Security News

Phishers are creating Adobe Creative Cloud accounts and using them to send phishing emails capable of thwarting traditional checks and some advanced threat protection solutions, Avanan security researcher Jeremy Fuchs warns. This new wave of attacks started in December 2021, and they are exploiting the fact that Adobe's apps are designed to foster collaboration by sharing documents.

Malicious emails can be used to reach many targets with relative ease, and criminals can purchase ready-made phishing kits that bundle together everything they need for a lucrative campaign. After analyzing three months of phishing email traffic, we found that most attacks follow the money to either big tech or leading financial firms.

The past year's massive migration of movie and television audiences to streaming services has provided scammers with a sweet opportunity to launch phishing attempts to lure would-be subscribers into giving up their payment information. Where there's payment data, cybercriminals are sure to follow, Kaspersky's Leonid Grustniy pointed out in his latest report, warning about phishing campaigns disguised to look like Netflix, Amazon Prime and other streaming service offers.

A threat actor tracked as Shatak recently partnered with the ITG23 gang to deploy Conti ransomware on targeted systems. The Shatak operation partners with other malware developers to create phishing campaigns that download and infect victims with malware.

Abnormal Security removed the blog post after receiving legal notice from Zix. Through their PR agency, Zix contacted us to say that the blog post was removed because they believe it contained multiple false and misleading statements, and they asked us to remove our article or issue a retraction.

Innovative twists on banking scams and corporate-account hunters wielding increasingly clever lures, including those with COVID-19 vaccine promises, are likely to dominate the spam and phishing landscape throughout Q2 2021, according to researchers. Another particularly despicable COVID scam email specifically targeted people over 65 seeking a vaccine, the researchers added.

Microsoft offers rewards for security bugs in Microsoft TeamsMicrosoft is starting a new Applications Bounty Program, and the first application that they want researchers to find bugs in is Microsoft Teams, its popular business communication platform. SECURE Magazine issue 68 released(IN)SECURE Magazine is a free digital security publication discussing some of the hottest information security topics.

Phishers have been exploiting people's fear and curiosity regarding breakthroughs and general news related to the COVID-19 pandemic from the very start, and will continue to do it for as long it affects out private and working lives. Cybercriminals continually exploit public interest in COVID-19 relief, vaccines, and variant news, spoofing the Centers for Disease Control, U.S. Internal Revenue Service, U.S. Department of Health and Human Services, World Health Organization, and other agencies and businesses.

Phishers are trying to trick users into opening a "LinkedIn Private Shared Document" and entering their login credentials into a fake LinkedIn login page, security researcher JB Bowers warns. The phishing message is delivered via LinkedIn's internal messaging system and looks like it has been sent by one of the victim's contacts.

The constant increase in phishing attacks and the damage they cause make all of us anxious, especially since they're becoming harder to detect. To protect yourself from phishing, you must understand how phishers operate, what motivates them, and which tricks they tend to use.