Security News

A new trend in phishing attacks emerged in December 2021, with threat actors abusing the commenting feature of Google Docs to send out emails that appear trustworthy. Google Docs is used by many employees working or collaborating remotely, so most recipients of these emails are familiar with these notifications.

The latest example is a phishing campaign that taunts victims with a COVID-19 funeral assistance helpline number. Dridex is banking malware distributed through phishing emails containing malicious Word or Excel attachments.

A new phishing campaign that targets CoinSpot cryptocurrency exchange users employs a new theme revolving around withdrawal confirmations with the end goal of stealing two-factor authentication codes. More specifically, the threat actors send emails from a Yahoo address, replicating real emails from CoinSpot that ask the recipients to confirm or cancel a withdrawal transaction.

Microsoft said it won't fix or is delaying patches for several security flaws impacting Microsoft Team's link preview feature reported since March 2021.Bräunlein reported the four flaws to the Microsoft Security Response Center, which investigates vulnerability reports concerning Microsoft products and services.

Facebook's parent company Meta Platforms on Monday said it has filed a federal lawsuit in the U.S. state of California against bad actors who operated more than 39,000 phishing websites that impersonated its digital properties to mislead unsuspecting users into divulging their login credentials. The attacks were carried out using a relay service, Ngrok, that redirected internet traffic to the phishing websites in a manner that concealed the true location of the fraudulent infrastructure.

Meta has filed a federal lawsuit in California court to disrupt phishing attacks targeting Facebook, Messenger, Instagram, and WhatsApp users. The attackers behind these phishing campaigns used almost 40,000 phishing pages that would impersonate the four platforms' login pages.

Threat actors are conducting a highly targeted phishing campaign impersonating Pfizer to steal business and financial information from victims. In a new report by INKY, researchers explain that threat actors are impersonating Phizer in a phishing email campaign that started around August 15, 2021.

22% of employees are likely to expose their organization to the risk of cyber attack via a successful phishing attempt, a Phished report reveals. Analysis of the broad and diverse data set reveals how vulnerable the average employee is to phishing attacks and offers insight into key trends, including which topics lead to the most successful phishing attacks and which message formats are most likely to trick employees.

Google now makes it easy to block unwanted calendar invitations, commonly used by threat actors in phishing and malicious campaigns, from being added to your Google Calendar. "These additional controls can help you manage your calendar with less manual work by ensuring unwanted events don't appear, and you see only the events that are important to you," Google explained.

A large-scale phishing study involving 14,733 participants over a 15-month experiment has produced some surprising findings that contradict previous research results that formed the basis for popular industry practices. Instead, the study found that younger and older people are more prone to clicking on phishing links, so age is a key factor.