Security News

While online holiday shopping is nothing new, more of us will be avoiding the malls and brick-and-mortar stores this year - which opens up big opportunities for cybercriminals. We already know that COVID-19-related phishing scams skyrocketed 600 percent between February and March this year, shortly after the pandemic took hold across Europe and the U.S. This year, along with the usual garden-variety holiday scams, we're likely to see more phishing attacks both directly and indirectly related to the pandemic.

Google offers a wide array of free software and services that allow users to create documents, spreadsheets, online forms, and free websites. The first Google tool we will look at is the free form creation service called Google Forms that lets anyone create free online surveys that can then be sent to other users.

Jack Wallen shows you how to run a phishing simulation on your employees to test their understanding of how this type of attack works.

New research shows that 77 percent of pharmaceutical mobile phishing attempts in the third-quarter of 2020 sought to deliver malware on victims' systems. "On a global scale, there have been multiple reports of foreign adversaries targeting pharmaceutical industry executives with mobile spear phishing attacks," according to Hank Schless, senior manager of security solutions at Lookout wrote on Tuesday in an analysis of the trend.

Microsoft is tracking an ongoing Office 365 phishing campaign that makes use of several methods to evade automated analysis in attacks against enterprise targets. The phishing emails used in this campaign are also heavily obfuscated to make sure that secure email gateways will not be able to detect the malicious messages and automatically block them before they land in the targets' inboxes.

Fake shipping notices and charity frauds are two scams cited by the security company GreatHorn, which offers tips to consumers on how to avoid them. In a blog post published on Thursday, security company GreatHorn warns of four different scams likely to pop up this season and offers advice on how to combat them.

Nuspire released a report, outlining new cybercriminal activity and tactics, techniques and procedures throughout Q3 2020, with additional insight from Recorded Future. Malware campaigns, like Emotet, utilized these events as phishing lure themes to assist in delivery.

A new email tool advertised on a cybercriminal forum provides a stealthier method for carrying out fraud or malware attacks by allowing messages to be injected directly into the victim's inbox. Called "Email Appender," the tool can enable more sophisticated phishing and business email compromise attacks as well as help the less technical actors in the ransomware business.

The number of phishing incidents in 2020 is now set to increase 15% year-on-year, though this could soon change as second waves of the pandemic spread. The three primary objectives for COVID-19-related phishing emails were identified as fraudulent donations to fake charities, credential harvesting and malware delivery. "The risk of being phished is higher than ever and fraudsters are increasingly using digital certificates to make their sites appear genuine," said David Warburton, Senior Threat Evangelist at F5 Labs.

As COVID-19 continues to threaten the world, these types of attacks are expected to persist, according to cyber threat intelligence provider Check Point Research. In a report released Tuesday titled Securing the 'next normal, Check Point discussed its 2021 predictions in the face of the pandemic.