Security News

The spread of the coronavirus has triggered a surge in templates that spoof government agencies and health organizations in an effort to capture personal information from people. In a blog post published Thursday, security provider Proofpoint looks at several virus-themed templates that have been used in phishing attacks.

Phishers are incessantly pumping out COVID-19 themed phishing campaigns and refining the malicious pages the targets are directed to. "Credential phishing attackers often tailor their email lures with themes they believe will be the most effective and use general websites for actual credential harvesting. The recent move to create custom COVID-19 payment phishing templates indicates that buyers view them as effective enough to warrant custom tactics to harvest credentials," Proofpoint researchers have noted.

That's especially true with phishing emails that attempt to hide the source of their deceptive landing pages and spoof or reference a well-known company or brand. A new phishing attack analyzed by Armorblox takes advantage of Symantec to trick users into falling for the scam.

Motimatic, a social impact company that enhances motivation and reinforces positive behavior through its marketing-for-good platform, announced the launch of a new cybersecurity solution for corporate employees. Motimatic for Cybersecurity enables enterprises to complement their existing cybersecurity investments by leveraging the power of social media and digital advertising to deliver targeted messages that educate employees, reinforce best practices, and motivate viewers to take preventative measures against cyberattacks.

The campaign impersonates Zoom emails, but steals the Microsoft account credentials of its victims, says security firm Abnormal Security. A new phishing campaign spotted by Abormal Security takes advantage of the popularity of Zoom to try to capture account credentials of unsuspecting users.

We believe we are less likely than others are to fall for phishing scams, thereby underestimating our own exposure to risk, a cybersecurity study has found. Half of the subjects were asked how likely they were to take the requested action while the other half was asked how likely another, specifically, "Someone like them," would do so.

Phishing emails typically try to ensnare their victims by impersonating well-known companies, brands, products, and other items used by a lot of people. The phishing email itself tries to look legitimate by copying the content and images of real emails from DocuSign.

The lifespan of phishing attacks in H2 2019 has grown considerably and resulted in the tremendous increase in the number of phishing websites blockages, says Group-IB's Computer Emergency Response Team. In H2 2019 CERT-GIB blocked a total of 8, 506 phishing web resources, while in H2 2018, the figure stood at 2,567.

The email tells recipients that "The best way to update details is to log on to your EE" and offers a hyperlink that states 'view billing to make sure your account details are correct' to entice the recipient to click the phishing link. The phishing landing page uses the trusted HTTPS protocol within the URL. The use of HTTPS, which other phishing campaigns have utilized, gives false hope to the user that network traffic is being encrypted and that it's therefore safe.

A new phishing campaign discovered by security provider Abnormal Security is exploiting the greater use of Teams as a way to hijack Microsoft account credentials. In a blog post published on Friday, Abnormal Security found a series of convincing emails designed to spoof notification messages from Microsoft Teams.