Security News

The developer of the 16Shop phishing platform has added a new component that targets users of the popular Cash App mobile payment service. 16Shop is a complex phishing kit from a developer known as DevilScream, who set up a protection mechanism against unlicensed use and research activity.

An AOL mail phishing campaign is underway to steal users' login name and password by warning recipients that their account is about to be closed. While most people are using Gmail, Outlook, or other modern free mail services, many older people continue to use AOL simply because they are used to the service and find it too complicated to switch to a new email service.

In the past, most BEC emails have been written in English - meaning that defense systems can be tuned to recognise flag words and phrases written in this internationally recognized language. We have observed a rise in the number of BEC emails in recent months.

According to a Tuesday report by Cofense, which analyzed millions of emails related to various attacks, 57 percent were phishing emails aiming to steal victim usernames and passwords. The remainder of malicious emails were utilized in business email compromise attacks or for malware delivery.

Researchers are warning of recent phishing attacks targeting at least 10,000 Microsoft email users, pretending to be from popular mail couriers - including FedEx and DHL Express. Both scams have targeted Microsoft email users and aim to swipe their work email account credentials.

Researchers from GreatHorn report they have observed a nearly 6,000-percent jump in attacks using "Malformed URL prefixes" to evade protections and deliver phishing emails that look legit. Typosquatting is a common phishing email tactic where everyday business names are mispelled, like "Amozon.com" - to try and trick unobservant users into clicking.

Email security company GreatHorn is warning of a new form of phishing attack that makes malicious messages more likely to get through filters and harder for the average person to detect by sight. Email scanning programs, GreatHorn said in a blog post, aren't configured to detect these kinds of attacks because they don't fit known bad criteria.

Microsoft is adding new security warnings to the Security and Compliance Center default alert policies to inform IT admins of detected phishing attempts abusing Microsoft Forms in their tenants. It has recently been made available for personal use to anyone with a Microsoft account after previously being available only to business users with Microsoft 365 Personal and Microsoft 365 Family subscriptions.

Researchers from Google and Stanford University have analyzed the patterns of more than 1.2 billion email-based phishing and malware attacks targeting Gmail users, and found that most attack campaigns are short-lived and sent to fewer than 1,000 targets. Users in North America are targeted the most, they found, with 42% of the observed attacks targeted users in the United States, 10% hitting people in the United Kingdom, and 5% aimed at users in Japan.

The Internal Revenue Service has warned US tax professionals of identity thieves actively targeting them in a series of phishing attacks attempting to steal Electronic Filing Identification Numbers. Scammers started this ongoing phishing campaign right before the US tax season with the end goal of stealing both client data and tax preparers' identities.