Phishing and Retail - Information Management Today

Crooks stole €15 Million from European retail company Pepco

Security Affairs

MARCH 1, 2024

million from the European variety retail and discount company Pepco through a phishing attack. The Hungarian business of the European discount retailer Pepco Group has been the victim of a phishing attack, crooks stole about 15 million euros ($16.3 Crooks stole €15.5 million in cash, before any potential recovery.

Retail

Retail Phishing Access IT

Volvo retailer leaks sensitive files

Security Affairs

APRIL 15, 2023

The Brazilian retail arm of car manufacturing giant Volvo leaked sensitive files, putting its clientele in the vast South American country in peril. Volvo’s retailer in Brazil, Dimas Volvo, leaked sensitive files through its website. website, belonging to an independent Volvo retailer in the Santa Catarina region of Brazil.

Retail

Retail Manufacturing Communications Passwords

China-based Fangxiao group behind a long-running phishing campaign

Security Affairs

NOVEMBER 17, 2022

A China-based financially motivated group, tracked as Fangxiao, is behind a large-scale phishing campaign dating back as far as 2019. Researchers from Cyjax reported that a China-based financially motivated group, dubbed Fangxiao, orchestrated a large-scale phishing campaign since 2017. SecurityAffairs – hacking, phishing).

Phishing

Phishing Retail Security IT

Webinars

Automation, Evolved: Your New Playbook For Smarter Knowledge Work

MORE WEBINARS

Exclusive: Welcome “Frappo” – Resecurity identified a new Phishing-as-a-Service

Security Affairs

MAY 10, 2022

“Frappo” acts as a Phishing-as-a-Service and enables cybercriminals the ability to host and generate high-quality phishing pages which impersonate major online banking, e-commerce, popular retailers, and online-services to steal customer data. Detailed analysis of the Phishing-As-A-Service Frappo is available here: [link].

Phishing

Phishing Retail Financial Services Data breaches

Online Retailer LightInTheBox exposes unsecured DB containing 1.3TB of web server logs

Security Affairs

DECEMBER 17, 2019

LightInTheBox is a Chinese online retailer trading on the New York Stock Exchange, most of its customers are in North America and Europe. “Led by cybersecurity analysts Noam Rotem and Ran Locar, vpnMentor’s research team discovered a leak in a database belonging to the online retailer LightInTheBox.” Pierluigi Paganini.

Retail

Retail e-Discovery Data breaches Archiving

Protecting Retailers Against Cyber Risks on Black Friday and Cyber Monday

Thales Cloud Protection & Licensing

NOVEMBER 26, 2024

Protecting Retailers Against Cyber Risks on Black Friday and Cyber Monday josh.pearson@t… Tue, 11/26/2024 - 08:01 As Black Friday and Cyber Monday loom, the stakes for retailers extend far beyond enticing deals and record sales. With retail sales during 2024 set to grow to between $5.23 trillion and $5.28 trillion and $5.28

Retail

Retail Risk Data breaches Sales

Threat Report Portugal: Q2 2020

Security Affairs

AUGUST 14, 2020

The campaigns were classified as either phishing or malware. Phishing and Malware Q2 2020. The results depicted in Figure 1 show that phishing campaigns (84,5%) were more prevalent than malware (15,5%) during Q2 2020. From Figure 2, January presented a total of 15 phishing campaigns, 29 in February and 46 during March.

Phishing

Phishing Data collection Retail Security awareness

Threat Report Portugal Q1 2020

Security Affairs

APRIL 20, 2020

Threat Report Portugal Q1 2020: Phishing and malware by numbers. The campaigns were classified as either phishing or malware. Phishing and Malware Q1 2020. The results depicted in Figure 1 show that phishing campaigns (57,7%) were more prevalent than malware (42,3%) during Q1 2020.

Phishing

Phishing Retail Security awareness Data collection

Google: Security Keys Neutralized Employee Phishing

Krebs on Security

JULY 23, 2018

Google has not had any of its 85,000+ employees successfully phished on their work-related accounts since early 2017, when it began requiring all employees to use physical Security Keys in place of passwords and one-time codes, the company told KrebsOnSecurity. The basic model featured here retails for $20. a mobile device).

