Phishing - Information Management Today

Search:

DAY

WEEK

MONTH

YEAR

Dec 07 - Dec 13

Nov 30 - Dec 06

Nov 23 - Nov 29

Nov 16 - Nov 22

Nov 09 - Nov 15

September, 2024

MORE

MORE

MORE

MORE

Select your country:
Sign up | Log in

Phishing

article thumbnail

‘Tis the Season for the Wayward Package Phish

Krebs on Security

NOVEMBER 4, 2021

Here’s a look at a fairly elaborate SMS-based phishing scam that spoofs FedEx in a bid to extract personal and financial information from unwary recipients. One of dozens of FedEx-themed phishing sites currently being advertised via SMS spam. ” Attempting to visit the domain in the phishing link — o001cfedeex[.]com

Phishing Insurance Passwords Privacy

article thumbnail

Phishing Kit Can Change Lures and Text

Data Breach Today

JANUARY 29, 2021

Researchers: 'LogoKit' Found on 700 Domains Researchers at the security firm RiskIQ have discovered a phishing kit they call "LogoKit" that fraudsters can use to easily change lures, logos and text in real time to help trick victims into opening up messages and clicking on malicious links.

Phishing Security

Join 55,000+

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Trending Sources

article thumbnail

Phish-Friendly Domain Registry “.top” Put on Notice

Krebs on Security

JULY 23, 2024

The Chinese company in charge of handing out domain names ending in “ top ” has been given until mid-August 2024 to show that it has put in place systems for managing phishing reports and suspending abusive domains, or else forfeit its license to sell domains. ” Image: Shutterstock. Interisle said.top has roughly 2.76

Phishing Compliance IT

article thumbnail

PayPal Phishing Scam Uses Invoices Sent Via PayPal

Krebs on Security

AUGUST 18, 2022

” A copy of the phishing message included in the PayPal.com invoice. While the phishing message attached to the invoice is somewhat awkwardly worded, there are many convincing aspects of this hybrid scam. Details of this scam were shared Wednesday with PayPal’s anti-abuse (phish@paypal.com) and media relations teams.

Phishing IT Access

article thumbnail

The Business Cost of Phishing

Advertisement

Phishing is a problem that's plagued organizations for years. IT and Security teams will tell you that they’re spending too much time and money on phishing, but what does that mean? This report quantifies the financial impacts of phishing.

article thumbnail

SolarWinds Attackers Return With Fresh Phishing Campaign

Data Breach Today

MAY 28, 2021

Microsoft: Russians Used Malicious Messages Portrayed as Coming From USAID A Russian group that was behind the massive SolarWinds supply chain attack has returned with a fresh phishing campaign, according to Microsoft. This new campaign compromised a marketing firm used by the U.S.

Phishing Marketing

article thumbnail

Dropbox Used in Latest Exploit for Phishing Attacks

Data Breach Today

MARCH 11, 2024

Darktrace Warns of Malware Hidden in PDF Stored in Dropbox Phishing attacks continue to adapt to exploit popular apps. While many phishing campaigns have focused on mobile banking and payment sites, attackers are also targeting widely used but lower-profile, cloud-based utilities such as the ubiquitous Dropbox storage platform.

article thumbnail

SMS About Bank Fraud as a Pretext for Voice Phishing

Krebs on Security

NOVEMBER 10, 2021

” The remarkable aspect of these phone-based phishing scams is typically the attackers never even try to log in to the victim’s bank account. We don’t know what the fraudsters behind this clever hybrid SMS/voice phishing scam intended to do with the information they might have coaxed from Stevens’ daughter.

Phishing Security IT

article thumbnail

Microsoft Says Phishing Campaign Skirted MFA to Access Email

Data Breach Today

JULY 14, 2022

Attackers Targeted More Than 10,000 Organizations Since Last September Attackers used a phishing campaign to direct unwitting Microsoft business email customers into supplying logon credentials to a proxy server. Attackers stole online session cookies, allowing them to defeat MFA and access inboxes.

Phishing Access

article thumbnail

UC San Diego: Phishing Leads to Account Access for Months

Data Breach Today

JULY 28, 2021

Intrusion Affects Patients, Employees and Students UC San Diego Health says a phishing incident led to unauthorized access to an undisclosed amount of information on patients, employees and students for at least four months.

Phishing Access

article thumbnail

Breach Roundup: ICANN Warns.top Domain About Phishing

Data Breach Today

JULY 25, 2024

Also: Russian DDoS Hacktivists; Verizon Settles With US FTC and Windows 10 This week, ICANN warned of phishing, BreachForums data was leaked, police arrested alleged pro-Russian hackers, the U.K shut down a DDoS booter site, the EU gave Meta a deadline, Russia decried U.S.

