Security News

In this video for Help Net Security, Nick Ascoli, VP of Threat Research, PIXM, discusses a massive phishing campaign has successfully stolen an estimated five million Facebook accounts. The campaign continues to spread virally through Facebook Messenger on mobile devices as the primary target vector.

Europol on Tuesday announced the dismantling of an organized crime group that dabbled in phishing, fraud, scams, and money laundering activities. The cross-border operation, which involved law enforcement authorities from Belgium and the Netherlands, saw the arrests of nine individuals in the Dutch nation.

Email phishing campaigns are regularly hitting organizations in the U.S., but voicemail phishing is less common. Once the user has entered the correct captcha information, they are shown the final content, which is an Office 365 phishing page.

Members of a phishing gang behind millions of euros in losses were arrested today following a law enforcement operation coordinated by the Europol. "A cross-border operation, supported by Europol and involving the Belgian Police and the Dutch Police, resulted in the dismantling of an organised crime group involved in phishing, fraud, scams and money laundering," the Europol announced on Tuesday.

Someone is trying to steal people's Microsoft 365 and Outlook credentials by sending them phishing emails disguised as voicemail notifications. These emails were detected in May and are ongoing, according to researchers at Zscaler's ThreatLabz, and are similar to a phishing campaign launched a couple of years ago.

Security researchers have noticed a new malicious spam campaign that delivers the 'Matanbuchus' malware to drop Cobalt Strike beacons on compromised machines. Cobalt Strike is a penetration testing suite that is frequently used by threat actors for lateral movement and to drop additional payloads.

An advanced persistent threat group, with ties to Iran, is believed behind a phishing campaign targeting high-profile government and military Israeli personnel, according to a report by Check Point Software. Targets of the campaign included a senior leadership in the Israeli defense industry, the former U.S. Ambassador to Israel and the former Deputy Prime Minister of Israel.

There's no such thing as free beer for Father's Day - at least not from Heineken. "This is a scam and is not sanctioned by Heineken," the beermaker said in a tweet, adding it has alerted the UK's national fraud and cybercrime reporting agency.

The APWG's Phishing Activity Trends Report reveals that in the first quarter of 2022 there were 1,025,968 total phishing attacks-the worst quarter for phishing observed to date. In the first quarter of 2022, OpSec Security reported that phishing attacks against the financial sector, which includes banks, remained the largest set of attacks, accounting for 23.6 percent of all phishing.

An ongoing phishing campaign targeting Facebook users may have already netted hundreds of millions of credentials and a claimed $59 million, and it's only getting bigger. Identified by security researchers at phishing prevention company Pixm in late 2021, the campaign has only been running since the final quarter of last year, but has already proven incredibly successful.