Security News

Remote workers are being warned of a new phishing campaign targeting their Skype passwords. The phishing emails look "Eerily similar" to a legitimate Skype notification alert, according to a report released by Cofense on Thursday.

April is a time for tax-related phishing scams, and we haven't been let down this year despite the dominance of COVID-19-themed phishing campaigns. Security firm Abnormal Security discovered a phishing email giving a single day for the recipient to respond and claim an outstanding tax rebate from HMRC for '550.11 GBP'. The email contains an obfuscated link to a webpage masquerading as a Gov.uk page.

Because the last thing we want to see is that we all end up so focused on coronavirus-themed scams that we inadvertently create a loophole for those crooks who are carefully sending non-coronavirus scams in the hope of attracting less scrutiny - hiding in plain sight, as it were. If you simply redefine "Nigerian scams" as "Advance fee fraud scams" - in other words, you focus on how they work instead of who may or may not be perpetrating them - you learn how to recognise fraudulent money-up-front schemes in general and protect yourself much better.

As American crude oil crashed on Monday, leading to the bizarre situation of a negative futures contract price, our attention was drawn to a spear-phishing campaign against organizations involved in global oil production. A second, much smaller spear-phishing operation, impersonated a Philippines-based shipping company, targeted oil and gas companies in that country.

Since January, more than 4,000 domains related to coronavirus stimulus packages have been registered, many of them malicious or suspicious, according to Check Point Research. These attacks typically take the form of malicious apps, phishing emails, and phony websites.

Google is striving to block Gmail messages and other content that exploit COVID-19, but there are steps users can take to fight such malware. The popularity of Google Cloud services such as G Suite, Gmail, and Chrome have made their users tempting targets for malware.

GitHub has warned users that they may be targeted in a fairly sophisticated phishing campaign that the company has dubbed "Sawfish." GitHub has pointed out that this phishing campaign has several noteworthy aspects.

Financial phishing has increased in frequency and accounted for more than half of all phishing detections last year, Kaspersky says. Last year, financial phishing accounted for 51.4% of all phishing detections, an increase from the 44.7% share it saw during the previous year.

In the past week, an average of 18 million COVID-19 phishing emails were sent per day via Gmail to unsuspecting marks, according to Google. Google said its malware scanner uses deep-learning tech to detect malware on 300 billion attachments each week, and 63 per cent of dodgy docs blocked by Gmail are different from day to day.

GitHub users beware: online criminals have launched a phishing campaign to try and gain access to your accounts. They could create a GitHub personal access token, which allows the user to access their GitHub account using the Security Assertion Markup Language.