Security News
Attackers are compromising email accounts from popular universities, including Purdue and Oxford, to launch attacks that get around DMARC and SPF. Cybercriminals are hijacking legitimate email accounts from more than a dozen universities - including Purdue University, University of Oxford in the U.K. and Stanford University - and using the accounts to bypass detection and trick victims into handing over their email credentials or installing malware. The highest number of phishing emails detected came from compromised Purdue University accounts, stolen in campaigns from Jan. to Sept. Behind Purdue University was Oxford, Hunter College and Worcester Polytechnic Institute.
A report published Thursday by security firm Barracuda Networks details how schools are being hit by phishing emails and what they can do to better protect themselves. Schools and colleges have been preyed on by specific types of phishing campaigns, including spear phishing and Business Email Compromise attacks.
Researchers are warning of a phishing campaign that pretends to be an automated message from Microsoft Teams. The initial phishing email displays the name "There's new activity in Teams," making it appear like an automated notification from Microsoft Teams.
SlashNext announced the on-device AI mobile phishing defense for iOS and Android with natural language and link-based detection to protect users from the exponential increase in mobile-based SMS phishing attacks. Now SlashNext, customers and partners can benefit from the industry's fastest and most accurate, 2.0 mobile AI phishing defense, protecting users from all forms of phishing across all their communication channels - SMS, email, social networking, gaming, collaboration and search - without compromising user privacy or performance.
Amazon, Apple, Netflix, Facebook and WhatsApp are top brands leveraged by cybercriminals in phishing and fraud attacks - including a recent strike on a half-million Facebook users. Facebook has been a top cybercriminal favorite in phishing attacks so far this year, with recent research shedding light on 4.5 million phishing attempts that have leveraged the social media platform between April and September 2020.
A new phishing campaign uses a Coinbase-themed email to install an Office 365 consent app that gives attackers access to a victim's email. Over the past year, hackers have increasingly used Microsoft Office 365 OAuth apps, otherwise known as consent apps, as part of their attacks.
A Monday blog post from cyber threat intelligence provider Check Point Research found that Microsoft was the top impersonated brand in phishing attempts during the third quarter. For the quarter, email phishing was the most prevalent type of brand phishing, accounting for 44% of all attacks.
Microsoft is top of the heap when it comes to hacker impersonations - with Microsoft products and services featuring in nearly a fifth of all global brand phishing attacks in the third quarter of this year. The top three phishing brands exploited by email phishing attacks were Microsoft, DHL and Apple; on the web, it was Microsoft, Google and PayPal; and for mobile, WhatsApp, PayPal and Facebook took the top spots.
Cybercriminals cashed in on the surge of COVID-19 earlier this year, with email lures purporting to be from healthcare professionals offering more information about the pandemic. As the year moves forward, bad actors are continuing to swap up their attacks with savvy lures that match top-of-mind current events, said Derek Manky, Chief of Security Insights & Global Threat Alliances at Fortinet's FortiGuard Labs.
Hackers needed roughly 24 hours to take over high-profile Twitter accounts in the July attack, a report from the New York Department of Financial Services reveals. A couple of weeks after the incident, Twitter revealed that hackers targeted some employees with phone phishing until gaining access to the account support tools they needed.