Fox News reports: Cybercriminals have found a clever new way to get phishing emails straight into inboxes. Instead of spoofing brands, they are abusing real cloud tools that people already trust. Security researchers say attackers recently hijacked a legitimate email feature inside Google Cloud. The result was thousands of phishing messages that looked and felt like […]
The Register reports: The US says it has shut down a platform used by cybercriminals to break into Americans’ bank accounts. A law enforcement splash page now appears when trying to reach web3adspanels.org, which supported SEO poisoning campaigns designed to steal people’s bank account credentials. Criminals would pay for prime slots in search engine results, […]
Mark Rasch writes: When something goes wrong, after exhausting all other possible alternatives, a company may go to its lawyer with the silliest question you can ever ask a lawyer — “Can I sue?” The basic answer is, “if it moves, sue it…” “If it doesn’t move… move it… then sue it…” And when asked, […]
If you shop online, be aware of this massive campaign using spoofed websites. The Record reports: Researchers have uncovered a sprawling network of fraudulent retail websites impersonating major global brands in an effort to steal payment data from online shoppers. The campaign, which has been active for months, uses thousands of phishing websites that mimic […]
PhileNews reports: Cyprus Airways has warned customers of a potential personal data breach following a phishing attack that gave unauthorised access to passenger information. The airline said in an email to customers that an unauthorised external party recently gained access to a passenger file through credential phishing, though there was no breach of the company’s servers or electronic […]
TechRadar reports: Researchers have discovered a clever and elaborate phishing scheme that abused Google’s services to trick people into giving away their credentials for the platform. Lead developer of the Ethereum Name Service, Nick Johnson, recently received an email that seemed to have come from no-reply@google.com. The email said that law enforcement subpoenaed Google for content found in […]
Bleeping Computer reports: ClickFix attacks are gaining traction among threat actors, with multiple advanced persistent threat (APT) groups from North Korea, Iran, and Russia adopting the technique in recent espionage campaigns. ClickFix is a social engineering tactic where malicious websites impersonate legitimate software or document-sharing platforms. Targets are lured via phishing or malvertising and shown […]
Need a well-written phishing email but your English is not up to snuff? For a mere $50.00, you can get a chatbot to write malicious code for you. Abnormal Security reports: Artificial intelligence (AI) tools have changed the way we tackle day-to-day tasks, but cybercriminals are twisting that same technology for illegal activities. In 2023, WormGPT made […]
Commercial News- Danville reports a phishing attack on April 25 successfully gained access to a number of Illinois Department of Human Services (IDHS) employees’ email accounts. The result was more than 1 million people had their information accessed. More than 4,700 people — three of whom were employees — had their Social Security numbers in […]
