Security News

TransUnion surveyed consumers in six countries and found that phishing was the preferred method of attack 27% of the time. Credit agency TransUnion has found that COVID-19 related scams have targeted 32% of people around the world, and phishing is the method of choice, accounting for 27% of those attacks.

By hosting phishing pages at a legitimate cloud service, cybercriminals try to avoid arousing suspicion, says Check Point Research. The idea is that such phishing pages will better elude detection by security products and more easily ensnare unsuspecting victims.

The initial scam emails claim that the recipient must renew their Microsoft Office 365 subscription, says Abnormal Security. In a Friday blog post, Abnormal Security described two separate phishing campaigns, both of which impersonate actual notices from Microsoft.

The latest form of business email phishing attacks involve impersonating familiar senders, a GreatHorn report found. GreatHorn also acknowledged this uptick the report noted that this view isn't fully adequate in understanding how phishing email attacks are evolving, and how security teams are responding to those threats.

An issue related to the Zoom feature that allows for the customization of meeting URLs could have been exploited for phishing attacks, Check Point reveals. The recently identified security issue, Check Point says, is related to the Zoom Vanity URL, a custom URL that organizations are required to use when looking to enable single sign-on.

Email phishing attacks work by spoofing or referencing well-known topics that the attackers hope will arouse fear or concern or interest on the part of the recipients. To compile its "Q2 2020 Top-Clicked Phishing Report," KnowBe4 examined tens of thousands of email subject lines from simulated phishing tests as well as "In-the-wild" email messages that employees received and reported to their IT departments as suspicious.

Researchers at Armorblox recently spotted a pair of savvy campaigns leveraging Amazon: A credential-phishing attempt using a purported Amazon delivery order failure notice; and a voice phishing attempt also using Amazon delivery order. Both are examples of the ever-more sophisticated phishing efforts being developed by fraudsters that are aimed at gaming traditional email security efforts, researchers said.

In this type of phishing campaign, attackers trick people into giving a malicious app consent to access sensitive data, says Microsoft. A more specialized type of campaign known as consent phishing aims to grab sensitive data not by snagging your password but by tricking you into giving the necessary permissions to a malicious app.

Microsoft has taken legal action to seize web domains being used to launch coronavirus-themed phishing attacks. "Microsoft's Digital Crimes Unit first observed these criminals in December 2019, when they deployed a sophisticated, new phishing scheme designed to compromise Microsoft customer accounts," said the mega-corp in a blog post this week.

A new phishing campaign spotted by Abnormal Security attempts to trick people with a phony Twitter security notification. A new phishing campaign analyzed by the security provider Abnormal Security shows how the attackers are taking advantage of Twitter users to steal account credentials.