Security News

Cybercriminals are leveraging advanced tactics in their phishing-kits granting them a high delivery success rate of spoofed e-mails which contain malicious attachments right before the end of the 2021 IRS income tax return deadline in the U.S. April 18th, 2022 - there was a notable campaign detected which leveraged phishing e-mails impersonating the IRS, and in particular one of the industry vendors who provide solutions to government agencies which including e-mailing, digital communications management, and the content delivery system which informs citizens about various updates. The IT services vendor actors impersonated is widely used by major federal agencies, including the DHS, and other such WEB-sites of States and Cities in the U.S. The identified phishing e-mail warned the victims about overdue payments to the IRS, which should then be paid via PayPal, the e-mail contained an HTML attachment imitating an electronic invoice.

A previously unknown and financially motivated hacking group is impersonating a Russian agency in a phishing campaign targeting entities in Eastern European countries. The phishing emails pretend to come from the Russian Government's Federal Bailiffs Service and are written in the Russian language, with the recipients being telecommunication service providers and industrial firms in Lithuania, Estonia, and Russia.

That's not so much because you'd stand out as a scammer, but simply that your email would advertise itself as "Clearly does not belong here", or as "Obviously sent to the wrong person", and we'd ignore it even if you were a legitimate business. If we were a smaller company, and we'd outsourced our IT and email services, this sort of message might not so obviously be out of place.

SMS phishing attacks - annoyingly called "Smishing" - are becoming more common. I know that I have been receiving a lot of phishing SMS messages over the past few months.

This year's report showed dramatic 29% growth in overall phishing attacks compared to previous years, with retail and wholesale companies bearing the brunt of the increase. "Phishing attacks are impacting businesses and consumers with alarming frequency, complexity, and scope - with the rise in phishing-as-a-service making it easier than ever for non-sophisticated actors to launch successful attacks. Our annual report highlights how cybercriminals continue to escalate their usage of phishing as a starting point to breach organizations to deliver ransomware or steal sensitive data," said Deepen Desai, CISO and VP of Security Research and Operations at Zscaler.

How phishing attacks are spoofing credit unions to steal money and account credentials. A report released Thursday by email security provider Avanan reveals how a new phishing campaign is taking advantage of credit unions to steal money and information.

In this video for Help Net Security, Michael Aminov, Chief Architect at Perception Point, talks about a recent Binance impersonation attack and, more broadly, the ongoing threat landscape impacting the cryptocurrency industry. Cryptocurrencies aren't new, but they have become more mainstream: their use has increased significantly thanks to DeFi, gaming, NFTs, etc.

LinkedIn was the most exploited brand in phishing attacks last quarter. A report released Tuesday by cyber threat intelligence provider Check Point Research notes LinkedIn as the brand most seen in the latest phishing campaigns.

Security researchers are warning that LinkedIn has become the most spoofed brand in phishing attacks, accounting for 52% of all such incidents at a global level. The data comes cybersecurity company Check Point, who recorded a dramatic uptick in LinkedIn brand abuse in phishing incidents in the first quarter of this year.

In this video for Help Net Security, Maor Hizkiev, Senior Director Software Engineering at Datto, talks about a recently analyzed community phishing campaign revolving around Nvidia. This phishing campaign started back in 2020, when Nvidia released their 30 series of graphic cards, which are heavily used by cryptominers.