Security News

Caffeine service lets anyone launch Microsoft 365 phishing attacks
2022-10-10 21:47

A phishing-as-a-service platform named 'Caffeine' makes it easy for threat actors to launch attacks, featuring an open registration process allowing anyone to jump in and start their own phishing campaigns. Another distinctive characteristic of Caffeine is that its phishing templates target Russian and Chinese platforms, whereas most PhaaS platforms tend to focus on lures for Western services.

Callback phishing attacks evolve their social engineering tactics
2022-10-08 14:11

Callback phishing operations have evolved their social engineering methods, keeping old fake subscriptions lure for the first phase of the attack but switching to pretending to help victims deal with an infection or hack. Callback phishing attacks are email campaigns pretending to be high-priced subscriptions designed to lead to confusion by the recipient as they never subscribed to these services.

Hackers Can Use 'App Mode' in Chromium Browsers' for Stealth Phishing Attacks
2022-10-07 08:58

In what's a new phishing technique, it has been demonstrated that the Application Mode feature in Chromium-based web browsers can be abused to create "Realistic desktop phishing applications." Application Mode is designed to offer native-like experiences in a manner that causes the website to be launched in a separate browser window, while also displaying the website's favicon and hiding the address bar.

Phishing attack spoofs Zoom to steal Microsoft user credentials
2022-10-06 18:44

Phishing attack spoofs Zoom to steal Microsoft user credentials We may be compensated by vendors who appear on this page through methods such as affiliate links or sponsored partnerships. That's exactly the case with a recent phishing campaign analyzed by security firm Armorblox in which the attacker spoofed Zoom in an attempt to compromise Microsoft user credentials.

Web browser app mode can be abused to make desktop phishing pages
2022-10-03 16:35

A new phishing technique using Chrome's Application Mode feature allows threat actors to display local login forms that appear as desktop applications, making it easier to steal credentials. Because desktop applications are generally harder to spoof, users are less likely to treat them with the same caution they reserve for browser windows that are more widely abused for phishing.

Microsoft to let Office 365 users report Teams phishing messages
2022-10-01 15:06

Microsoft is working on updating Microsoft Defender for Office 365 to allow Microsoft Teams users to alert their organization's security team of any dodgy messages they receive.Microsoft Defender for Office 365 protects organizations from malicious threats from email messages, links, and collaboration tools.

Fake US govt job offers push Cobalt Strike in phishing attacks
2022-09-30 16:33

A new phishing campaign targets US and New Zealand job seekers with malicious documents installing Cobalt Strike beacons for remote access to victims' devices. The discovery comes from researchers at Cisco Talos who observed two different phishing lures, both targeting job seekers and leading to the deployment of Cobalt Strike.

Germany arrests hacker for stealing €4 million via phishing attacks
2022-09-30 14:31

Germany's Bundeskriminalamt, the country's federal criminal police, carried out raids on the homes of three individuals yesterday suspected of orchestrating large-scale phishing campaigns that defrauded internet users of €4,000,000. The three men obtained money from their victims by sending them phishing emails that were clones of messages from real German banks.

Phishing activity exploded in Q2 2022
2022-09-29 08:46

The APWG's Phishing Activity Trends Report reveals that in the second quarter of 2022, the APWG observed 1,097,811 total phishing attacks - the worst quarter for phishing that APWG has ever observed. This Help Net Security video uncovers how the number of phishing attacks reported has quadrupled since early 2020.

IRS warns Americans of massive rise in SMS phishing attacks
2022-09-28 20:00

The Internal Revenue Service warned Americans of an exponential rise in IRS-themed text message phishing attacks trying to steal their financial and personal information in the last few weeks. Such scam texts redirect U.S. taxpayers to phishing landing pages designed to collect sensitive information using various baits.