Security News

According to the cyber intelligence report from Agari, hybrid phishing attacks have increased by 625%. One of the most damaging is callback phishing - also often known as a TOAD. First appearing in the wild in March 2021 as BazarCall, the attacks were mounted to install ransomware on corporate networks. Low levels of cybersecurity awareness can be the root cause of successful cyberattacks, especially attacks such as Callback phishing.

In what's a continuing assault on the open source ecosystem, over 15,000 spam packages have flooded the npm repository in an attempt to distribute phishing links. "The packages were created using automated processes, with project descriptions and auto-generated names that closely resembled one another," Checkmarx researcher Yehuda Gelb said in a Tuesday report.

Spain's National Police and the U.S. Secret Service have dismantled a Madrid-based international cybercrime ring comprised of nine members who stole over €5,000,000 from individuals and North American companies. The cybercrime gang specializes in online scams, employing social engineering, phishing, and smishing to collect sensitive victim details and then use that information to commit financial fraud.

A surge of phishing emails impersonating DHL and MetaMask have started hitting inboxes of Namecheap customers last week, attempting to trick recipients into sharing personal information or sharing their crypto wallet's secret recovery phrase. The emails look like they were sent by Namecheap, prompting recipients to complain to the company, which then started an investigation and soon after reacted by stopping all the emails.

Domain registrar Namecheap had their email account breached Sunday night, causing a flood of MetaMask and DHL phishing emails that attempted to steal recipients' personal information and cryptocurrency wallets. The phishing campaigns started around 4:30 PM ET and originated from SendGrid, an email platform used historically by Namecheap to send renewal notices and marketing emails.

A new phishing campaign targeting Amazon Web Services logins is abusing Google ads to sneak phishing sites into Google Search to steal your login credentials. The malicious Google ads take the victim to a blogger website under the attackers' control, which is a copy of a legitimate vegan food blog.

A threat actor named InTheBox is promoting on Russian cybercrime forums an inventory of 1,894 web injects for stealing credentials and sensitive data from banking, cryptocurrency exchange, and e-commerce apps. Typically, mobile banking trojans check what apps are present on an infected device and pull from the command and control server the web injects corresponding to the apps of interest.

Microsoft has disabled multiple fraudulent, verified Microsoft Partner Network accounts for creating malicious OAuth applications that breached organizations' cloud environments to steal email. In a joint announcement between Microsoft and Proofpoint, Microsoft says the threat actors posed as legitimate companies to enroll and successfully be verified as that company in the MCPP. The threat actors used these accounts to register verified OAuth apps in Azure AD for consent phishing attacks targeting corporate users in the UK and Ireland.

Porsche cut its minting of a new NFT collection short after a dismal turnout and backlash from the crypto community, allowing threat actors to fill the void by creating phishing sites that steal digital assets from cryptocurrency wallets. To make matters worse, a flourishing NFT resale market was set up over at OpenSea, where it was cheaper to buy the Porsche collectibles than get the original, which devalued the assets immediately and further infuriated investors and traders.

This is a good list of modern phishing techniques.