Security News

Malicious actors are resorting to voice phishing tactics to dupe victims into installing Android malware on their devices, new research from ThreatFabric reveals. Telephone-oriented attack delivery, as the social engineering technique is called, involves calling the victims using previously collected information from fraudulent websites.

Vishing cases have increased almost 550 percent during 2021, and vishing attacks have overtaken business email compromise as the second most reported response-based email threat since Q3 2021. In this video for Help Net Security, Eric George, Director of Solutions Engineering, PhishLabs, talks about this constantly evolving threat.

Vishing cases have increased almost 550 percent over the last twelve months, according to the latest Quarterly Threat Trends & Intelligence Report from Agari and PhishLabs. According to the findings, vishing attacks have overtaken business email compromise as the second most reported response-based email threat since Q3 2021.

A standard phishing attack typically involves sending people an email or text message spoofing a known company, brand or product in an attempt to install malware or steal sensitive information. The emails borrowed the look and layout of actual emails from Microsoft and even included information on a subscription for Microsoft Defender Advanced Protection that supposedly was ordered by the recipient.

According to researchers at Armorblox, the emails bypassed native Microsoft email security controls along with email security engines like Exchange Online Protection and Proofpoint, landing in tens of thousands of corporate inboxes. The attackers used the same look and feel from a branding perspective as the real Geek Squad, Iyer said, and the email body language "Carefully [tread] the line between vagueness and urgency-inducing specificity."

Fraudsters are sending out fake Amazon order emails and tricking online shoppers into calling a telephone number manned by them to steal the shoppers' credit card details and other sensitive information. Both emails look contain Amazon branding and follow a structure similar to real order confirmation emails from Amazon but, if one knows where to look, there are many indications that the emails are fraudulent.

The attacks used fake order receipts and phone numbers in an attempt to steal credit card details from unsuspecting victims, says Armorblox. A standard phishing campaign uses email to try to trick people into divulging confidential information.

Attackers are tricking employees into logging into phishing sites.

The Federal Bureau of Investigation has issued a notification warning of ongoing vishing attacks attempting to steal corporate accounts and credentials for network access and privilege escalation from US and international-based employees. In multiple cases, once they gained access to the company's network, the threat actors gained greater network access than expected allowing them to escalate privileges using the compromised employees' accounts.

Phone scams, where a person or a computer calls you up and tries to trick you into saying, buying or doing something you later regret, are still a prevalent sort of cybercrime. What we have noticed is that most of the scam calls we're getting these days are automated, and that the calls themselves - just like phishing emails that are trying to cajole you into taking the next step by yourself - are merely calls-to-action, not full-on sales pitches in their own right.