If you shop online, be aware of this massive campaign using spoofed websites. The Record reports: Researchers have uncovered a sprawling network of fraudulent retail websites impersonating major global brands in an effort to steal payment data from online shoppers. The campaign, which has been active for months, uses thousands of phishing websites that mimic […]
PhileNews reports: Cyprus Airways has warned customers of a potential personal data breach following a phishing attack that gave unauthorised access to passenger information. The airline said in an email to customers that an unauthorised external party recently gained access to a passenger file through credential phishing, though there was no breach of the company’s servers or electronic […]
TechRadar reports: Researchers have discovered a clever and elaborate phishing scheme that abused Google’s services to trick people into giving away their credentials for the platform. Lead developer of the Ethereum Name Service, Nick Johnson, recently received an email that seemed to have come from no-reply@google.com. The email said that law enforcement subpoenaed Google for content found in […]
Bleeping Computer reports: ClickFix attacks are gaining traction among threat actors, with multiple advanced persistent threat (APT) groups from North Korea, Iran, and Russia adopting the technique in recent espionage campaigns. ClickFix is a social engineering tactic where malicious websites impersonate legitimate software or document-sharing platforms. Targets are lured via phishing or malvertising and shown […]
Need a well-written phishing email but your English is not up to snuff? For a mere $50.00, you can get a chatbot to write malicious code for you. Abnormal Security reports: Artificial intelligence (AI) tools have changed the way we tackle day-to-day tasks, but cybercriminals are twisting that same technology for illegal activities. In 2023, WormGPT made […]
Commercial News- Danville reports a phishing attack on April 25 successfully gained access to a number of Illinois Department of Human Services (IDHS) employees’ email accounts. The result was more than 1 million people had their information accessed. More than 4,700 people — three of whom were employees — had their Social Security numbers in […]
The U.S. voting public is the target of misinformation campaigns from within and from without. The Financial Times reports that one of the foreign sources of attempted interference in our election is Iran: Iranian state-backed actors have sought to access senior US political figures’ email accounts and launched “covert news sites” aimed at American readers […]
No matter how many warnings are issued and how many times employees may be trained to avoid phishing attacks, some will fall for it. But 25 departments of a county government? Was this a failure of training or are the phishing attacks getting harder to detect because of the use of AI to compose the […]
So far, the CryptoChameleon phishing scam has successfully phished over 100 victims, with many still active. Lookout has discovered a multi-pronged phishing campaign, dubbed “CryptoChameleon,” that mimics legitimate login pages for cryptocurrency platforms and the Federal Communications Commission (FCC) via mobile devices. The kit uses carbon copies of SSO pages and phishing via email, SMS, and […]
