Phishing News, Articles and Updates

Edward Snowden returns to US! Oops, nope, it's a phishing scam

A strange spam campaign that targets Apple customers has been found distributing phishing emails containing an Apple receipt that bills US$ 9.99 (£7) to an Edward Snowden residing at a US address.

Study shows which phishing attacks most successful

People are very predictable when it comes to designing phishing attacks that appeal to a potential victims with people most likely to click on messages concerning money.

Desperately needed fix for Flash Player bug exploitation released by Adobe

Adobe Systems today released a critical security update for a pair of vulnerabilities in Flash Player, one of which has been actively exploited in phishing attacks attributed to North Korean APT actor Group 123.

Phishing scam exposes W-2 forms of Keokuk, US employees and officials

The small US Iowan city of Keokuk has disclosed that a cyber-criminal used a phishing scam to fraudulently obtain an electronic file containing the 2017 W-2 tax forms of current and former employees and elected officials.

New whaling and phishing techniques include weaponising Google Docs

Phishing from G-suite users: a weaponised Google spreadsheet hosted on G-Suite opens a remote HTML page which mimics the Google sign-in process and gives the impression that the victim needs to re-authenticate.

BeeToken customers duped out of £700,000 worth of Ethereum in phishing scam

BeeToken customers were duped out of more than US$1 million (£700,000) worth of Ethereum in a phishing scam targeting BeeToken's initial coin offering (ICO) in a scam similar to the one that targeted Experty earlier this week.

New Phishing scam combines FedEx and Google Drive to lure victims

Several universities and more than 20 companies have been hit with malware whose creators are using several layers of subterfuge to camouflage their phishing attack by taking advantage of a few trusted brand names.

North Korea-linked trojan switches targets from banks to cryptocurrency enthusiasts

Originally used by reputed North Korean hackers to attack the global banking sector, the Ratankba downloader trojan has been repurposed into a PowerShell-based variant that appears to be targeting small, non-financial organisations.

The phishing lifecycle - before, during and after an attack

Just as phishing has evolved, the way organisations detect and deflect these malicious messages must also change, looking at each distinct stages to a phishing attack - before, during and after.

How organisations can thrive in the time of phishing attacks

Phishing, smishing and other types of malware are not going anywhere and the risks are only going to rise as mobile becomes a primary device for employees. Companies need to get ahead of the issue rather than responding.

Shut for the holidays? Beware, cyber-criminals may play while you're away

It's essential that IT teams complete patching, updates and changes to their networks before high volume traffic times hit so they can focus on responding quickly to network events and security issues says James Barrett.

Hackers target private schools in UK

Hackers are taking advantage of poorly secured systems at schools in the UK, nicking identifying data, typically through phishing attacks, that they could use to target parents with fake invoices and other means of cyber-crime.

Growth in impersonation attacks greater than malware attacks

While many organisations still fear of malware being the main burden to their email cyber-resilience, the findings show only 15 percent increase in these type of email attacks compared to the last figures.

Increased dark web interest in hacking the leisure and gaming industries.

Given the volumes of cash swashing around, it's no surprise that leisure and gaming industries have become a target for cyber-crime; new reports suggest there is growing interest on the Dark Web in attacks on the gaming industry.

Beware Catphishing attacks targeting the hearts of security pros

Malwarebytes researchers are warning IT workers seeking love online to beware "CatPhishing" scams which can leave entire companies devastated.

Office DDE feature used by hackers in new targeted phishing campaign

Security researchers have warned that a new phishing campaign is using the DDE feature in Microsoft Office to deliver DNSMessenger malware undetected.

Marcher banking trojan campaign attacks Austrians' finances three different ways

An attack campaign targeting Android users in Austria has been employing a novel trio of techniques to steal their funds: a credentials phishing web page, malicious banking app overlays, and credit card phishing screens.

Shooting phish in a barrel - as malicious URL emails surge 600%

Phishing is on an upward trajectory, with a 600% surge in the number of malicious URL emails in Q3 2017. But there are policies and procedures which can be implemented to help prevent users from falling victim to a phishing attack.

Swiss phishing scam aims to download Retefe banking trojan

Researchers with PhishMe have released the details of a phishing campaign, currently being run in Switzerland, that uses a tax dodge to entice its victims to open an attached file, which will then download the Retefe banking trojan.

Phishing campaigns used victim's location to determine whether to deliver Locky or Trickbot

Researchers at PhishMe recently detected two email-based phishing campaigns that infected users with either Lockyransomware or the Trickbot banking trojan based on the victim's geographical location.

Spear-phishers hijack in-progress conversation in highly-targeted attack

Middle-eastern bank, international sporting organisation and Asian individuals were victims of a highly-targeted attack that interrupted an in-progress conversation using compromised credentials.

Devastating phishing attacks dominate 2017

2017 first half: Kaspersky Labs products blocked 51 million phishing attempts; mobile ransomware attacks up 250% percent; Ironscales' own research estimates 95 percent of successful attacks start with phishing says Eyal Benishti

Malicious PowerPoint slide show files deliver REMCOS RAT

Malware distributors are now maliciously crafting PowerPoint Open XML Slide Show (PPSX) files to take advantage of a Microsoft Office vulnerability.

SSL encrypted malware doubles this year, phishing over SSL/TLS up 400%

Increasingly sophisticated malware strains are using SSL to encrypt their activity with malicious SSL-encrypted content more than doubling in the last six months according to a study from Zscaler ThreatLabZ.

'Unverified app' warning adds anti-phishing protection to G Suite

Google claims new 'unverified app' warning will cut down on phishing attacks from within G Suite by giving users information on potentially dodgy apps and scripts.

25% of Australian companies hit by phishing attack this week

The phishing attacks against Australian energy customers grew yesterday with Mailguard reporting an enormous number of phishing attempts made centered on fake Origin Energy bills.

Phishers add dash of punctuation to fool mobile victims with padded URLs

Hyphens galore as cyber-criminals attempt to hide the web addresses of phishing sites on mobile phones with a lot of punctuation.

Phishing scams used by cyber-criminals to steal crypto-currencies

With the value of crypto-currencies like bitcoin continuing to climb, cyber-criminals are looking to expand the tricks they use to steal these virtual dollars.