Phishing News, Articles and Updates

URL file attacks spread Quant Loader trojan

A recent spate of attacks using phishing, social engineering, exploits, and obfuscation are being used to spread a Quant Loader trojan capable of distributing ransomware and password stealers.

10 Ways to tell if that email is legitimate...or not

Phishing has become one of the most pervasive problems facing data security staff today. Generally speaking, a basic phishing attack is relatively easy to conduct and inexpensive for the attacker.

Indicted Iranian hackers phished targets using library account lures

The nine US-indicted Iranians who stand accused of exfiltrating 31 terabytes of research and data from educational institutions, companies and government agencies, allegedly used phishing schemes to steal university credentials.

Phishing or Ransomware? Experts dispute which is biggest cyber-threat

Cyber-security executives and business decision makers question whether phishing emails or ransomware attacks are the most potent threats faced, but are businesses equipped to implement all-round risk mitigation strategies?

Is your company a cyber-security 'Tough Mudder?'

There are some difficult obstacles to overcome in the cyber-security tough-mudder challenge, from ransomware and phishing to insider threats and GDPR, but thorough preparation can boost your chances of success.

Phishme acquired by private equity firms, rebrands as Cofense

Phishme announced that it has been acquired by a consortium of private equity firms and has changed its name to Cofense.

Edward Snowden returns to US! Oops, nope, it's a phishing scam

A strange spam campaign that targets Apple customers has been found distributing phishing emails containing an Apple receipt that bills US$ 9.99 (£7) to an Edward Snowden residing at a US address.

Study shows which phishing attacks most successful

People are very predictable when it comes to designing phishing attacks that appeal to a potential victims with people most likely to click on messages concerning money.

Desperately needed fix for Flash Player bug exploitation released by Adobe

Adobe Systems today released a critical security update for a pair of vulnerabilities in Flash Player, one of which has been actively exploited in phishing attacks attributed to North Korean APT actor Group 123.

Phishing scam exposes W-2 forms of Keokuk, US employees and officials

The small US Iowan city of Keokuk has disclosed that a cyber-criminal used a phishing scam to fraudulently obtain an electronic file containing the 2017 W-2 tax forms of current and former employees and elected officials.

New whaling and phishing techniques include weaponising Google Docs

Phishing from G-suite users: a weaponised Google spreadsheet hosted on G-Suite opens a remote HTML page which mimics the Google sign-in process and gives the impression that the victim needs to re-authenticate.

BeeToken customers duped out of £700,000 worth of Ethereum in phishing scam

BeeToken customers were duped out of more than US$1 million (£700,000) worth of Ethereum in a phishing scam targeting BeeToken's initial coin offering (ICO) in a scam similar to the one that targeted Experty earlier this week.

New Phishing scam combines FedEx and Google Drive to lure victims

Several universities and more than 20 companies have been hit with malware whose creators are using several layers of subterfuge to camouflage their phishing attack by taking advantage of a few trusted brand names.

North Korea-linked trojan switches targets from banks to cryptocurrency enthusiasts

Originally used by reputed North Korean hackers to attack the global banking sector, the Ratankba downloader trojan has been repurposed into a PowerShell-based variant that appears to be targeting small, non-financial organisations.

The phishing lifecycle - before, during and after an attack

Just as phishing has evolved, the way organisations detect and deflect these malicious messages must also change, looking at each distinct stages to a phishing attack - before, during and after.

How organisations can thrive in the time of phishing attacks

Phishing, smishing and other types of malware are not going anywhere and the risks are only going to rise as mobile becomes a primary device for employees. Companies need to get ahead of the issue rather than responding.

Shut for the holidays? Beware, cyber-criminals may play while you're away

It's essential that IT teams complete patching, updates and changes to their networks before high volume traffic times hit so they can focus on responding quickly to network events and security issues says James Barrett.

Hackers target private schools in UK

Hackers are taking advantage of poorly secured systems at schools in the UK, nicking identifying data, typically through phishing attacks, that they could use to target parents with fake invoices and other means of cyber-crime.

Growth in impersonation attacks greater than malware attacks

While many organisations still fear of malware being the main burden to their email cyber-resilience, the findings show only 15 percent increase in these type of email attacks compared to the last figures.

Increased dark web interest in hacking the leisure and gaming industries.

Given the volumes of cash swashing around, it's no surprise that leisure and gaming industries have become a target for cyber-crime; new reports suggest there is growing interest on the Dark Web in attacks on the gaming industry.

Beware Catphishing attacks targeting the hearts of security pros

Malwarebytes researchers are warning IT workers seeking love online to beware "CatPhishing" scams which can leave entire companies devastated.

Office DDE feature used by hackers in new targeted phishing campaign

Security researchers have warned that a new phishing campaign is using the DDE feature in Microsoft Office to deliver DNSMessenger malware undetected.

Marcher banking trojan campaign attacks Austrians' finances three different ways

An attack campaign targeting Android users in Austria has been employing a novel trio of techniques to steal their funds: a credentials phishing web page, malicious banking app overlays, and credit card phishing screens.

Shooting phish in a barrel - as malicious URL emails surge 600%

Phishing is on an upward trajectory, with a 600% surge in the number of malicious URL emails in Q3 2017. But there are policies and procedures which can be implemented to help prevent users from falling victim to a phishing attack.

Swiss phishing scam aims to download Retefe banking trojan

Researchers with PhishMe have released the details of a phishing campaign, currently being run in Switzerland, that uses a tax dodge to entice its victims to open an attached file, which will then download the Retefe banking trojan.

Phishing campaigns used victim's location to determine whether to deliver Locky or Trickbot

Researchers at PhishMe recently detected two email-based phishing campaigns that infected users with either Lockyransomware or the Trickbot banking trojan based on the victim's geographical location.

Spear-phishers hijack in-progress conversation in highly-targeted attack

Middle-eastern bank, international sporting organisation and Asian individuals were victims of a highly-targeted attack that interrupted an in-progress conversation using compromised credentials.

Devastating phishing attacks dominate 2017

2017 first half: Kaspersky Labs products blocked 51 million phishing attempts; mobile ransomware attacks up 250% percent; Ironscales' own research estimates 95 percent of successful attacks start with phishing says Eyal Benishti

Malicious PowerPoint slide show files deliver REMCOS RAT

Malware distributors are now maliciously crafting PowerPoint Open XML Slide Show (PPSX) files to take advantage of a Microsoft Office vulnerability.