Phishing

Phishing Security Authentication Passwords

Credential-Harvesting Campaign Impersonates Fashion Retailer Shein

KnowBe4

MAY 7, 2024

A phishing campaign is impersonating fashion retailer Shein in an attempt to steal users’ credentials, according to researchers at Check Point.

Retail

Retail Phishing Security

Experts report a rampant growth in the number of malicious, lookalike domains

Security Affairs

NOVEMBER 18, 2019

Cyber security firm Venafi announced it has uncovered lookalike domains with valid TLS certificates that appear to target major retailers. The number is doubled compared to last year, the study revealed that less than 19,890 certificates have been issued for legitimate retail domains. retailers with over 49,500 typosquatted domains.

Retail

Retail Encryption Phishing Authentication

Threat Report Portugal: Q4 2020

Security Affairs

JANUARY 26, 2021

Threat Report Portugal Q4 2020: Data related to Phishing and malware attacks based on the Portuguese Abuse Open Feed 0xSI_f33d. The submissions were classified as either phishing or malware. Phishing and Malware Q4 2020. These kinds of malware come from Brazil and the attacks are disseminated via phishing campaigns.

Phishing

Phishing Retail Security awareness Data collection

Threat actors stole 1.1 million customer accounts from 17 well-known companies

Security Affairs

JANUARY 6, 2022

Credential stuffing attacks involve botnets trying stolen login credentials usually obtained through phishing attacks and data breaches. “After reviewing thousands of posts, the OAG compiled login credentials for customer accounts at 17 well-known companies, which included online retailers, restaurant chains, and food delivery services.

Retail

Retail Passwords Data breaches Phishing

Black Friday and Cyber Monday, crooks are already at work

Security Affairs

NOVEMBER 19, 2022

Other campaigns observed by the experts invited recipients to claim gift cards from popular retailers like Home Depot. In this case, the spam messages include links to fake online survey pages that have nothing to do with the retailer’s gift card.

Retail

Retail Sales Phishing Passwords

Russian TA505 threat actor target financial entities worldwide

Security Affairs

APRIL 18, 2019

“CyberInt researchers have been tracking various activities following the spear-phishing campaign targeting large US-based retailers detected in December 2018.” In December 2018 also targeted large US retailers and organizations in the food and beverage industry with spear-phishing attacks.

Retail

Retail Phishing Ransomware Access

Global Scamdemic: Scams Become Number One Online Crime

Security Affairs

JUNE 10, 2021

Overall, fraud accounts for 73% of all online attacks: 56% are scams (fraud that results in the victim voluntarily disclosing sensitive data) and 17% are phishing attacks (theft of bank card details). Insurance companies around the world are now suffering from phishing.

Phishing

Phishing Retail Insurance Risk

Are Retailers Shopping for a Cybersecurity Breach?

Thales Cloud Protection & Licensing

NOVEMBER 22, 2022

Are Retailers Shopping for a Cybersecurity Breach? Retailers started the century as the prime targets for cyber attackers looking for credit card data. Today, unfortunately, retailers are again coming back to the spotlight. Similar to many organizations, 36% of retail respondents cited human error as the leading threat.

Retail

Retail Cybersecurity Ransomware Authentication

SMS Phishers Harvested Phone Numbers, Shipment Data from UPS Tracking Tool

Krebs on Security

JUNE 22, 2023

The United Parcel Service (UPS) says fraudsters have been harvesting phone numbers and other information from its online shipment tracking tool in Canada to send highly targeted SMS phishing (a.k.a. ” Pivoting on the domain in the smishing message sent to Dylan shows the phishing domain shared an Internet host in Russia [91.215.85-166]

Phishing

Phishing Retail IT Communications

Threat Report Portugal: Q2 2021

Security Affairs

JULY 22, 2021

The submissions were classified as either phishing or malware. Phishing and Malware Q2 2021. The results depicted in Figure 1 show that phishing campaigns (69,5%) were more prevalent than malware (30,5%) during Q2 2021. Analyzing these results, it’s possible to notice an increased number of phishing submissions in December 2020.

Phishing

Phishing Data collection Retail Security awareness

USPS Surges to Take Top Spot as Most Impersonated Brand in Phishing Attacks

KnowBe4

APRIL 23, 2024

New data shows phishing attacks are deviating from the traditional focus on technology and retail sectors and are opting for alternate brands with widespread appeal.