Phishing Security

article thumbnail

Phishing Domains Tanked After Meta Sued Freenom

Krebs on Security

MAY 26, 2023

The number of phishing websites tied to domain name registrar Freenom dropped precipitously in the months surrounding a recent lawsuit from social networking giant Meta , which alleged the free domain name provider has a long history of ignoring abuse complaints about phishing websites while monetizing traffic to those abusive domains.

Phishing Mining IT

article thumbnail

Phish Perfect: How ChatGPT Can Help Criminals Get There

Data Breach Today

OCTOBER 25, 2023

AI Generated Phishing Still Cannot Beat Humans, But Not for Long: IBM ChatGPT can craft almost perfect phishing emails in five minutes, nearly beating a social engineering team with decades of experience, the results of a "nail-biting" experiment by IBM showed.

Phishing

article thumbnail

Police Dismantle Dutch Phishing Gang

Data Breach Today

JUNE 22, 2022

Belgian and Dutch Police Arrest 9 Suspects Over Theft of 'Millions of Euros' Belgian and Dutch police with the support of Europol dismantled an organized crime gang involved in carrying out phishing, money laundering and other scams. Nine suspects are in detention after stealing several million euros, authorities say.

Phishing

article thumbnail

Phishing Attack Used Spoofed COVID-19 Vaccination Forms

Data Breach Today

AUGUST 30, 2021

Researchers Find Fraudsters Pose as HR Execs to Harvest Credentials A recently uncovered phishing campaign used fake COVID-19 vaccination forms - and took advantage of confusion over whether employees will return to their offices this fall - to harvest workers' email credentials, according to analysts with security firm INKY.

Phishing Security

article thumbnail

Phishing-as-a-Service Platform Offers Cut-Rate Prices

Data Breach Today

JULY 29, 2022

Customers of 'Robin Banks' Platform Have Netted $500,000 Fifty bucks gets cybercriminals access to a phishing-as-a-service platform for campaigns impersonating major brands in the United States and other English-speaking countries.

Phishing Access

article thumbnail

US, Microsoft Seize Domains Used in Russian Spear-Phishing

Data Breach Today

OCTOBER 3, 2024

Department of Justice and Microsoft seized more than 100 websites allegedly used by a Russian intelligence cyberespionage operation with a fondness for spear phishing. FSB Hackers Stripped of 107 Domains Used to Steal Credentials The U.S.

Phishing Security

article thumbnail

This Windows PowerShell Phish Has Scary Potential

Krebs on Security

SEPTEMBER 19, 2024

Many GitHub users this week received a novel phishing email warning of critical security holes in their code. Those who clicked the link for details were asked to distinguish themselves from bots by pressing a combination of keyboard keys that causes Microsoft Windows to download password-stealing malware.

Phishing Passwords Security IT

article thumbnail

Cryptohack Roundup: It's Raining Phishing Scams on X

Data Breach Today

JANUARY 11, 2024

Also: Bitcoin ETP, Gamma and dYdX Attacks, 2023 Hack Stats This week, hackers ran crypto phishing scams on X accounts, the SEC approved bitcoin ETP, hackers stole $3.4

Phishing IT

article thumbnail

Breach Roundup: MongoDB Blames Phishing Email for Breach

Data Breach Today

DECEMBER 21, 2023

Also: Hackers Scrooge The North Face Holiday Shipments This week, MongoDB blamed a phishing email for causing unauthorized access to its corporate environment, hackers interrupted VF Corp.

Phishing Access IT

article thumbnail

Fake Websites, Phishing Appear in Wake of CrowdStrike Outage

Data Breach Today

JULY 22, 2024

Authorities Warn About Domains Targeting Victims Seeking to Restore Windows Devices Cybercriminals are exploiting the chaos created by the CrowdStrike outage by launching fake websites and phishing campaigns to trick victims into downloading malware or divulging sensitive information, according to the U.S.

Phishing Cybersecurity Security

article thumbnail

Malicious Pixels: Criminals Revamp QR Code Phishing Attacks

Data Breach Today

OCTOBER 9, 2024

Attackers Use ASCII Characters to Create Tough-to-Spot QR Codes, Barracuda Warns Attackers are moving beyond using QR code images added to phishing emails to trick victims into visiting malicious sites, and using ASCII "full block" characters to build working QR codes designed to evade optical character recognition defenses, warns cybersecurity firm (..)

