Security News

Scammers are trying to steal email credentials from employees by impersonating their organization's human resources department in phishing emails camouflaged as internal 'back to work' company memos. These phishing messages have managed to land in thousands of targeted individuals' mailboxes after bypassing G Suite email defenses according to stats provided by researchers at email security company Abnormal Security who spotted this phishing campaign.

Everyone should be on the lookout for a massive ongoing phishing attack today, pretending to be an invite for a Zoom meeting. With many in the USA hosting virtual Thanksgiving dinners and people in other countries conducting Zoom business meetings, as usual, today is a prime opportunity to perform a phishing attack using Zoom invite lures.

A joint INTERPOL, Group-IB and Nigeria Police Force cybercrime investigation resulted in the arrest of the Nigerian nationals, believed to be responsible for distributing malware, carrying out phishing campaigns and extensive scams worldwide. In a BEC attack, a scammer impersonates a company executive or other trusted party, and tries to trick an employee responsible for payments or other financial transactions into wiring money to a bogus account.

Attackers exploiting an array of Google Services, including Forms, Firebase, Docs and more to boost phishing and BEC campaigns. Armorblox co-founder and head of engineering Arjun Sambamoorthy just published a report detailing how now-ubiquitous services like Google Forms, Google Docs and others are being used by malicious actors to give their spoofing attempts a false veneer of legitimacy, both to security filters and victims.

A blog post published Thursday by cybersecurity firm Armorblox details how phishing campaigns are using some of the technologies available from Google and offers advice on how to protect yourself. In the post entitled "OK Google, Build Me a Phishing Campaign," Armorblox's co-founder and head of engineering, Arjun Sambamoorthy, explains that Google is a ripe target for exploitation due to the free and democratized nature of many of its services.

While online holiday shopping is nothing new, more of us will be avoiding the malls and brick-and-mortar stores this year - which opens up big opportunities for cybercriminals. We already know that COVID-19-related phishing scams skyrocketed 600 percent between February and March this year, shortly after the pandemic took hold across Europe and the U.S. This year, along with the usual garden-variety holiday scams, we're likely to see more phishing attacks both directly and indirectly related to the pandemic.

Google offers a wide array of free software and services that allow users to create documents, spreadsheets, online forms, and free websites. The first Google tool we will look at is the free form creation service called Google Forms that lets anyone create free online surveys that can then be sent to other users.

Jack Wallen shows you how to run a phishing simulation on your employees to test their understanding of how this type of attack works.

New research shows that 77 percent of pharmaceutical mobile phishing attempts in the third-quarter of 2020 sought to deliver malware on victims' systems. "On a global scale, there have been multiple reports of foreign adversaries targeting pharmaceutical industry executives with mobile spear phishing attacks," according to Hank Schless, senior manager of security solutions at Lookout wrote on Tuesday in an analysis of the trend.

Microsoft is tracking an ongoing Office 365 phishing campaign that makes use of several methods to evade automated analysis in attacks against enterprise targets. The phishing emails used in this campaign are also heavily obfuscated to make sure that secure email gateways will not be able to detect the malicious messages and automatically block them before they land in the targets' inboxes.