Sep 25, 2023THNCyber Attack / Phishing Ukrainian military entities are the target of a phishing campaign that leverages drone manuals as lures to deliver a Go-based open-source post-exploitation toolkit called Merlin. "Since drones or Unmanned Aerial Vehicles (UAVs) have been an integral tool used by the Ukrainian military, malware-laced lure files themed as UAVs service … [Read more...] about Ukrainian Military Targeted in Phishing Campaign Leveraging Drone Manuals
Phishing
How to spot phishing on a hacked WordPress website
Beware: hundreds of thousands of websites are fakes. They’re made to look like the sites of popular online stores, banks, and delivery services, but with just one purpose: to steal your passwords and financial data. Victims are lured to such sites by phishing emails, messenger chats, and even paid ads. But don’t despair: even if you click on a bogus link, it might still be … [Read more...] about How to spot phishing on a hacked WordPress website
New Telegram Bot “Telekopye” Powering Large-scale Phishing Scams from Russia
Aug 24, 2023THNCyber Threat / Phishing A new financially motivated operation is leveraging a malicious Telegram bot to help threat actors scam their victims. Dubbed Telekopye, a portmanteau of Telegram and kopye (meaning "spear" in Russian), the toolkit functions as an automated means to create a phishing web page from a premade template and send the URL to potential victims, … [Read more...] about New Telegram Bot “Telekopye” Powering Large-scale Phishing Scams from Russia
Lookalike attacks in phishing and BEC
You’ve received an email at work asking you to change your email password, confirm your vacation period, or make an urgent money transfer at the request of the CEO. Such unexpected requests could be the start of a cyberattack on your company, so you need to make sure it’s not a scam. So how do you check email addresses or links to websites? The centerpiece of a fake is usually … [Read more...] about Lookalike attacks in phishing and BEC
Travel phishing and online scams in 2023
Summer’s here, with the vacation season in full swing. Along with holidaymakers, tourist-targeting scammers are also getting more active. Our experts studied the dangers confronting travelers in the 2023 vacation season. Here’s what they found out… Phishing attacks on Booking.com users Let’s start with a phishing site mimicking Booking.com, one of the world’s most popular sites … [Read more...] about Travel phishing and online scams in 2023
New Phishing-as-a-Service Platform Lets Cybercriminals Generate Convincing Phishing Pages
May 13, 2023Ravie Lakshmanan A new phishing-as-a-service (PhaaS or PaaS) platform named Greatness has been leveraged by cybercriminals to target business users of the Microsoft 365 cloud service since at least mid-2022, effectively lowering the bar to entry for phishing attacks. "Greatness, for now, is only focused on Microsoft 365 phishing pages, providing its affiliates … [Read more...] about New Phishing-as-a-Service Platform Lets Cybercriminals Generate Convincing Phishing Pages
Researchers Warn of Kavach 2FA Phishing Attacks Targeting Indian Govt. Officials
Dec 23, 2022Ravie LakshmananCyber Espionage / Pakistani Hackers A new targeted phishing campaign has zoomed in on a two-factor authentication solution called Kavach that's used by Indian government officials. Cybersecurity firm Securonix dubbed the activity STEPPY#KAVACH, attributing it to a threat actor known as SideCopy based on tactical overlaps with prior attacks. ".LNK … [Read more...] about Researchers Warn of Kavach 2FA Phishing Attacks Targeting Indian Govt. Officials
How can I help protect my company from phishing attacks?
I’m sure you’ve seen them — emails or messages that sound alarming and ask you to act quickly. We live in a digital world that produces hundreds of messages and alerts every day. It’s often hard to determine the validity of a suspicious message or phishing email. Whether you are an administrator, or an end-user, it can be overwhelming to accurately identify a malicious message. … [Read more...] about How can I help protect my company from phishing attacks?
BazarCall Callback Phishing Attacks Constantly Evolving Its Social Engineering Tactics
The operators behind the BazaCall call back phishing method have continued to evolve with updated social engineering tactics to deploy malware on targeted networks. The scheme eventually acts as an entry point to conduct financial fraud or the delivery of next-stage payloads such as ransomware, cybersecurity company Trellix said in a report published last week. Primary targets … [Read more...] about BazarCall Callback Phishing Attacks Constantly Evolving Its Social Engineering Tactics
Conti Cybercrime Cartel Using ‘BazarCall’ Phishing Attacks as Initial Attack Vector
Three different offshoots of the notorious Conti cybercrime cartel have resorted to the technique of call-back phishing as an initial access vector to breach targeted networks. "Three autonomous threat groups have since adopted and independently developed their own targeted phishing tactics derived from the call back phishing methodology," cybersecurity firm AdvIntel said in a … [Read more...] about Conti Cybercrime Cartel Using ‘BazarCall’ Phishing Attacks as Initial Attack Vector