Security News

Germany's Bundeskriminalamt, the country's federal criminal police, carried out raids on the homes of three individuals yesterday suspected of orchestrating large-scale phishing campaigns that defrauded internet users of €4,000,000. The three men obtained money from their victims by sending them phishing emails that were clones of messages from real German banks.

The APWG's Phishing Activity Trends Report reveals that in the second quarter of 2022, the APWG observed 1,097,811 total phishing attacks - the worst quarter for phishing that APWG has ever observed. This Help Net Security video uncovers how the number of phishing attacks reported has quadrupled since early 2020.

The Internal Revenue Service warned Americans of an exponential rise in IRS-themed text message phishing attacks trying to steal their financial and personal information in the last few weeks. Such scam texts redirect U.S. taxpayers to phishing landing pages designed to collect sensitive information using various baits.

In the latest version of Windows 11, Microsoft is introducing a feature in its Microsoft Defender SmartScreen tool designed to keep passwords safer. The enhanced phishing protection automatically detects when a user types their password into an app or website and knows immediately whether the app or site has a secure connection to a trusted website.

The APWG's Phishing Activity Trends Report reveals that in the second quarter of 2022, the APWG observed 1,097,811 total phishing attacks - the worst quarter for phishing that APWG has ever observed. The number of phishing attacks reported has quadrupled since early 2020 - when APWG was observing between 68,000 and 94,000 attacks per month.

American Airlines says its Cyber Security Response Team found out about a recently disclosed data breach from the targets of a phishing campaign that was using an employee's hacked Microsoft 365 account. The investigation also revealed the attacker accessed multiple employees' accounts and used them to send more phishing emails to targets American has not yet disclosed.

American Airlines says its Cyber Security Response Team found out about a recently disclosed data breach from the targets of a phishing campaign that was using an employee's hacked Microsoft 365 account. The investigation also revealed the attacker accessed multiple employees' accounts and used them to send more phishing emails to targets American has not yet disclosed.

Microsoft says a threat actor gained access to cloud tenants hosting Microsoft Exchange servers in credential stuffing attacks, with the end goal of deploying malicious OAuth applications and sending phishing emails. "The unauthorized access to the cloud tenant enabled the actor to create a malicious OAuth application that added a malicious inbound connector in the email server."

Phishing actors are abusing LinkedIn's Smart Link feature to bypass email security products and successfully redirect targeted users to phishing pages that steal payment information.Smart Link is a feature reserved for LinkedIn Sales Navigator and Enterprise users, allowing them to send a pack of up to 15 documents using a single trackable link.

An ongoing phishing campaign targeting U.S. government contractors has expanded its operation to push higher-quality lures and better-crafted documents. The lure in these phishing emails is a request for bids for lucrative government projects, taking them to phishing pages that are clones of legitimate federal agency portals.