Security News

Microsoft users are being targeted with thousands of phishing emails, in an ongoing attack aiming to steal their Office 365 credentials. The attackers add an air of legitimacy to the campaign by leveraging a fake Google reCAPTCHA system and top-level domain landing pages that include the logos of victims' companies.

The Financial Industry Regulatory Authority has issued an alert to warn brokerage firms of a phishing campaign that is currently ongoing. A not-for-profit organization, FINRA is U.S. government-authorized and overseen by the Securities and Exchange Commission.

Vaccine deployment has encountered bumps in the road as many people are still uncertain over when, where and how to get their shots. Pointing to one example, Check Point said it recently discovered a malicious website impersonating the U.S. Centers for Disease Control and Prevention and promising vaccine information.

The US Financial Industry Regulatory Authority has issued a regulatory notice warning US brokerage firms and brokers of an ongoing phishing campaign using fake compliance audit alerts to harvest information. The domain used in these ongoing phishing attacks was registered just two days ago, on March 3rd, using the NameCheap domain name registrar.

Between October and January the average number of COVID-19 vaccine-related spear-phishing attacks grew 26 percent, said Barracuda Networks researchers. The types of cybercriminal activity varies, from sending malicious emails that purport to be from the Centers for Disease Control and Prevention, to posting advertisements on underground forums touting vaccine doses for sale.

A phishing campaign targeting users of Outlook Web Access and Office 365 services collected thousands of credentials relying on trusted domains such as SendGrid. Using Zoom invites as a lure and an extensive list of email addresses, the operators of the phishing campaign delivered messages from hacked accounts on the SendGrid cloud-based email delivery platform.

Cybercriminals have changed tactics since COVID-19, with surgically precise social engineering attacks targeting business apps replacing batch-and-blast phishing. A survey of IT professionals and leaders from email security firm GreatHorn finds big changes afoot in the world of email-targeting cyberattacks: The daily quantity of attacks has decreased, but those that remain are more precise and easier to miss.

The developer of the 16Shop phishing platform has added a new component that targets users of the popular Cash App mobile payment service. 16Shop is a complex phishing kit from a developer known as DevilScream, who set up a protection mechanism against unlicensed use and research activity.

An AOL mail phishing campaign is underway to steal users' login name and password by warning recipients that their account is about to be closed. While most people are using Gmail, Outlook, or other modern free mail services, many older people continue to use AOL simply because they are used to the service and find it too complicated to switch to a new email service.

In the past, most BEC emails have been written in English - meaning that defense systems can be tuned to recognise flag words and phrases written in this internationally recognized language. We have observed a rise in the number of BEC emails in recent months.