Security News

These popular banks are being spoofed in attacks targeting people filing taxes, getting stimulus checks and ordering deliveries, says Check Point.

Click Studios, the Australian software firm which confirmed a supply chain attack affecting its Passwordstate password management application, has warned customers of an ongoing phishing attack by an unknown threat actor. "We have been advised a bad actor has commenced a phishing attack with a small number of customers having received emails requesting urgent action," the company said in an updated advisory released on Wednesday.

Cybercriminals target Rogers customers with a new SMS phishing campaign pretending to be refunds for last week's Canada-wide wireless outage. Last week, Rogers suffered a massive outage throughout Canada, preventing users from accessing wireless voice and data services.

The phishing emails use a Microsoft logo within an HTML table, which is not analyzed by security programs, says Inky. In a recent campaign discovered by email security provider Inky, attackers impersonating Microsoft are using a devious method to spoof the software giant's latest logo.

Smishing is much like email phishing scams, but instead sends deceptive or malicious links through text messages. While these types of scams have been exploiting email accounts for decades, cybersecurity professionals should be especially worried about the dramatic rise in smishing attacks over the past couple of years.

Two email campaigns discovered by Armorblox impersonated Chase in an attempt to steal login credentials. In a new report released Tuesday, email security provider Armorblox looked at two recent phishing campaigns aimed at Chase Bank customers and offered advice on how to protect yourself from such scams.

Using the kill chain to assess how an attacker would approach your organization makes it easier to understand which steps, at a minimum, would need to be taken by an arbitrary attacker to succeed in a phishing attack against your company. Phishing is usually thought of as only occurring during the "Delivery" phase of an attack.

SniperPhish is an all-in-one open-source phishing toolkit that pentesters and other security professionals can use for setting up and executing email and web-based spear phishing campaigns. "The idea to develop SniperPhish came to me in a period during which the company I previously worked with did many social engineering assessments. Most of the assessment included phishing campaigns, which means creating and hosting phishing websites and crafting email campaigns. The available tools had certain limitations and were not very effective at simultaneously tracking data from the phishing emails and websites," security consultant Gem George, the tool's creator, told Help Net Security.

Anticipation surrounding the upcoming 93rd Academy Awards broadcast on Sunday is being used by scammers to trick people into giving up their credentials - they think they're about to stream Oscar-nominated films, but the reality turns out to be much different. Prior to the winners being announced during the ceremony, many film fans like to watch as many of the nominated movies as possible.

An ongoing phishing campaign is impersonating Michael Page consultants to push Ursnif data-stealing malware capable of harvesting credentials and sensitive data from infected computers. Attackers spoofing Michael Page UK. "We are continuing to experience a global phishing campaign where our employees are being impersonated," Michael Page UK said.