The Hacker News

JANUARY 26, 2021

An evolving phishing campaign observed at least since May 2020 has been found to target high-ranking company executives across manufacturing, real estate, finance, government, and technological sectors with the goal of obtaining sensitive information.

Phishing 129

Phishing Social Engineering Manufacturing Engineering 129

CSO Magazine

MARCH 28, 2022

Blame it on pandemic fatigue, remote work or just too much information, but employees appear to be lowering their guard when it comes to detecting social engineering tricks. Attackers were more successful with their social engineering schemes last year than they were a year earlier, according to Proofpoint.

Social Engineering 97

Social Engineering Engineering Phishing 97

Security Affairs

NOVEMBER 18, 2020

Microsoft is tracking an ongoing Office 365 phishing campaign aimed at enterprises that is able to detect sandbox solutions and evade detection. Microsoft is tracking an ongoing Office 365 phishing campaign that is targeting enterprises, the attacks are able to detect sandbox solutions and evade detection.

Phishing 143

Phishing Social Engineering Passwords Security Intelligence 143

Security Affairs

JUNE 8, 2023

North Korea-linked APT Kimsuky has been linked to a social engineering campaign aimed at experts in North Korean affairs. SentinelLabs researchers uncovered a social engineering campaign by the North Korea-linked APT group Kimsuky that is targeting experts in North Korean affairs. ” concludes the report.

Social Engineering 98

Social Engineering Engineering Malware Risk 98

Krebs on Security

JUNE 15, 2024

0KTAPUS In August 2022, KrebsOnSecurity wrote about peering inside the data harvested in a months-long cybercrime campaign by Scattered Spider involving countless SMS-based phishing attacks against employees at major corporations. A Scattered Spider phishing lure sent to Twilio employees.

Hacking 336

Hacking Cybercrime Phishing Passwords 336

Krebs on Security

AUGUST 19, 2021

“According to this actor, he had originally intended to send his targets—all senior-level executives—phishing emails to compromise their accounts, but after that was unsuccessful, he pivoted to this ransomware pretext,” Hassold wrote. billion in 2020. Image: FBI. DON’T QUIT YOUR DAY JOB.

Ransomware 363

Ransomware Social Engineering Cybercrime Scams 363

Duo's Security Blog

FEBRUARY 25, 2021

The first known mention of the word “phishing” happened in the America Online (AOL) user group named appropriately “AOHell. Phishing has raised hell ever since. As technology has evolved so has the sophistication of targeted phishing attacks. What is spear-phishing? What happened when a popular company was breached?

Phishing 106

Phishing Social Engineering Engineering Authentication 106

SecureWorld News

FEBRUARY 13, 2025

Evolution of social engineering Social engineering exploits human psychology to manipulate individuals into revealing sensitive information or taking harmful actions. Deepfakes are revolutionizing social engineering attacks, making them more deceptive and harder to detect.

Social Engineering 84

Social Engineering Authentication Identity Theft Education 84

Krebs on Security

JANUARY 30, 2024

2022 that an intrusion had exposed a “limited number” of Twilio customer accounts through a sophisticated social engineering attack designed to steal employee credentials. ” Group-IB dubbed the gang by a different name — 0ktapus — which was a nod to how the criminal group phished employees for credentials.

Social Engineering 357

Social Engineering Mobile Passwords Cybercrime 357

SecureList

MARCH 1, 2021

In 2020, Kaspersky mobile products and technologies detected: 5,683,694 malicious installation packages, 156,710 new mobile banking Trojans, 20,708 new mobile ransomware Trojans. It just so happened that the year 2020 gave hackers a large number of powerful news topics, with the COVID-19 pandemic as the biggest of these.

Mobile 145

Mobile Malware Adware Banking 145

SecureList

AUGUST 23, 2021

billion USD in 2021, which is slightly less than the total revenue in 2020 but still significantly above the pre-pandemic figures. This rapid growth owes a lot to the surge in mobile gaming and focus on social interaction during the pandemic. Pandemic-related statistics cover the period of January 2020 through June 2021.

Mobile 140

Mobile Adware Malware Phishing 140

Krebs on Security

AUGUST 30, 2022

A recent spate of SMS phishing attacks from one cybercriminal group has spawned a flurry of breach disclosures from affected companies, which are all struggling to combat the same lingering security threat: The ability of scammers to interact directly with employees through their mobile devices. 2, and Aug.

