Security News

DHL dethrones Microsoft as most imitated brand in phishing attacks
2022-01-17 17:45

DHL was the most imitated brand in phishing campaigns throughout Q4 2021, pushing Microsoft to second place, and Google to fourth. Phishing campaigns impersonating the brand have good chances of reaching people who are waiting for a DHL package to arrive during the holiday season.

Real Big Phish: Mobile Phishing & Managing User Fallibility
2022-01-14 16:43

So how can organizations overcome the sudden increase in security threats and regain the upper hand against bad actors with fewer resources than ever before? Increasingly, it looks like zero-trust will become the ideal approach for doing more with less, because ultimately, it's the users and their cyber-hygiene that's the first line in phishing defense. As anyone, no matter how technically savvy, is at risk of falling victim to phishing attacks, it's vital that organizations rethink their approach to security as a whole to combat these threats.

New study reveals phishing simulations might not be effective in training users
2022-01-13 16:34

A new study at unprecedented scale revealed that embedded phishing training in simulations run by organizations doesn't work well. Those simulations pretend to be real phishing email landing in the employees' mailboxes, without any malicious payload. They show a realistic phishing page and collect statistics about who clicked with or without providing credentials, how many users reported it to the security staff, etc.

EA: 50 high-profile FIFA 22 accounts taken over by phishing actors
2022-01-12 09:43

Electronic Arts has published an official response to numerous reports about hacked player accounts, confirming the problem and attributing it to phishing actors. As the notice explains, hackers used social engineering against EA's customer experience team to bypass two-factor authentication and take over 50 player accounts.

US arrests suspect who stole unpublished books in phishing attacks
2022-01-06 17:55

According to a Department of Justice press release, 29-year-old Fillippo Bernardini allegedly impersonated agents, editors, and others involved in the publishing industry to steal manuscripts of unpublished books. "Filippo Bernardini allegedly impersonated publishing industry individuals in order to have authors, including a Pulitzer prize winner, send him prepublication manuscripts for his own benefit," said U.S. Attorney Damian Williams.

Hackers exploit Google Docs in new phishing campaign
2022-01-06 15:44

Attackers are taking advantage of the comment feature in Google Docs to send people emails with malicious links, says Avanan. A new report released Thursday by email security provider Avanan looks at a new phishing campaign that abuses a popular feature in Google Docs to deploy malicious emails.

Google Docs commenting feature exploited for spear-phishing
2022-01-06 14:00

A new trend in phishing attacks emerged in December 2021, with threat actors abusing the commenting feature of Google Docs to send out emails that appear trustworthy. Google Docs is used by many employees working or collaborating remotely, so most recipients of these emails are familiar with these notifications.

Dridex Omicron phishing taunts with funeral helpline number
2021-12-24 13:11

The latest example is a phishing campaign that taunts victims with a COVID-19 funeral assistance helpline number. Dridex is banking malware distributed through phishing emails containing malicious Word or Excel attachments.

Phishing campaign targets CoinSpot cryptoexchange 2FA codes
2021-12-23 18:31

A new phishing campaign that targets CoinSpot cryptocurrency exchange users employs a new theme revolving around withdrawal confirmations with the end goal of stealing two-factor authentication codes. More specifically, the threat actors send emails from a Yahoo address, replicating real emails from CoinSpot that ask the recipients to confirm or cancel a withdrawal transaction.

Microsoft Teams bug allowing phishing unpatched since March
2021-12-22 17:47

Microsoft said it won't fix or is delaying patches for several security flaws impacting Microsoft Team's link preview feature reported since March 2021.Bräunlein reported the four flaws to the Microsoft Security Response Center, which investigates vulnerability reports concerning Microsoft products and services.