Security News

Phishers are looking to trick owners of Facebook pages with fake notices from the social network, in an attempt to get them to part with sensitive information. Such a link makes it less likely that email security solutions will flag the email as potentially malicious, and can also give a false sense of security to the potential targets, as the email ostensibly came from Facebook and contains a link to a page hosted on Facebook.

Group-IB has discovered that the recently disclosed phishing attacks on the employees of Twilio and Cloudflare were part of the massive phishing campaign that resulted in 9,931 accounts of over 130 organizations being compromised. Group-IB Threat Intelligence team uncovered and analyzed the attackers' phishing infrastructure, including phishing domains, the phishing kit as well as the Telegram channel controlled by the threat actors to drop compromised information.

Threat actors are making their way around two-factor authentication and using other clever evasion tactics in a recently observed phishing campaign aimed at taking over Coinbase accounts to defraud users of their crypto balances. Attackers employ a range of tactics to avoid detection, including one researchers call "Short lived domains"-in which the domains used in the attack "Stay alive for extremely short periods of time"-that deviates from typical phishing practices, researchers wrote.

An ongoing, large-scale phishing campaign is targeting owners of business email accounts at companies in the FinTech, Lending, Insurance, Energy and Manufacturing sectors in the US, UK, New Zealand and Australia, Zscaler researchers are warning. The attackers are using a variety of tecniques and tactics to evade corporate email security solutions and a custom phishing kit that allows them to bypass multi-factor authentication protection to hijack enterprise Microsoft accounts.

A massive phishing campaign has been targeting Office 365 users in over 10,000 organizations since September 2021 and successfully bypassing multi-factor authentication set up to protect the accounts. The attackers use proxy servers and phishing websites to steal users' password and session cookie.

Phishers taking advantage of Gmail's SMTP relay service to impersonate brands. It was recently found by cloud email security company Avanan that phishers have been exploiting Gmail's SMTP relay service since at least April.

Phishers are trying to harvest credentials for Office 365 or other business email accounts by impersonating the U.S. Department of Labor, Inky's researchers have warned. Tricks used by the phishers to grab business email credentials.

International courier and package delivery company DHL heads the list of most imitated brands by phishers and malware peddlers in Q4 2021, according to Check Point Research. "FedEx also appeared in the top ten list for the first time in Q4 2021, no doubt the result of threat actors trying to target vulnerable online shoppers in the run-up to the festive season as the pandemic remained a key concern," the company has noted.

Phishers are creating Adobe Creative Cloud accounts and using them to send phishing emails capable of thwarting traditional checks and some advanced threat protection solutions, Avanan security researcher Jeremy Fuchs warns. This new wave of attacks started in December 2021, and they are exploiting the fact that Adobe's apps are designed to foster collaboration by sharing documents.

Malicious emails can be used to reach many targets with relative ease, and criminals can purchase ready-made phishing kits that bundle together everything they need for a lucrative campaign. After analyzing three months of phishing email traffic, we found that most attacks follow the money to either big tech or leading financial firms.