Phishing Cybersecurity

article thumbnail

Fake Websites, Phishing Surface in Wake CrowdStrike Outage

Data Breach Today

JULY 20, 2024

Authorities Warn About Domains Targeting Victims Seeking to Restore Windows Devices Cybercriminals are exploiting the chaos created by the CrowdStrike outage by launching fake websites and phishing campaigns to trick victims into downloading malware or divulging sensitive information, according to the U.S.

Phishing Cybersecurity Security

article thumbnail

APT28 Spear-Phishes Ukrainian Critical Energy Facility

Data Breach Today

SEPTEMBER 5, 2023

Energy Facility Impeded Attack by Blocking the Launch of the Windows Script Host Ukrainian cyber defenders say Russian military hackers targeted a critical energy infrastructure facility with phishing emails containing a malicious script leading to cyberespionage.

Phishing Military

article thumbnail

Fake Lawsuit Threat Exposes Privnote Phishing Sites

Krebs on Security

APRIL 4, 2024

The disclosure revealed a profitable network of phishing sites that behave and look like the real Privnote, except that any messages containing cryptocurrency addresses will be automatically altered to include a different payment address controlled by the scammers. A screenshot of the phishing domain privatemessage dot net.

Phishing Blockchain Manufacturing Encryption

article thumbnail

Mobile-Driven Phishing Spoofs FCC, Cryptocurrency Giants

Data Breach Today

MARCH 4, 2024

Researchers Say Hackers Used Fake Login Pages to Trick 100 Victims, Crypto Workers A new phishing campaign is targeting victims through mobile devices by mirroring legitimate login pages for the Federal Communications Commission and large cryptocurrency platforms including Binance and Coinbase.

Phishing Communications

article thumbnail

Ukraine Facing Phishing Attacks, Information Operations

Data Breach Today

APRIL 19, 2023

Russia's Invasion Tactics Include Creating Fake Hacktivist Groups, Researchers Find The Russian government continues to use an array of phishing attacks and information operations - including hack-and-leak efforts and running hacktivist groups such as CyberArmyofRussia - to support its illegal invasion of Ukraine, Google researchers report.

Phishing Government IT

article thumbnail

Feds Warn Healthcare Entities of 'Evernote' Phishing Scheme

Data Breach Today

AUGUST 12, 2022

Scam Uses 'Secure Message' Theme and Trojan to Harvest Credentials A "secure message-themed" phishing campaign targeting healthcare providers aims to lure recipients to an Evernote notepad website in an attempt by hackers to harvest security credentials, federal authorities warn, saying the scheme puts entities at risk for potential data security compromises. (..)

Phishing Risk Security

article thumbnail

DarkGate Malware Operators on a Phishing Spree

Data Breach Today

SEPTEMBER 11, 2023

Vectors Includes Teams Phishing and Malvertising Advertising on Russian-language criminal forums is paying off for the author of the DarkGate malware as reflected by a spike in infections, including an unusual phishing campaign on Microsoft Teams to deliver the loader through HR-themed social engineering chat messages.

Phishing

article thumbnail

View to a Phish: W3LL Specializes in Microsoft 365 Hacking

Data Breach Today

SEPTEMBER 6, 2023

Phishing Platform Automates Big Business Email Compromise Attacks, Researchers Find A sophisticated phishing toolkit called W3LL Panel has been used to exploit at least 8,000 endpoints since the middle of last year to perpetrate costly business email compromise schemes, Group-IB reports.

Phishing

article thumbnail

‘The Manipulaters’ Improve Phishing, Still Fail at Opsec

Krebs on Security

APRIL 3, 2024

Roughly nine years ago, KrebsOnSecurity profiled a Pakistan-based cybercrime group called “ The Manipulaters ,” a sprawling web hosting network of phishing and spam delivery platforms. Manipulaters advertisement for “Office 365 Private Page with Antibot” phishing kit sold on the domain heartsender,com.

Phishing Passwords Risk Sales

article thumbnail

Feds Levy First-Ever HIPAA Fine for a Phishing Breach

Data Breach Today

DECEMBER 7, 2023

Incident That Affected 35,000 Urgent Care Clinic Patients Results in $480K Fine Weeks after the Department of Health and Human Services announced its first HIPAA enforcement action in a ransomware breach, federal regulators have reached another milestone: a $480,000 settlement in a HIPAA case centered for the first time ever on a phishing attack.

Phishing Ransomware IT

article thumbnail

The Evolution of Phishing From Email to SMS and Voice Hacks

Data Breach Today

JUNE 17, 2022

KnowBe4's Roger Grimes on Why MFA Alone Isn't a Successful Hack Prevention Strategy Phishing is no longer restricted to just emails.