Mobile 341

Mobile Phishing Authentication Accountability 341

Security Boulevard

JUNE 17, 2022

The tactics, techniques, and procedures (TTPs) of this threat actor have a high overlap with a previous voicemail campaign that ThreatLabz analyzed in July 2020. Voicemail-themed phishing campaigns continue to be a successful social engineering theme used by this threat actor to lure victims in opening a malicious attachment.

Phishing 128

Phishing Social Engineering Manufacturing Healthcare 128

Hot for Security

MARCH 18, 2021

The Cybersecurity & Infrastructure Security Agency (CISA) and the FBI have released a Joint Cybersecurity Advisory on TrickBot warning that a sophisticated group of cyber actors are sending phishing emails claiming to contain proof of traffic violations to lure victims into downloading the insidious malware.

Phishing 119

Phishing Social Engineering Malware Antivirus 119

Security Affairs

FEBRUARY 25, 2022

The CERT of Ukraine (CERT-UA) warned of a spear-phishing campaign targeting Ukrainian armed forces personnel. The Computer Emergency Response Team of Ukraine (CERT-UA) is warning of an ongoing spear-phishing campaign targeting private email accounts belonging to Ukrainian armed forces personnel. reads a translation of the message.

Phishing 121

Phishing Social Engineering Government Accountability 121

Daniel Miessler

MAY 19, 2021

Top three patterns in breaches were: social engineering, basic web application attacks, and system intrusion. Top three patterns in incidents were: denial of service, basic web application attacks, and social engineering. Internal actors moved significantly towards External in 2020.

Data breaches 192

Data breaches Social Engineering Ransomware Phishing 192

Approachable Cyber Threats

SEPTEMBER 14, 2021

According to DBIR, social engineering and basic web application attacks account for over 50% of all incidents of breaches. When we thought about 2020, it felt like hackers and ransomware should have been at the top (these fall under system intrusion). What did “the internet” think was causing breaches in 2020?

Data breaches 98

Data breaches Social Engineering Engineering Computers and Electronics 98

The Last Watchdog

APRIL 14, 2022

This type of targeted phishing or whaling (executive-level) attack tricks email recipients into believing someone they know and trust is asking them to carry out a specific financial task. Today’s BEC attempts aren’t the easy-to-spot, typo-laden phishing campaigns of the past. The short answer: Not always. Prevention is the cure.

Phishing 247

Phishing Accountability Scams Social Engineering 247

eSecurity Planet

AUGUST 16, 2021

A phishing campaign that Microsoft security researchers have been tracking for about a year highlights not only the ongoing success of social engineering efforts by hackers to compromise systems, but also the extent to which the bad actors will go to cover their tracks while stealing user credentials. Invoice-Themed Lures.

Phishing 109

Phishing Social Engineering Passwords Engineering 109

eSecurity Planet

MARCH 31, 2022

Approximately 83 percent of organizations said they faced a successful phishing attempt in 2021, up from 57 percent in 2020. This guide breaks down the different types of phishing attacks and provides examples to help organizations better prepare their staff to deal with them. What is Phishing? Spear Phishing.

Phishing 131

Phishing Banking Social Engineering Scams 131

Malwarebytes

AUGUST 18, 2021

Phishing scammers love well known brand names, because people trust them, and their email designs are easy to rip off. Google searches for DocuSign almost doubled during March 2020, and stayed there, as so many people around the world started working from home. We’ve included some examples of DocuSign phishing campaigns below.

Phishing 145

Phishing Password Management Passwords Accountability 145

SC Magazine

JANUARY 26, 2021

companies as a primary target of a new phishing scheme. Cybercriminals have been using a phishing kit featuring fake Office 365 password alerts as a lure to target the credentials of chief executives, business owners and other high-level corporate leaders. The company could not be certain, however, if the V4 phishing kit was involved.

Phishing 118

Phishing Passwords Security Awareness Social Engineering 118

Security Boulevard

APRIL 23, 2021

Phishing is today’s most dangerous cyberattack. Google noted a more than 600% spike in phishing attacks in 2020 compared to 2019 with a total of 2,145,013 phishing sites registered as of January 17, 2021, up from 1,690,000 on Jan 19, 2020. Phishing doesn’t discriminate. So did the 2020 Twitter hack.