Phishing

Phishing Retail Security awareness Security

Ransomware attack disrupted store operations in the Netherlands and Germany

Security Affairs

NOVEMBER 8, 2021

Electronics retail giant MediaMarkt was hit by a ransomware attack that disrupted store operations in the Netherlands and Germany. Media Markt is a German multinational chain of stores selling consumer electronics with over 1000 stores in Europe.

Ransomware

Ransomware Computer and Electronics Retail Sales

Threat Report Portugal: Q1 2021

Security Affairs

MAY 2, 2021

Threat Report Portugal Q1 2021: Phishing and malware by numbers. The submissions were classified as either phishing or malware. Phishing and Malware Q1 2021. The results depicted in Figure 1 show that phishing campaigns (75,8%) were more prevalent than malware (24,2%) during Q1 2021. Threats by Sector.

Phishing

Phishing Data collection Retail Security awareness

Security Affairs newsletter Round 468 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

APRIL 21, 2024

carmaker with phishing attacks Law enforcement operation dismantled phishing-as-a-service platform LabHost Previously unknown Kapeka backdoor linked to Russian Sandworm APT Cisco warns of a command injection escalation flaw in its IMC. Automotive Industry Chinese Organized Crime’s Latest U.S.

Data breaches

Data breaches Security Ransomware MDM

Sports retail giant Decathlon leaks 123 million customer and employee records

IT Governance

FEBRUARY 26, 2020

Decathlon, the world’s largest sporting goods retailer, has suffered a massive data breach, affecting 123 million customer and employee records. It contained information from the retailer’s Spanish businesses and potentially its UK stores. The researchers even suggested that some employees could be in physical danger.

Retail

Retail Phishing Data breaches Education

Facebook links cyberespionage group APT32 to Vietnamese IT firm

Security Affairs

DECEMBER 11, 2020

Threat actors were contacting people of interest with romantic lures, they set up pages that were specifically designed to target followers with malware and phishing attacks. ” said Nathaniel Gleicher, Head of Security Policy at Facebook, and Mike Dvilyanski, Cyber Threat Intelligence Manager.

Agriculture

Agriculture IT Retail Manufacturing

FIN11 gang started deploying ransomware to monetize its operations

Security Affairs

OCTOBER 18, 2020

Researchers from FireEye’s Mandiant observed FIN11 hackers using spear-phishing messages distributing a malware downloader dubbed FRIENDSPEAK. ” The attack chain starts when the victims enable the macro embedded in an Excel spreadsheet that came with the phishing e-mails. . ” reads the analysis published by FireEye.

Ransomware

Ransomware IT Healthcare Phishing

The Life Cycle of a Breached Database

Krebs on Security

JULY 29, 2021

TARGETED PHISHING. But the more insidious threat with hacked databases comes not from password re-use but from targeted phishing activity in the early days of a breach, when relatively few ne’er-do-wells have got their hands on a hot new hacked database. The targeted phishing message that went out to classicfootballshirts.co.uk

Passwords

Passwords Phishing Mining Data breaches

Report: Threat of Emotet and Ryuk

Security Affairs

JANUARY 31, 2020

Analyzing the general distribution of the compromised domains, grouped by category, it is possible to verify that the most affected were as follows: professional/companies (20.2%), personal (13.5%), retail (12.7%) and industry (11.9%). Social media/communication organizations, health care and non-profit organizations were less impacted.

Ransomware

Ransomware Retail Phishing Encryption

Threat Report Portugal: Q3 2021

Security Affairs

NOVEMBER 14, 2021

The submissions were classified as either phishing or malware. Phishing and Malware Q3 2021. The results depicted in Figure 1 show that phishing campaigns (79,8%) were more prevalent than malware (20,2%) during Q3 2021. Analyzing these results, it’s possible to notice an increased number of phishing submissions in December 2020.

Phishing

Phishing e-Delivery Data collection Retail

The North Face website suffered a credential stuffing attack

Security Affairs

NOVEMBER 15, 2020

Retail giant The North Face has reset the passwords for some of its customers in response to a successful credential stuffing attack. Outdoor retail giant The North Face has forced a password reset for a number of its customers following a successful credential stuffing attack that took place on October 8th and 9th.

