Security News

While the number of new ransomware variants continues to decline, ransomware attacks' severity remains significant. In the first half of 2023 alone, the number of email-based phishing attacks has surged 464% when compared to 2022.

I never click on it, because it's so obviously spam. Turns out that hackers have been harvesting actual UPS delivery data from a Canadian tracking tool for its phishing SMSs. Tags: cybercrime, phishing, phones, SMS, spam.

ChatGPT can be used to generate phishing sites, but could it also be used to reliably detect them? Security researchers have tried to answer that question. What surprised the researchers was the fact that ChatGPT managed to detect potential phishing targets.

Multinational shipping company UPS is alerting Canadian customers that some of their personal information might have been exposed via its online package look-up tools and abused in phishing attacks. At first glance, the letters sent by UPS Canada, titled "Fighting phishing and smishing - an update from UPS," seem to be a warning to customers about the dangers of phishing.

The firm used its own AI models to determine that certain emails sent to its customers later identified as phishing attacks were probably AI-generated, according to Dan Shiebler, head of machine learning at Abnormal. "The danger of generative AI in email attacks is that it allows threat actors to write increasingly sophisticated content, making it more likely that their target will be deceived into clicking a link or following their instructions," he said, adding that AI can also be used to create greater personalization.

Attacks on commerce are booming, according to a new study by security firm Akamai. Bots raining on retail drive flood in commerce attacks.

A report from the Microsoft Defender Experts reveals a new multi-staged adversary in the middle phishing attack combined with a business email compromise attack targeting banking and financial institutions. The phishing email impersonates one of the target's trusted vendors to appear more legitimate and blend with legitimate email traffic and bypass detections, especially when an organization has policies to automatically allow emails from trusted vendors.

A widespread brand impersonation campaign targeting over a hundred popular apparel, footwear, and clothing brands has been underway since June 2022, tricking people into entering their account credentials and financial information on fake websites. The researchers say that the campaign operated over ten fake websites for Nike, Puma, and Clarks, featuring a design very similar to the official sites of the brands.

Banking and financial services organizations are the targets of a new multi-stage adversary-in-the-middle phishing and business email compromise attack, Microsoft has revealed. "The attack originated from a compromised trusted vendor and transitioned into a series of AiTM attacks and follow-on BEC activity spanning multiple organizations," the tech giant disclosed in a Thursday report.

A Chinese-speaking phishing gang dubbed PostalFurious has been linked to a new SMS campaign that's targeting users in the U.A.E. by masquerading as postal services and toll operators, per Group-IB. The fraudulent scheme entails sending users bogus text messages asking them to pay a vehicle trip fee to avoid additional fines. The messages also contain a shortened URL to conceal the actual phishing link.