Security News

A new report from Kaspersky found that cybercriminals are using the increase in delivery demand to push convincing phishing emails into thousands of inboxes. "The spikes in demand are causing in-transit times to stretch out. As a result, customers are getting used to receiving apologetic messages from couriers linking to updated shipping statuses. Recently, we have observed a number of fake sites and emails supposedly from delivery services exploiting the coronavirus topic," Kaspersky Lab anti-spam analyst Tatyana Shcherbakova wrote in a blog post.

A sophisticated phishing kit has been used by multiple cybercrime groups to target high-ranking employees in North America and other parts of the world, and researchers believe there are at least 150 victims. The emails and PDF documents used in the PerSwaysion campaign have been created with a phishing kit and an associated PDF generator that Group-IB believes was developed by someone in Vietnam.

Cyber scammers are starting to use legitimate reCAPTCHA walls to disguise malicious content from email security systems, Barracuda Networks has observed. The reCAPTCHA walls prevent email security systems from blocking phishing attacks and make the phishing site more believable in the eyes of the user.

A highly targeted phishing campaign, with a Microsoft file platform twist, has successfully siphoned the Office 365 credentials of more than 150 executives since mid-2019. Second, the initial phishing emails are sent from legitimate but previously compromised email addresses - which cloak the fact that they're attacker-controlled.

Google is striving to block Gmail messages and other content that exploit COVID-19, but there are steps users can take to fight such malware.

Since January, more than 4,000 domains related to coronavirus stimulus packages have been registered, many of them malicious or suspicious, according to Check Point Research.

Dubbed 'PerSwaysion,' the newly spotted cyberattack campaign leveraged Microsoft file-sharing services-including Sway, SharePoint, and OneNote-to launch highly targeted phishing attacks. According to a report Group-IB Threat Intelligence team published today and shared with The Hacker News, PerSwaysion operations attacked executives of more than 150 companies around the world, primarily with businesses in finance, law, and real estate sectors.

Dubbed 'PerSwaysion,' the newly spotted cyberattack campaign leveraged Microsoft file-sharing services-including Sway, SharePoint, and OneNote-to launch highly targeted phishing attacks. According to a report Group-IB Threat Intelligence team published today and shared with The Hacker News, PerSwaysion operations attacked executives of more than 150 companies around the world, primarily with businesses in finance, law, and real estate sectors.

More than 150,000 emails spreading the Hupigon RAT that use adult dating as a lure have been uncovered, with almost half being sent to U.S. university and college email addresses. Several U.S. universities have been targeted in a widespread spear-phishing attack that uses adult dating as a lure.

These emails claim to offer help on getting government funds but instead lead recipients to a web page that tries to capture their banking credentials. A button on the site proclaims: "Get Economic Impact Payment Now." Clicking on that button triggers a dropdown menu with the names of well-known banks, such as Wells Fargo, Chase, Bank of America, and Citizens Bank.