Security News

While the organization needs to adjust to conduct business as usual with 75% of the workforce in place, it is now even more prone to phishing attacks. In the ever-evolving war between hackers and organizations, 3.4 billion phishing attacks are raining on us every day.

The Federal Communications Commission warned Americans of an increasing wave of SMS phishing attacks attempting to steal their personal information and money. "The FCC tracks consumer complaints - rather than call or text volume - and complaints about unwanted text messages have risen steadily in recent years from approximately 5,700 in 2019, 14,000 in 2020, 15,300 in 2021, to 8,500 through June 30, 2022," the US communications watchdog's Robocall Response Team said [PDF].

A new phishing as a service platform named 'Robin Banks' has been launched, offering ready-made phishing kits targeting the customers of well-known banks and online services. According to a report by IronNet, whose analysts discovered the new phishing platform, Robin Banks is already being deployed in large-scale campaigns that started in mid-June, targeting victims via SMS and email.

The bloom is back on phishing attacks with criminals doubling down on fake messages abusing popular brands compared to the year prior. Microsoft, Facebook and French bank Crédit Agricole are the top abused brands in attacks, according to study on phishing released Tuesday.

A new phishing campaign codenamed 'Ducktail' is underway, targeting professionals on LinkedIn to take over Facebook business accounts that manage advertising for the company. The threat actor reaches out to employees on LinkedIn who could have Facebook business account access, for example, people listed as working in "Digital media" and "Digital marketing" as their roles.

The operators of the QBot malware have been using the Windows Calculator to side-load the malicious payload on infected computers. Security researcher ProxyLife recently discovered that Qakbot, has been abusing the the Windows 7 Calculator app for DLL side-loading attacks since at least July 11.

Phishing emails impersonating LinkedIn continue to make the bulk of all brand phishing attempts; according to Check Point, 45% of all email phishing attempts in Q2 2022 imitated the style of communication of the professional social media platform, with the goal of directing targets to a spoofed LinkedIn login page and collecting their account credentials. To compare: In Q4 2021, LinkedIn-themed phishing attempts were just 8 percent of the total brand phishing attacks flagged by Check Point.

The Google Workspace team announced today that it started rolling out a new method to block Google Calendar invitation spam, available to all customers, including legacy G Suite Basic and Business users."To help keep your Google Calendar free from spam, you can now select an option to display events on your calendar only if they come from a sender you know," the Google Workspace team said today.

LinkedIn is holding the top spot for the most impersonated brand in phishing campaigns observed during the second quarter of 2022. Compared to the first quarter of the year, LinkedIn impersonation dropped from 52% to 45%. However, it maintains a considerable distance from the second most imitated brand by fraudsters, Microsoft, currently at 13%. The central theme in spoofed Microsoft emails is requests to verify Outlook accounts to steal usernames and passwords.

LinkedIn and Microsoft are the most impersonated brands in phishing attacks. LinkedIn and Microsoft took top spots as the most exploited brands in phishing attacks last quarter, Check Point Research reported on Tuesday.