Security News

A phishing scam has swindled a Puerto Rico government agency out of more than $2.6 million, according to reports. According to reports, the email-based phishing scam hit Puerto Rico's Industrial Development Company, which is a government-owned corporation aimed at driving economic development to the island along with local and foreign investors.

Deceptive Phishing - The most common type of phishing attacks, whereby threat actors impersonate a legitimate company to steal users' personal data and access credentials. Spear Phishing - These types of attacks are more sophisticated, whereby the threat actor customizes the attack email with the target's name, job title, company, and other personal information to make the recipient believe they have a connection to the sender.

Several cybersecurity companies have spotted campaigns that use coronavirus-themed emails to deliver malware, phishing attempts and scams. The malicious emails warn potential victims about the impact of the coronavirus on the shipping industry.

As fears about the coronavirus continue to spread, cybercriminals are using the health crisis to send phishing emails using a variety of tactics to a broader range of targets. In late January, IBM X-Force researchers discovered a first wave of phishing scams that targeted some regions in Japan to spread the Emotet Trojan, as well as other malware, by using malicious messages that appear to contain information about coronavirus.

PayPal came in first of the 25 most impersonated brands in phishing attacks for the fourth quarter of 2019, according to a report released Tuesday by Vade Secure. Though PayPal-impersonated phishing attacks fell by 31% compared with the third quarter, the volume of such attacks rose by 23% from the last quarter of 2018.

PayPal remains the top brand impersonated in phishing attacks for the second quarter in a row, with Facebook taking the #2 spot and Microsoft coming in third, according to Vade Secure. For the second straight quarter, PayPal was the most impersonated brand in phishing attacks.

Several law firms are racing to be among the first to file class action lawsuits against PIH Health in the wake of the California-based regional healthcare network reporting last month that a 2019 phishing breach affected nearly 200,000 individuals. Since Jan. 30, at least three law firms have issued public statements announcing they are "Investigating" the data breach reported on Jan. 10 by PIH Health and inviting victims of the incident to contact the firms with information about the impact.

A recently uncovered phishing campaign, targeting PayPal users, pulls out all the stops and asks victims for the complete spectrum of personal data - even going so far as to ask for social security numbers and uploaded photos of their passports. Some parts of the phishing email make strange use of exclamation points - For instance, the top of the email says "PayPal Notifications Center !" and the phishing link button reads, "Secure and update my account now !".

Last week, IBM and Kaspersky caught hackers in Japan trying to spread malware through emails with links about the coronavirus outbreak that started in Wuhan, China, in January. Now, Kaspersky and Sophos have found phishing emails from cybercriminals purporting to be from the Centers for Disease Control and Prevention and the World Health Organization that are attempts to steal email credentials and other information.

A new phishing campaign is attempting to deliver sophisticated malware that can completely hijack an Android mobile device to steal user credentials, install a keylogger and even hold a device's data for ransom. Researchers at Cofense, who discovered the campaign, said the malware targets more than 250 Android apps with tailored login overlay screens used to capture credentials inputted into the apps.