Security News

Despite a rise in global spam numbers, adoption of new languages by phishing attackers, new scam types and a shift in the most commonly impersonated business type to phish people, Kaspersky's Q2 2021 quarterly spam report is described by its authors as "Not delivering any surprises." That's not to say there wasn't anything actually interesting in Q2 phishing and spam statistics: The percentage of email that's junk is up to 46.56% after bottoming out in March 2021, and global internet portals have displaced online stores as the business type most commonly impersonated by cybercriminals in phishing campaigns.

Scammers are now targeting people who have filed for unemployment insurance through a phishing campaign designed to capture sensitive information. In a warning posted on Wednesday, the FTC warned of a new series of deceptive text messages and emails that lead you to websites spoofing your state's workforce agency.

Attackers are using spoofed sender addresses and Microsoft SharePoint lures in a new phishing campaign that is "Sneakier than usual" and can slip through the usual security protections in its aim to fool people into giving up their credentials, Microsoft researchers discovered. Microsoft Security Intelligence researchers discovered the campaign targeting organizations that use Microsoft Office 365 by using the file-sharing aspect of SharePoint, they revealed in a tweet on Tuesday.

Microsoft is warning about an ongoing, "Sneakier than usual" phishing campaign aimed at Office 365 users. An active phishing campaign is using a crafty combination of legitimate-looking original sender email addresses, spoofed display sender addresses that contain the target usernames and domains, and display names that mimic legitimate services to try and slip through email filters.

Customers who signed up for emails from fast-food chain Chipotle Mexican Grill were recently faced with bigger challenges than queso versus sour cream. The Inky report, posted Friday, found 121 phishing emails sent from the compromised Chipotle Mailgun account sent between July 13 and July 16.

A 21-year-old Rhode Island woman has pleaded guilty to targeting candidates for political office and their campaign staff with phishing emails. The woman, Diana Lebeau, of Cranston, R.I., admitted in court to sending phishing emails to roughly 22 members of the campaign staff of a political candidate, posing as the campaign's managers or co-chairs.

Authorities at the University of California San Diego Health reported a phishing attack lead to a major breach of its network, which allowed an adversary to gain access to sensitive patient, student and employee data. A Wednesday notice from UCSD Health explains the attack occurred between Dec. 2, 2020 and April 8, 2021 and exposed personal information including full names, addresses, date of birth, email, social security number and the date and cost of medical services.

"Whether it's taking advantage of the buzz around cryptocurrency, stealing credentials to start a ransomware attack, or tailoring attacks to less suspicious targets in low profile roles, cybercriminals are constantly adapting their tactics and making their attacks more sophisticated," per the report. Among social engineering attacks analyzed by Barracuda researchers, phishing represented 49%, followed by scamming, BEC and extortion.

Hackers have compromised an email marketing account belonging to the Chipotle food chain and used it to send out phishing emails, luring recipients to malicious links. The campaign sent out in three days at least 120 malicious emails from a hacked Mailgun account used by Chipotle for email marketing purposes.

Microsoft has extendend the phishing protection offered by Microsoft Defender for Office 365's Safe Links feature to Microsoft Teams. On Monday, the company announced that the Safe Links feature will now be available for Microsoft Teams - if the customers also use Microsoft Defender for Office 365.