Security News

A standard phishing attack typically involves sending people an email or text message spoofing a known company, brand or product in an attempt to install malware or steal sensitive information. The emails borrowed the look and layout of actual emails from Microsoft and even included information on a subscription for Microsoft Defender Advanced Protection that supposedly was ordered by the recipient.

According to researchers at Armorblox, the emails bypassed native Microsoft email security controls along with email security engines like Exchange Online Protection and Proofpoint, landing in tens of thousands of corporate inboxes. The attackers used the same look and feel from a branding perspective as the real Geek Squad, Iyer said, and the email body language "Carefully [tread] the line between vagueness and urgency-inducing specificity."

Fraudsters are sending out fake Amazon order emails and tricking online shoppers into calling a telephone number manned by them to steal the shoppers' credit card details and other sensitive information. Both emails look contain Amazon branding and follow a structure similar to real order confirmation emails from Amazon but, if one knows where to look, there are many indications that the emails are fraudulent.

The attacks used fake order receipts and phone numbers in an attempt to steal credit card details from unsuspecting victims, says Armorblox. A standard phishing campaign uses email to try to trick people into divulging confidential information.

Attackers are tricking employees into logging into phishing sites.

The Federal Bureau of Investigation has issued a notification warning of ongoing vishing attacks attempting to steal corporate accounts and credentials for network access and privilege escalation from US and international-based employees. In multiple cases, once they gained access to the company's network, the threat actors gained greater network access than expected allowing them to escalate privileges using the compromised employees' accounts.

Phone scams, where a person or a computer calls you up and tries to trick you into saying, buying or doing something you later regret, are still a prevalent sort of cybercrime. What we have noticed is that most of the scam calls we're getting these days are automated, and that the calls themselves - just like phishing emails that are trying to cajole you into taking the next step by yourself - are merely calls-to-action, not full-on sales pitches in their own right.

Two young men from the eastern United States have been hit with identity theft and conspiracy charges for allegedly stealing bitcoin and social media accounts by tricking employees at wireless phone companies into giving away credentials needed to remotely access and modify customer account information. Investigators allege the duo set up phishing websites that mimicked legitimate employee portals belonging to wireless providers, and then emailed and/or called employees at these providers in a bid to trick them into logging in at these fake portals.

The V in vishing stands for voice, and it's a way of referring to scams that arrive by telephone in the form of voice calls, rather than as electronic messages. We can't tell whether this is just one group of crooks who are focusing on both vishing and the UK at the moment, or if it's a broader global trend, but we are experiencing unwanted vishing calls at a much greater rate than any time in the past few years.

On August 20, 2020 the Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency issued a joint security advisory, warning about an ongoing wave of vishing attacks targeting the US private sector. Vishing is a form of criminal phone fraud, combining one-on-one phone calls with custom phishing sites.