Security News

Impersonating an Amazon order notification, the attackers end up calling victims to try to obtain their credit card details, says Avanan. A recent campaign spotted by email security provider Avanan spoofs Amazon with both a traditional phishing message and a voice call to try to steal credit card information.

A new phishing campaign pretending to be supply lists infects users with the MirCop ransomware that encrypts a target system in under fifteen minutes. The email body contains a hyperlink to a Google Drive URL, which, if clicked, downloads an MHT file onto the victim's machine.

A new Steam phishing promoted via Discord messages promises a free Nitro subscription if a user links their Steam account, which the hackers then use to steal game items or promote other scams. The phishing scam is being conducted by many Discord accounts controlled by the threat actors or as automated bots that send other users links to what is supposedly a guide on how to receive Discord Nitro for free.

Mobile phishing attacks targeting employees in the energy industry have risen by 161% compared to last year's data, and the trend is showing no signs of slowing down. There is a rising trend in phishing attacks targeting the global energy industry across the world.

SailPoint survey finds that younger workers also are more likely to use company email addresses for online shopping and subscriptions. This SailPoint survey asked 500 U.S. workers about how they use email and deal with phishing attacks.

A surge in spearphishing emails designed to steal Office 365 credentials were rigged to look like they came from a Kaspersky email address. Office 365 credentials are a common target for phishing attacks.

Kaspersky said today that a legitimate Amazon Simple Email Service token issued to a third-party contractor was recently used by threat actors behind a spear-phishing campaign targeting Office 365 users. Amazon SES is a scalable email service designed to allow developers to send emails from any app for various use cases, including marketing and mass email communications.

Phishers readily deploy attacks, with the average phishing campaign lasting only 12 minutes, according to Google, which reports blocking 100 million phishing emails per day. Implementing DMARC eliminates the most common attack vector - phishing emails - and adds another layer of protection.

During the early days of the pandemic, while the rest of the world was stress streaming and working on sourdough starter, an ambitious teen stuck in his bedroom decided to set up a fake "Love2Shop" gift card site to harvest people's payment information, invest the stolen money in cryptocurrency and become a millionaire. His age certainly didn't prohibit the scammer from being allowed to purchase Google ads to help lure people to his phishing scam site, according to prosecutors, ultimately ranking the scam phishing site over the legitimate one.

That's true of a new phishing campaign that uses both Craigslist and OneDrive to trick people into installing malware. Clicking on a button in the email was supposed to take people to a form document that had been uploaded to an actual Microsoft OneDrive site.