delivering OSX/Dok Mac malware capable of intercepting infected machines' HTTPS communications.

Hackers cyber-squat hundreds of UK bank domains to trick web users

DomainTools discovers more than 300 fake websites fooling customers into thinking they're clicking on top UK bank websites.

Both human and technical defences against email attachments inadequate

Conventional anti-virus and sandboxing solutions are no longer effective defences against malicious email attachments, but relying upon employees doesn't work for companies either.

Schools among the most sought after cyber-targets

Schools, both those of higher education and local school districts, hold in one place all the types of data prized by hackers, health care information, student and employee PII, research and even payment card data.

Facebook and Google confirm falling victim to £77m phishing scam

Back in March, a Lithuanian man was arrested for duping two unnamed multinational internet companies via an email phishing attack.

Financial services sector most attacked in 2016

IBM's X-Force Research Team has found that cyber-criminals follow Willie Sutton's old-school, analog advice on why to rob banks because "that is where the money is."