Passwords

Passwords Data breaches Retail Access

As of May 2024, Black Basta ransomware affiliates hacked over 500 organizations worldwide

Security Affairs

MAY 12, 2024

Most of the victims are in the manufacturing, engineering and construction, and retail sectors. Recommendations provided in the report include installing updates promptly, using phishing-resistant multi-factor authentication (MFA), securing remote access software, making backups, and applying mitigations from the #StopRansomware Guide.

Ransomware

Ransomware Blockchain Retail Insurance

Retail Sector Prepares for Annual Holiday Cybercrime Onslaught

Dark Reading

NOVEMBER 8, 2022

Retailers and hospitality companies expect to battle credential harvesting, phishing, bots, and various malware variants.

Retail

Retail Phishing

North Korean Lazarus APT stole credit card data from US and EU stores

Security Affairs

JULY 6, 2020

North Korea-linked Lazarus APT has been stealing payment card data from customers of large retailers in the U.S. Sansec researchers reported that North Korea-linked Lazarus APT group has been stealing payment card information from customers of large retailers in the U.S. and Europe for at least a year. and Europe for at least a year.

Retail

Retail Phishing Marketing IT

Shoemaker Ecco leaks over 60GB of sensitive data for 500+ days

Security Affairs

DECEMBER 21, 2022

CyberNews researchers reported that Ecco, a global shoe manufacturer and retailer, exposed millions of documents. Ecco, a global shoe manufacturer and retailer, exposed millions of documents. Original post @ [link]. It’s no use carrying an umbrella if your shoes are leaking, an old Irish proverb says.

Retail

Retail Manufacturing Sales Phishing

UNC2529, a new sophisticated cybercrime gang that targets U.S. orgs with 3 malware

Security Affairs

MAY 5, 2021

The group targeted the organization with phishing attacks aimed at spreading at least three new sophisticated malware strains. The phishing messages include links to a malicious website that serves the malware, experts pointed out that the emails had subject lines that were customized for each targeted organization.

Manufacturing

Manufacturing Phishing Military Retail

Holiday Spam, Phishing Campaigns Challenge Retailers

Dark Reading

DECEMBER 19, 2022

Revived levels of holiday spending have caught the eye of threat actors who exploit consumer behaviors and prey on the surge of online payments and digital activities during the holidays.

Retail

Retail Phishing

Threat Report Portugal: Q4 2021

Security Affairs

FEBRUARY 20, 2022

The submissions were classified as either phishing or malware. Phishing and Malware Q4 2021. The results depicted in Figure 1 show that phishing campaigns (92,2%) were more prevalent than malware (7,8%) during Q4 2021. A growing trend in phishing submissions was observed in Q4 (1180), with malware having 7.8% in Q3 2021.

e-Delivery

e-Delivery Phishing Data collection Retail

Threat Report Portugal: Q2 2022

Security Affairs

JULY 4, 2022

The submissions were classified as either phishing or malware. Phishing and Malware Q2 2022. The results depicted in Figure 1 show that phishing campaigns (68,9%) were more prevalent than malware (31,1%) during Q2 2022. A growing trend in phishing submissions was observed in Q2 (2630), with malware having 31.1%

Phishing

Phishing Data collection Retail Security awareness

Retailers: Credential Harvesting Attacks Are the “Big Thing” This Year for the Holiday Season

KnowBe4

NOVEMBER 21, 2022

New data polled from analysts and members of the retail industry about their security focus is this holiday season reveals the kinds of attacks every organization should be preparing for.

Retail

Retail Security Phishing

FIN7 group leverages Windows 11 Alpha-Themed docs to drop Javascript payloads

Security Affairs

SEPTEMBER 4, 2021

Anomali Threat Research experts have monitored recent spear-phishing attacks conducted by financially motivated threat actor FIN7. FIN7 cybercrime gang used weaponized Windows 11 Alpha-themed Word documents to drop malicious payloads, including a JavaScript backdoor. ” reads the analysis published by Anomali.

