Security News

That's especially true with phishing emails that attempt to hide the source of their deceptive landing pages and spoof or reference a well-known company or brand. A new phishing attack analyzed by Armorblox takes advantage of Symantec to trick users into falling for the scam.

Motimatic, a social impact company that enhances motivation and reinforces positive behavior through its marketing-for-good platform, announced the launch of a new cybersecurity solution for corporate employees. Motimatic for Cybersecurity enables enterprises to complement their existing cybersecurity investments by leveraging the power of social media and digital advertising to deliver targeted messages that educate employees, reinforce best practices, and motivate viewers to take preventative measures against cyberattacks.

The campaign impersonates Zoom emails, but steals the Microsoft account credentials of its victims, says security firm Abnormal Security. A new phishing campaign spotted by Abormal Security takes advantage of the popularity of Zoom to try to capture account credentials of unsuspecting users.

We believe we are less likely than others are to fall for phishing scams, thereby underestimating our own exposure to risk, a cybersecurity study has found. Half of the subjects were asked how likely they were to take the requested action while the other half was asked how likely another, specifically, "Someone like them," would do so.

Phishing emails typically try to ensnare their victims by impersonating well-known companies, brands, products, and other items used by a lot of people. The phishing email itself tries to look legitimate by copying the content and images of real emails from DocuSign.

The lifespan of phishing attacks in H2 2019 has grown considerably and resulted in the tremendous increase in the number of phishing websites blockages, says Group-IB's Computer Emergency Response Team. In H2 2019 CERT-GIB blocked a total of 8, 506 phishing web resources, while in H2 2018, the figure stood at 2,567.

The email tells recipients that "The best way to update details is to log on to your EE" and offers a hyperlink that states 'view billing to make sure your account details are correct' to entice the recipient to click the phishing link. The phishing landing page uses the trusted HTTPS protocol within the URL. The use of HTTPS, which other phishing campaigns have utilized, gives false hope to the user that network traffic is being encrypted and that it's therefore safe.

A new phishing campaign discovered by security provider Abnormal Security is exploiting the greater use of Teams as a way to hijack Microsoft account credentials. In a blog post published on Friday, Abnormal Security found a series of convincing emails designed to spoof notification messages from Microsoft Teams.

A new report from Kaspersky found that cybercriminals are using the increase in delivery demand to push convincing phishing emails into thousands of inboxes. "The spikes in demand are causing in-transit times to stretch out. As a result, customers are getting used to receiving apologetic messages from couriers linking to updated shipping statuses. Recently, we have observed a number of fake sites and emails supposedly from delivery services exploiting the coronavirus topic," Kaspersky Lab anti-spam analyst Tatyana Shcherbakova wrote in a blog post.

A sophisticated phishing kit has been used by multiple cybercrime groups to target high-ranking employees in North America and other parts of the world, and researchers believe there are at least 150 victims. The emails and PDF documents used in the PerSwaysion campaign have been created with a phishing kit and an associated PDF generator that Group-IB believes was developed by someone in Vietnam.