Security News
The phishing emails led to malicious websites that used the same HTML and CSS found in actual White House sites, says email security provider INKY. Phishing emails and their associated websites often impersonate well-known organizations, brands, businesses, and other familiar subjects to try to trap potential victims. A series of recent phishing emails examined by INKY targeted people curious or anxious about COVID-19 by impersonating the White House and some in the administration.
IRONSCALES, the pioneer of self-learning email security, announced that Themis, its AI-driven virtual security analyst, now has the ability to be fully autonomous in the classification and removal of email threats. Security analysts can now measurably increase the speed and accuracy of their email security by allowing Themis to make time-sensitive decisions on email threat mitigation without any human involvement.
The Cofense Phishing Defense Center discovered new phishing attacks that use socially engineered emails promising access to important information about cases of COVID-19 in the receiver's local area, according to a blog post published Tuesday by Cofense researcher Kian Mahdavi. "While these secure email gateways are designed to safeguard end users from clicking on malicious links and attachments, both failed in a new phishing attack we recently observed," Mahdavi wrote in the post.
A new phishing campaign is using the fear of being infected as a way to spread malware, as spotted by security trainer KnowBe4. Cybercriminals who specialize in phishing attacks have been exploiting the coronavirus for the past couple of months.
IBM and FireEye have spotted a campaign that relies on fake "COVID-19 Payment" emails to deliver the Zeus Sphinx banking trojan to people in the United States, Canada and Australia. The emails have the subject line "COVID-19 payment" and they carry malicious documents named "COVID 19 relief."
There has been a steady increase in the number of coronavirus COVID-19-related email attacks since January, according to security firm Barracuda Networks, but researchers have observed a recent spike in this type of attack, up a whopping 667% since the end of February. "The attacks use common phishing tactics that are seen regularly; however, a growing number of campaigns are using the coronavirus as a lure to try to trick distracted users to capitalize on the fear and uncertainty of their intended victims," the company said.
A UK housing association blurted 3,500 people's sensitive personal data as part of a bungled "Please update your contact details" email exercise, The Register has been told. Watford Community Housing sent the email on the night of 23 March to people it thought were its tenants.
The latest malicious COVID-19 campaigns are repurposing conventional phishing emails with a coronavirus angle, says security trainer KnowBe4. With the coronavirus upper most in our minds, bad actors have been deploying different waves of COVID-19 phishing emails, each with its own unique approach, according to KnowBe4.
The Russia-linked cyber-espionage group known as Pawn Storm has been leveraging hijacked email accounts to send phishing emails to potential victims, Trend Micro's security researchers reveal. For years, Pawn Storm has relied on phishing to gain access to systems of interest, but Trend Micro observed a shift in tactics, techniques, and procedures in May 2019, when the group started using the compromised email accounts of high-profile targets to send credential phishing emails.
Then they're threatening to infect your family with coronavirus. To ρrove my poιnτ, tell me, does [REDACTED] ring αny bell yοu? It was οηe οf yοur pαsswοrds.