TechRadar reports: Researchers have discovered a clever and elaborate phishing scheme that abused Google’s services to trick people into giving away their credentials for the platform. Lead developer of the Ethereum Name Service, Nick Johnson, recently received an email that seemed to have come from no-reply@google.com. The email said that law enforcement subpoenaed Google for content found in […]
Bleeping Computer reports: ClickFix attacks are gaining traction among threat actors, with multiple advanced persistent threat (APT) groups from North Korea, Iran, and Russia adopting the technique in recent espionage campaigns. ClickFix is a social engineering tactic where malicious websites impersonate legitimate software or document-sharing platforms. Targets are lured via phishing or malvertising and shown […]
Need a well-written phishing email but your English is not up to snuff? For a mere $50.00, you can get a chatbot to write malicious code for you. Abnormal Security reports: Artificial intelligence (AI) tools have changed the way we tackle day-to-day tasks, but cybercriminals are twisting that same technology for illegal activities. In 2023, WormGPT made […]
Commercial News- Danville reports a phishing attack on April 25 successfully gained access to a number of Illinois Department of Human Services (IDHS) employees’ email accounts. The result was more than 1 million people had their information accessed. More than 4,700 people — three of whom were employees — had their Social Security numbers in […]
The U.S. voting public is the target of misinformation campaigns from within and from without. The Financial Times reports that one of the foreign sources of attempted interference in our election is Iran: Iranian state-backed actors have sought to access senior US political figures’ email accounts and launched “covert news sites” aimed at American readers […]
No matter how many warnings are issued and how many times employees may be trained to avoid phishing attacks, some will fall for it. But 25 departments of a county government? Was this a failure of training or are the phishing attacks getting harder to detect because of the use of AI to compose the […]
So far, the CryptoChameleon phishing scam has successfully phished over 100 victims, with many still active. Lookout has discovered a multi-pronged phishing campaign, dubbed “CryptoChameleon,” that mimics legitimate login pages for cryptocurrency platforms and the Federal Communications Commission (FCC) via mobile devices. The kit uses carbon copies of SSO pages and phishing via email, SMS, and […]
Panda Security has a blog post on phishing and how it so profitable that criminals don’t always use stolen credentials themselves — they just sell them to other criminals. From the blog post: Phishing attacks have one purpose – to steal your usernames and passwords. Cybercriminals use carefully crafted messages to trick you into visiting a […]
Four-in-ten employees sacked over email security breaches as firms tackle “truly staggering” increase in attacks
ITPro reports: Nearly half of workers responsible for email security breaches over the last year have been sacked, according to new search, as cyber leaders begin taking a tougher stance amid a surge in attacks. Research from cyber security firm Egress found that 94% of organizations globally have experienced a serious email security incident in […]