Phishing

article thumbnail

Black Hat Fireside Chat: User feedback, AI-infused email security are both required to deter phishing

The Last Watchdog

AUGUST 21, 2024

I recently learned all about the state-of-the art of phishing attacks – the hard way. We discussed just how targeted and contextualized advanced phishing attacks, like the one I experienced, can be. Foolishly, I did so all too quickly. For a full drill down, please give the accompanying podcast a listen.

Phishing Security IT

article thumbnail

Beating Clever Phishing Through Strong Authentication

Data Breach Today

NOVEMBER 23, 2022

But strong authentication can thwart even the most clever phishing campaigns, says Brett Winterford, regional chief security officer for APJ at Okta. Successful account takeovers are one of the most common ways that organizations end up with attackers in their systems.

Authentication Phishing Security

article thumbnail

Phishing Campaign Targets Job Seekers, Employers

Data Breach Today

MARCH 4, 2023

Attackers Exploit Economic Downturn by Deploying Malware in Resumes, ID Attachments Threat actors are exploiting the ongoing economic downturn using job-themed phishing and malware campaigns to target job seekers and employers to steal sensitive information and hack company recruiters.

Phishing

article thumbnail

Rackspace Warns of Phishing Attempts Post Ransomware

Data Breach Today

DECEMBER 10, 2022

Class Action Lawsuit Filed Against Rackspace for Negligence Hosted services company Rackspace is warning customers about the increasing risk of phishing attacks following a ransomware attack causing ongoing outages to its hosted Exchange environment. The Texas-based firm also is now facing a class action lawsuit.

Phishing Ransomware Risk IT

article thumbnail

Phishing Attacks Targeting Political Parties, Germany Warns

Data Breach Today

APRIL 4, 2024

Escalation of Cyberespionage Likely Tied to Upcoming European Elections German federal agencies warned that phishing attacks targeting political parties surged ahead of upcoming European Union elections. The government did not attribute the attacks to a specific country but confirmed that they are tied to a nation-state group.

Phishing Government

article thumbnail

Law Enforcement Takes Down Phishing As A Service Site

Data Breach Today

AUGUST 9, 2023

Authorities In Multiple Countries Arrest Operators of 16Shop An international law enforcement operation took down a phishing-as-a-service website that security researchers say was responsible for more than 150,000 phishing domains. The site, 16shop, sold phishing kits that targeted more than 70,000 people in 43 countries.

Phishing Security

article thumbnail

Law Enforcement Takes Down Phishing-as-a-Service Site

Data Breach Today

AUGUST 10, 2023

Authorities in Multiple Countries Arrest Operators of 16shop An international law enforcement operation took down a phishing-as-a-service website that security researchers say was responsible for more than 150,000 phishing domains. The site, 16shop, sold phishing kits that targeted more than 70,000 people in 43 countries.

Phishing Security

article thumbnail

Belarus Hackers Targeting Poland, Ukraine With RAT, Phishing

Data Breach Today

JULY 14, 2023

State-Linked Spear-Phishing Campaign Targeting Government, Military Personnel Belarus state-linked hackers are targeting government and military entities in both Ukraine and Poland with spear-phishing campaigns that deliver remote access Trojans.

Phishing Military Government Access

article thumbnail

Mass Phishing Campaign Targets Zimbra Users Worldwide

Data Breach Today

AUGUST 18, 2023

Targets Include Small and Medium Businesses and Government Agencies Threat actors are on a phishing spree targeting users of Zimbra Collaboration email suite, in particular small and medium businesses and government agencies.

Phishing Government Security IT

article thumbnail

Ukraine Tracks Multiple Spear Phishing Campaigns From Russia

Data Breach Today

JUNE 20, 2023

Russia is intensifying phishing campaigns againt Ukraine. Russian GRU Hackers Reach for Government Email Inboxes Cybersecurity defenders in Ukraine revealed multiple Russian spearphishing campaigns including an effort by Kremlin military intelligence to penetrate open source email servers used by government agencies.

Phishing Military Government Cybersecurity

article thumbnail

Kyiv Cyber Defenders Spot Open-Source RAT in Phishing Emails

Data Breach Today

AUGUST 8, 2023

The threat actor spoofed the Computer Emergency Response Team of Ukraine in phishing emails. Threat Actor Coaxes Users Into Downloading MerlinAgent Hackers attempting to spy on the Ukrainian government are using an open-source remote access Trojan, said Kyiv cyber defenders. The RAT, MerlinAgent, is available on GitHub.

Phishing Government Access