Security News

Phishers taking advantage of Gmail's SMTP relay service to impersonate brands. It was recently found by cloud email security company Avanan that phishers have been exploiting Gmail's SMTP relay service since at least April.

Phishers are trying to harvest credentials for Office 365 or other business email accounts by impersonating the U.S. Department of Labor, Inky's researchers have warned. Tricks used by the phishers to grab business email credentials.

International courier and package delivery company DHL heads the list of most imitated brands by phishers and malware peddlers in Q4 2021, according to Check Point Research. "FedEx also appeared in the top ten list for the first time in Q4 2021, no doubt the result of threat actors trying to target vulnerable online shoppers in the run-up to the festive season as the pandemic remained a key concern," the company has noted.

Phishers are creating Adobe Creative Cloud accounts and using them to send phishing emails capable of thwarting traditional checks and some advanced threat protection solutions, Avanan security researcher Jeremy Fuchs warns. This new wave of attacks started in December 2021, and they are exploiting the fact that Adobe's apps are designed to foster collaboration by sharing documents.

Malicious emails can be used to reach many targets with relative ease, and criminals can purchase ready-made phishing kits that bundle together everything they need for a lucrative campaign. After analyzing three months of phishing email traffic, we found that most attacks follow the money to either big tech or leading financial firms.

The past year's massive migration of movie and television audiences to streaming services has provided scammers with a sweet opportunity to launch phishing attempts to lure would-be subscribers into giving up their payment information. Where there's payment data, cybercriminals are sure to follow, Kaspersky's Leonid Grustniy pointed out in his latest report, warning about phishing campaigns disguised to look like Netflix, Amazon Prime and other streaming service offers.

A threat actor tracked as Shatak recently partnered with the ITG23 gang to deploy Conti ransomware on targeted systems. The Shatak operation partners with other malware developers to create phishing campaigns that download and infect victims with malware.

Abnormal Security removed the blog post after receiving legal notice from Zix. Through their PR agency, Zix contacted us to say that the blog post was removed because they believe it contained multiple false and misleading statements, and they asked us to remove our article or issue a retraction.

Innovative twists on banking scams and corporate-account hunters wielding increasingly clever lures, including those with COVID-19 vaccine promises, are likely to dominate the spam and phishing landscape throughout Q2 2021, according to researchers. Another particularly despicable COVID scam email specifically targeted people over 65 seeking a vaccine, the researchers added.

Microsoft offers rewards for security bugs in Microsoft TeamsMicrosoft is starting a new Applications Bounty Program, and the first application that they want researchers to find bugs in is Microsoft Teams, its popular business communication platform. SECURE Magazine issue 68 released(IN)SECURE Magazine is a free digital security publication discussing some of the hottest information security topics.