Security News

Cases of voice phishing or vishing have been reported to have risen a whopping 550% over the past 12 months alone, according to the Quarterly Threat Trends & Intelligence Report co-authored by Agari and PhishLabs. "We are seeing an increase in threat actors moving away from standard voice phishing campaigns to initiating multi-stage malicious email attacks. In these campaigns, actors use a callback number within the body of the email as a lure, then rely on social engineering and impersonation to trick the victim into calling and interacting with a fake representative."

A new possession-factor API now aims to do precisely that, replacing knowledge-based credentials, by using the SIM card for possession factor device binding and user authentication, thus reducing the possibility of phishing. It's inside everyone's mobile phone, and is built on cryptographic security when connecting to mobile network authentication.

As is often the case, the initial delivery channel for the phishing scam is email. Once the user has clicked, they are led to a chatbot-like page, which is where the real phishing occurs.

Phishing attacks are now using automated chatbots to guide visitors through the process of handing over their login credentials to threat actors. The URL button in the PDF takes the victim to a phishing site where they are supposed to resolve issues causing a package to be undeliverable.

The Spanish police have announced the arrest of 13 people and the launch of investigations on another seven for their participation in a phishing ring that stole online bank credentials. The threat actors used phishing lures to trick their victims into believing they received an alert from their bank and proceeded to steal their account credentials.

HTML files remain one of the most popular attachments used in phishing attacks for the first four months of 2022, showing that the technique remains effective against antispam engines and works well on the victims themselves. The phishing forms, redirection mechanisms, and data-stealing elements in HTML attachments are typically implemented using various methods, ranging from simple redirects to obfuscating JavaScript to hide phishing forms.

Researchers have identified a never-before-seen method for sneaking malicious links into email inboxes. The clever trick takes advantage of a key difference in how email inboxes and browsers read URLs, according a Monday report by Perception Point.

The Resecurity HUNTER unit identified a new underground service called "Frappo", which is available on the Dark Web. "Frappo" acts as a Phishing-as-a-Service and enables cybercriminals to host and generate high-quality phishing pages which impersonate major online banking, e-commerce, popular retailers, and online services to steal customer data.

Ukraine's Computer Emergency Response Team is warning of the mass distribution of Jester Stealer malware via phishing emails using warnings of impending chemical attacks to scare recipients into opening attachments. Ukrainians live under this constant fear, so these phishing emails pretend to be warnings of chemical attacks to ensure that recipients won't ignore their messages.

An increase in employee training and improved general awareness of cybersecurity has forced cybercriminals to change their tactics and take a more personal approach, known as spear phishing. To stay in front of new phishing attack techniques, it's also essential that employees are equipped with all the knowledge they need to spot a potential phishing attack that goes undetected, including how attack content differs from legitimate emails.