Microsoft on Thursday disclosed an "Extensive series of credential phishing campaigns" that takes advantage of a custom phishing kit that stitched together components from at least five different widely circulated ones with the goal of siphoning user login information. Phishing kits, often sold as one time payments in underground forums, are packaged archive files containing images, scripts, and HTML pages that enable a threat actor to set up phishing emails and pages, using them as lures to harvest and transmit credentials to an attacker-controlled server.
The latest findings show tech support scams, which often arrive as a pop-up alert convincingly disguised using the names and branding of major tech companies, have become the top phishing threat to consumers. Tech support scams are expected to proliferate in the upcoming holiday season, as well as shopping and charity-related phishing attacks.
A prolific email phishing threat actor - TA505 - is back from the dead, according to enterprise security software slinger Proofpoint. TA505, which was last active in 2020, restarted its mass emailing campaigns in September - armed with new malware loaders and a RAT. "Many of the campaigns, especially the large volume ones, strongly resemble the historic TA505 activity from 2019 and 2020," said Proofpoint in a statement today.
Tech support scams work because they try to trick people into believing there's a serious security crisis with their computers, says Norton Labs. The tech support ruse was the number one scam described by Norton Labs in its new October Consumer Cyber Safety Pulse Report.
Phishing actors are following a new trend of targeting non-executive employees but who still have access to valuable areas within an organization. As reported by Avanan researchers, half of all phishing emails they analyzed in recent months impersonated non-executives, and 77% of them targeted employees on the same level.
Phishing actors are now using mathematical symbols on impersonated company logos to evade detection from anti-phishing systems. All three spoofing types masquerade as voicemail notifications containing an embedded 'Play' button, that when clicked, take the user to a phishing portal that was crafted to look like a Verizon website.
Intuit has warned QuickBooks customers that they are targeted by an ongoing phishing campaign impersonating the company and trying to lure potential victims with fake renewal charges. Intuit also provides information on how customers can protect themselves from phishing attempts on its support website.
Blackberry's Research and Intelligence Team has uncovered three phishing schemes targeting Indian nationals, and says a Chinese state-sponsored malware gang is the culprit. Blackberry identified the responsible party as APT41 - a prolific Chinese state-sponsored cyberthreat group that has carried out what Fireye called "Espionage activity in parallel with financially motivated operations" since at least 2012.
That lesson was hammered home through a recent phishing attack that stole money from Coinbase customers. The attackers were able to move funds from Coinbase to their own accounts, thus stealing a vast amount of money in the form of cryptocurrency.
One brand that's been getting a lot of exposure among phishing campaigns is Chase Bank as cybercriminals are increasingly targeting people who use the company's financial services. The American subsidiary of JP Morgan Chase, Chase Bank is now ranked as the sixth most spoofed brand seen in phishing URLs, according to Cyren.