Security News

Mobile phishing is on the rise according to a new study from cybersecurity company Lookout, which found a 37% increase in enterprise mobile phishing in the first quarter of 2020. According to data collected by Lookout researchers, unmitigated mobile phishing threats could cost organizations with 10,000 mobile devices as much as $35 million per incident, and up to $150 million for organizations with 50,000 mobile devices.

The campaign impersonates Zoom emails, but steals the Microsoft account credentials of its victims, says security firm Abnormal Security.

One group that's been exploited in many of these campaigns is the World Health Organization, a tempting target as it's been trying to manage and direct some of the global efforts toward combatting COVID-19. Spoofing the WHO, a new phishing campaign spotted by security provider Abnormal Security is trying to capture the email credentials of unsuspecting users.

Digital rogues are shunning Microsoft in favour of Google when it comes to launching branded spear-phishing attacks, according to threat intel firm Barracuda Networks. The outfit reckons malicious people abusing Google services such as Drive, Docs and Cloud managed to launch 65,000 attacks between January and April.

Digital rogues are shunning Microsoft in favour of Google when it comes to launching branded spear-phishing attacks, according to threat intel firm Barracuda Networks. The outfit reckons malicious people abusing Google services such as Drive, Docs and Cloud managed to launch 65,000 attacks between January and April.

In form-based phishing attacks, scammers leverage sites such as Google Docs and Microsoft Sway to trap victims into revealing their login credentials. The initial phishing email typically contains a link to one of these legitimate sites, which is why these attacks can be difficult to detect and prevent.

The emails spoof an automated notification from AWS to try to capture Amazon account credentials, according to Abnormal Security. A blog post published Wednesday by security provider Abnormal Security describes how phishing attacks are taking advantage of Amazon Web Services to steal user credentials.

COVID-19 phishing emails have been bombarding inboxes since the virus began to spread in December and January. Cybersecurity company INKY pored through the months of coronavirus-themed phishing emails and compiled a report on where most of them were coming from, finding that the majority of IP addresses found in email headers originated from the United States.

Code hosting biz GitLab recently concluded a security exercise to test the susceptibility of its all-remote workforce to phishing - and a fifth of the participants submitted their credentials to the fake login page. The GitLab Red Team - security personnel playing the role of an attacker - obtained the domain name gitlab.company and set it up using the open source GoPhish framework and Google's GSuite to send phishing emails.

Code hosting biz GitLab recently concluded a security exercise to test the susceptibility of its all-remote workforce to phishing - and a fifth of the participants submitted their credentials to the fake login page. The GitLab Red Team - security personnel playing the role of an attacker - obtained the domain name gitlab.company and set it up using the open source GoPhish framework and Google's GSuite to send phishing emails.