Retail

Retail Sales Phishing IT

Bodybuilding.com forces password reset after a security breach

Security Affairs

APRIL 23, 2019

Bad news for fitness and bodybuilding passionates, the popular online retailer Bodybuilding.com announced that hackers have broken into its systems. The popular online retailer website Bodybuilding.com announced last week that hackers have broken into its systems.

Passwords

Passwords Security Retail Personal data

FIN8 group used a previously undetected Sardonic backdoor in a recent attack

Security Affairs

AUGUST 25, 2021

The group focuses on organizations in the insurance, retail, technology, and chemical industries in the U.S., The group has been active since 2016, it leverages known malware such as PUNCHTRACK and BADHATCH to infect PoS systems and steal payment card data. Canada, South Africa, Puerto Rico, Panama, and Italy.

Retail

Retail Insurance Cybersecurity Phishing

Wipro Intruders Targeted Other Major IT Firms

Krebs on Security

APRIL 18, 2019

The crooks responsible for launching phishing campaigns that netted dozens of employees and more than 100 computer systems last month at Wipro , India’s third-largest IT outsourcing firm, also appear to have targeted a number of other competing providers, including Infosys and Cognizant , new evidence suggests. Image: urlscan.io.

IT

IT Retail Phishing Access

Retail Fraud Spikes Ahead of the Holidays

Dark Reading

OCTOBER 25, 2018

Researchers note massive increases in retail goods for sale on the black market, retail phishing sites, and malicious applications and social media profiles.

Retail

Retail Sales Phishing Marketing

Crooks stole €15 Million from European retail company Pepco

Volvo retailer leaks sensitive files

Webinars

Trending Sources

China-based Fangxiao group behind a long-running phishing campaign

Webinars

Exclusive: Welcome “Frappo” – Resecurity identified a new Phishing-as-a-Service

Online Retailer LightInTheBox exposes unsecured DB containing 1.3TB of web server logs

Protecting Retailers Against Cyber Risks on Black Friday and Cyber Monday

Threat Report Portugal: Q2 2020

Threat Report Portugal Q1 2020

Google: Security Keys Neutralized Employee Phishing

Credential-Harvesting Campaign Impersonates Fashion Retailer Shein

Experts report a rampant growth in the number of malicious, lookalike domains

Threat Report Portugal: Q4 2020

Threat actors stole 1.1 million customer accounts from 17 well-known companies

Black Friday and Cyber Monday, crooks are already at work

Russian TA505 threat actor target financial entities worldwide

Global Scamdemic: Scams Become Number One Online Crime

Are Retailers Shopping for a Cybersecurity Breach?

SMS Phishers Harvested Phone Numbers, Shipment Data from UPS Tracking Tool

Threat Report Portugal: Q2 2021

USPS Surges to Take Top Spot as Most Impersonated Brand in Phishing Attacks

Ransomware attack disrupted store operations in the Netherlands and Germany

Threat Report Portugal: Q1 2021

Security Affairs newsletter Round 468 by Pierluigi Paganini – INTERNATIONAL EDITION

Sports retail giant Decathlon leaks 123 million customer and employee records

Facebook links cyberespionage group APT32 to Vietnamese IT firm

FIN11 gang started deploying ransomware to monetize its operations

The Life Cycle of a Breached Database

Report: Threat of Emotet and Ryuk

Threat Report Portugal: Q3 2021

The North Face website suffered a credential stuffing attack

As of May 2024, Black Basta ransomware affiliates hacked over 500 organizations worldwide

Retail Sector Prepares for Annual Holiday Cybercrime Onslaught

North Korean Lazarus APT stole credit card data from US and EU stores

Shoemaker Ecco leaks over 60GB of sensitive data for 500+ days

UNC2529, a new sophisticated cybercrime gang that targets U.S. orgs with 3 malware

Holiday Spam, Phishing Campaigns Challenge Retailers

Threat Report Portugal: Q4 2021

Threat Report Portugal: Q2 2022

Retailers: Credential Harvesting Attacks Are the “Big Thing” This Year for the Holiday Season

FIN7 group leverages Windows 11 Alpha-Themed docs to drop Javascript payloads

Bodybuilding.com forces password reset after a security breach

FIN8 group used a previously undetected Sardonic backdoor in a recent attack

Wipro Intruders Targeted Other Major IT Firms

Retail Fraud Spikes Ahead of the Holidays

Stay Connected