Security News
A new phishing campaign spotted by Armorblox tried to steal user credentials by spoofing a message notification from a company that provides email encryption. A successful phishing email that obtains the right username and password can gain access to an entire network.
Armorblox researchers have spotted an ongoing credential-phishing attack that spoofs an encrypted Zix email - one coming, weirdly enough, from what looks like a legitimate domain associated with the Baptist religion. God isn't sending encrypted Zix messages: If hapless users click on the spoofed email's link, it will try to download a presumably unholy HTML file onto their system.
DMARC is a global standard for email authentication. Recipients can detect phishing emails sent from a spoofed company domain by examining the email header information, such as the "From:" address and "Return-path" address, and verifying that they match.
Attackers can easily buy, deploy and scale phishing campaigns to steal credentials and other sensitive data, says Microsoft. Cybercrime as a service has expanded to malware, ransomware and even phishing campaigns.
The turnkey platform allows users to customize campaigns and develop their own phishing ploys so they can then use the PhaaS platform to help with phishing kits, email templates and hosting services needed to launch attacks. With more than 100 available phishing templates that mimic known brands and services-including Microsoft itself-the BulletProofLink operation is responsible for many of the phishing campaigns that impact enterprises today, they said.
Microsoft has opened the lid on a large-scale phishing-as-a-service operation that's involved in selling phishing kits and email templates as well as providing hosting and automated services at a low cost, thus enabling cyber actors to purchase phishing campaigns and deploy them with minimal efforts. "With over 100 available phishing templates that mimic known brands and services, the BulletProofLink operation is responsible for many of the phishing campaigns that impact enterprises today," Microsoft 365 Defender Threat Intelligence Team said in a Tuesday report.
Microsoft says BulletProofLink, a large-scale phishing-as-a-service operation it spotted while investigating recent phishing attacks, is the driving force behind many phishing campaigns that have targeted many corporate organizations lately. "With over 100 available phishing templates that mimic known brands and services, the BulletProofLink operation is responsible for many of the phishing campaigns that impact enterprises today."
Hackers are upping their game, using an approach I call "Deep Sea Phishing," which is the use of a combination of the techniques described below to become more aggressive. In February, 10,000 Microsoft users were targeted in a phishing campaign which sent emails purporting to be from FedEx, DHL Express and other couriers which contained links to phishing pages hosted on legitimate domains, with the goal of obtaining recipients' work email credentials.
Police arrested 106 people suspected of carrying out online fraud for an organized crime gang linked to the Italian Mafia, Europol said on Monday. It's claimed the suspects scammed hundreds of victims using phishing; SIM swapping attacks, in which crooks typically take control of people's cellphone numbers to get account login tokens texted to them; and so-called business email compromise, in which fraudsters typically use bogus invoices and the like to trick company staff into transferring money to the thieves.
In collaboration with Europol and Eurojust, European law enforcement dismantled an extensive network of cybercriminals linked to the Italian Mafia that was able to defraud their victims of roughly €10 million last year alone. "The Spanish National Police, supported by the Italian National Police, Europol and Eurojust, dismantled an organised crime group linked to the Italian Mafia involved in online fraud, money laundering, drug trafficking and property crime," the Europol said today.