May 13, 2023Ravie Lakshmanan A new phishing-as-a-service (PhaaS or PaaS) platform named Greatness has been leveraged by cybercriminals to target business users of the Microsoft 365 cloud service since at least mid-2022, effectively lowering the bar to entry for phishing attacks. "Greatness, for now, is only focused on Microsoft 365 phishing pages, providing its affiliates … [Read more...] about New Phishing-as-a-Service Platform Lets Cybercriminals Generate Convincing Phishing Pages
Phishing
Researchers Warn of Kavach 2FA Phishing Attacks Targeting Indian Govt. Officials
Dec 23, 2022Ravie LakshmananCyber Espionage / Pakistani Hackers A new targeted phishing campaign has zoomed in on a two-factor authentication solution called Kavach that's used by Indian government officials. Cybersecurity firm Securonix dubbed the activity STEPPY#KAVACH, attributing it to a threat actor known as SideCopy based on tactical overlaps with prior attacks. ".LNK … [Read more...] about Researchers Warn of Kavach 2FA Phishing Attacks Targeting Indian Govt. Officials
How can I help protect my company from phishing attacks?
I’m sure you’ve seen them — emails or messages that sound alarming and ask you to act quickly. We live in a digital world that produces hundreds of messages and alerts every day. It’s often hard to determine the validity of a suspicious message or phishing email. Whether you are an administrator, or an end-user, it can be overwhelming to accurately identify a malicious message. … [Read more...] about How can I help protect my company from phishing attacks?
BazarCall Callback Phishing Attacks Constantly Evolving Its Social Engineering Tactics
The operators behind the BazaCall call back phishing method have continued to evolve with updated social engineering tactics to deploy malware on targeted networks. The scheme eventually acts as an entry point to conduct financial fraud or the delivery of next-stage payloads such as ransomware, cybersecurity company Trellix said in a report published last week. Primary targets … [Read more...] about BazarCall Callback Phishing Attacks Constantly Evolving Its Social Engineering Tactics
Conti Cybercrime Cartel Using ‘BazarCall’ Phishing Attacks as Initial Attack Vector
Three different offshoots of the notorious Conti cybercrime cartel have resorted to the technique of call-back phishing as an initial access vector to breach targeted networks. "Three autonomous threat groups have since adopted and independently developed their own targeted phishing tactics derived from the call back phishing methodology," cybersecurity firm AdvIntel said in a … [Read more...] about Conti Cybercrime Cartel Using ‘BazarCall’ Phishing Attacks as Initial Attack Vector
Twilio Suffers Data Breach After Employees Fall Victim to SMS Phishing Attack
Customer engagement platform Twilio on Monday disclosed that a "sophisticated" threat actor gained "unauthorized access" using an SMS-based phishing campaign aimed at its staff to gain information on a "limited number" of accounts. The social-engineering attack was bent on stealing employee credentials, the company said, calling the as-yet-unidentified adversary … [Read more...] about Twilio Suffers Data Breach After Employees Fall Victim to SMS Phishing Attack
Callback Phishing Campaigns Impersonate CrowdStrike, Other Cybersecurity Companies
Today CrowdStrike sent the following Tech Alert to our customers: On July 8, 2022, CrowdStrike Intelligence identified a callback phishing campaign impersonating prominent cybersecurity companies, including CrowdStrike. The phishing email implies the recipient’s company has been breached and insists the victim call the included phone number. This campaign leverages similar … [Read more...] about Callback Phishing Campaigns Impersonate CrowdStrike, Other Cybersecurity Companies
Microsoft Warns of Large-Scale AiTM Phishing Attacks Against Over 10,000 Organizations
Microsoft on Tuesday disclosed that a large-scale phishing campaign targeted over 10,000 organizations since September 2021 by hijacking Office 365's authentication process even on accounts secured with multi-factor authentication (MFA). "The attackers then used the stolen credentials and session cookies to access affected users' mailboxes and perform follow-on business email … [Read more...] about Microsoft Warns of Large-Scale AiTM Phishing Attacks Against Over 10,000 Organizations
Scammers used phishing QR codes to hijack QQ accounts
Folks today are generally mostly aware that clicking links from questionable sources, for example in e-mails, isn’t a good idea. However, when it comes to scanning QR codes, people are often much less vigilant. In fact, QR codes can be even more dangerous: while you can check a link with your own eyes before clicking, that’s not the case with a QR code. So perhaps this story … [Read more...] about Scammers used phishing QR codes to hijack QQ accounts
Wells Fargo phishing e-mails | Kaspersky official blog
Scammers often pose as well-known companies: video streaming services, job hunting websites, internet stores and so on. This time, phishers are targeting customers of Wells Fargo, one of the four largest US banks, providing services in more than 40 countries. Counting on the bank’s trustworthiness, the cybercriminals don’t limit themselves to stealing bank card details, but go … [Read more...] about Wells Fargo phishing e-mails | Kaspersky official blog