Phishing News, Articles and Updates

Phishing campaigns used victim's location to determine whether to deliver Locky or Trickbot

Researchers at PhishMe recently detected two email-based phishing campaigns that infected users with either Lockyransomware or the Trickbot banking trojan based on the victim's geographical location.

Spear-phishers hijack in-progress conversation in highly-targeted attack

Middle-eastern bank, international sporting organisation and Asian individuals were victims of a highly-targeted attack that interrupted an in-progress conversation using compromised credentials.

Devastating phishing attacks dominate 2017

2017 first half: Kaspersky Labs products blocked 51 million phishing attempts; mobile ransomware attacks up 250% percent; Ironscales' own research estimates 95 percent of successful attacks start with phishing says Eyal Benishti

Malicious PowerPoint slide show files deliver REMCOS RAT

Malware distributors are now maliciously crafting PowerPoint Open XML Slide Show (PPSX) files to take advantage of a Microsoft Office vulnerability.

SSL encrypted malware doubles this year, phishing over SSL/TLS up 400%

Increasingly sophisticated malware strains are using SSL to encrypt their activity with malicious SSL-encrypted content more than doubling in the last six months according to a study from Zscaler ThreatLabZ.

'Unverified app' warning adds anti-phishing protection to G Suite

Google claims new 'unverified app' warning will cut down on phishing attacks from within G Suite by giving users information on potentially dodgy apps and scripts.

25% of Australian companies hit by phishing attack this week

The phishing attacks against Australian energy customers grew yesterday with Mailguard reporting an enormous number of phishing attempts made centered on fake Origin Energy bills.

Phishers add dash of punctuation to fool mobile victims with padded URLs

Hyphens galore as cyber-criminals attempt to hide the web addresses of phishing sites on mobile phones with a lot of punctuation.

Phishing scams used by cyber-criminals to steal crypto-currencies

With the value of crypto-currencies like bitcoin continuing to climb, cyber-criminals are looking to expand the tricks they use to steal these virtual dollars.

InfoSec 2017: "If security doesn't work for people, it doesn't work"

People are now officially the strongest link in cyber-security and this people-centric approach demands that vendors make their tech easier to use, and organisations implement policies that people will choose to follow.

Email phishing is rampant- it is time to consider the alternatives

Rick McElroy discusses recent revelations around email phishing and why the sophistication of attacks is going to continue to increase.

Phishing in 2017 - there are steps we must take to protect ourselves

Stu Sjouwerman explains what organisations need to do to protect themselves from phishing attacks and how to better educate and train employees.

Terror exploit kit evolving into greater danger - drops multiple exploits

New exploit kit taking the place of Angler and others as it rapidly evolves to target its victims.

Phishing campaign from 'Bank of France' targets French consumers

Cyber-criminals are attempting to steal credentials from French companies and consumers, yet the campaign is falsely attributed to the Bank of France.

ICYMI: £77m phish; Czech win; ATM theft; Netflix ransom; Bank squat

In Case You Missed It: Google & Facebook phished; Czechs win exercise; ATM theft; Netflix ransom snub; Bank domains spoofed

Under-the-radar KONNI malware campaign found targeting North Korea

A new malware family has been discovered with belief that it has been in use for more than three years to target officials and organisations with ties to North Korea.

New 'Dok' dropper variant found delivering Mac malware

A Malwarebytes researcher on Monday discovered a new variant of the "Dokument.app" dropper that was recently found delivering OSX/Dok Mac malware capable of intercepting infected machines' HTTPS communications.

Hackers cyber-squat hundreds of UK bank domains to trick web users

DomainTools discovers more than 300 fake websites fooling customers into thinking they're clicking on top UK bank websites.

Both human and technical defences against email attachments inadequate

Conventional anti-virus and sandboxing solutions are no longer effective defences against malicious email attachments, but relying upon employees doesn't work for companies either.

Schools among the most sought after cyber-targets

Schools, both those of higher education and local school districts, hold in one place all the types of data prized by hackers, health care information, student and employee PII, research and even payment card data.

Facebook and Google confirm falling victim to £77m phishing scam

Back in March, a Lithuanian man was arrested for duping two unnamed multinational internet companies via an email phishing attack.

Financial services sector most attacked in 2016

IBM's X-Force Research Team has found that cyber-criminals follow Willie Sutton's old-school, analog advice on why to rob banks because "that is where the money is."

Asian Interpol operation finds nearly 270 compromised websites

Authorities from seven Southeast Asian nations recently collaborated on an operation that exposed regional threats including malware, ransomware, DDoS attacks, and spam campaigns.

Delta fake ticket receipt scam redirects to Hancitor malware

User's surprised by their surprise booking and re-accommodation, receive an email stating that the user's order has been confirmed.

Callisto Group hackers target UK Foreign Office with phishing campaign

The Callisto Group is said to behind a spear-phishing campaign in the UK intent on gathering intel.

ICYMI: MSP APT; MS 0-day; Travel phish: Retraining; Hacktivists hit

In Case You Missed It: Chinese hack MSPs; Windows Server 2003 flaw; Phishing hits travellers; retraining graduates; OpIsrael hacktivists targeted.

Cyber-espionage spear-phishing campaign hits Saudi Arabia

Spear-phishing attacks aimed at placing cyber-espionage malware on government computers using an infected Word document are being blamed on about a dozen Saudi Arabian agencies.

Big Phish - why phishing just won't go away, and what to do about it

Adam Vincent discusses why phishing attacks continue to dominate the cyber-security landscape, why companies are still falling for them and how attacker profiling can help protect against them.