Phishing 101

Phishing Scams Media Accountability 101

Security Boulevard

OCTOBER 15, 2021

In the Human Hacking report recently published by SlashNext Threat Labs, data shows phishing attacks rose 51% over 2020 (a record-breaking year), and 59% were credential stealing.

Social Engineering 52

Social Engineering Engineering Phishing Hacking 52

SecureList

AUGUST 5, 2021

A fake notification about a Microsoft Teams meeting or a request to view an important document traditionally takes the victim to a phishing login page asking for corporate account credentials. Statistics: phishing. In phishing terms, Q2 2021 was fairly uneventful. Geography of phishing attacks. Source of spam by country.

Phishing 135

Phishing Banking Scams Computers and Electronics 135

Security Affairs

APRIL 7, 2021

Crooks increasingly often use legitimate services such as Google Forms and Telegram to obtain user data stolen on phishing websites. Last year, Group-IB identified phishing kits targeting over 260 unique brands. Last year, Group-IB identified phishing kits targeting over 260 unique brands.

Phishing 103

Phishing Cybercrime Social Engineering Accountability 103

SecureWorld News

FEBRUARY 25, 2022

Proofpoint has announced its 2022 State of the Phish report, which is the latest in-depth look at end-user awareness, vulnerability, and resilience. The eighth annual study features an analysis of global survey responses, simulated phishing exercises, and real-world attacks.

Phishing 98

Phishing Risk Security Awareness Social Engineering 98

SecureList

FEBRUARY 9, 2022

Our Anti-Phishing system blocked 253 365 212 phishing links. Safe Messaging blocked 341 954 attempts to follow phishing links in messengers. Hurry up and lose your account: phishing in the corporate sector. Another noticeable phishing trend targeting the corporate sector was to exploit popular cloud services as bait.

Phishing 101

Phishing Scams Accountability Banking 101

SecureWorld News

JULY 31, 2020

Even the title of SecureWorld's first story about the incident had questions: "Famous Twitter Accounts Hacked: Insider Threat or Social Engineering Attack?". Spear phishing: what security experts are saying. We all know how damaging a spear phishing attack can be. But now, Twitter finally has given us some answers.

Phishing 98

Phishing Cyber Attacks Social Engineering Accountability 98

Hacker's King

DECEMBER 16, 2024

The SolarWinds attack in 2020 is a prime example of cybercriminals infiltrating a software company and compromising its products, allowing them to access hundreds of organizations, including government agencies and Fortune 500 companies. Simulated phishing exercises can help staff become more aware of these threats.

Cyber Attacks 59

Cyber Attacks Phishing Artificial Intelligence Penetration Testing 59

CyberSecurity Insiders

FEBRUARY 22, 2022

And security experts from Check Point believe that the malicious software has so far targeted over 140,000 victims since November 2020, hitting high profile victims including those on PayPal, Microsoft, Amazon, Bank of America and Wells Fargo.

Malware 122

Malware Social Engineering Banking Phishing 122

Krebs on Security

OCTOBER 2, 2023

These company-specific Zoom links, which include a permanent user ID number and an embedded passcode, can work indefinitely and expose an organization’s employees, customers or partners to phishing and other social engineering attacks. Image: @Pressmaster on Shutterstock. And that was from just a few minutes of searching.

Engineering 312

Engineering Encryption Social Engineering Healthcare 312

Daniel Miessler

SEPTEMBER 29, 2020

DanielMiessler) September 19, 2020. SafetyDetectives reports the average cost of a ransomware-caused downtime incident has risen from $46,800 in 2018, to $141,000 in 2019, to $283,800 in 2020. A ransomware attack against the New Orleans city government in early 2020 cost the city over $7 million dollars.

Ransomware 246

Ransomware Government Social Engineering Small Business 246

Approachable Cyber Threats

MARCH 22, 2021

Through phishing. What’s phishing again?” Phishing is a specific type of cyber attack through which hackers and scammers use email to trick you. It’s part of a broader cyber attack called “social engineering” that includes other avenues like phone calls, text messages, and even impersonating people in real life.

Phishing 98

Phishing Passwords Education Authentication 98

Hot for Security

MARCH 24, 2021

Fraud losses climbed to $56 billion in 2020 and identity fraud scams accounted for a staggering $43 billion of that cost, according to a new report. As consumers relied increasingly on digital payment products during 2020, identity fraud scams kept pace with this shift in behavior, the report reveals.

Scams 122

Scams Accountability Authentication Internet 122

Malwarebytes

JUNE 19, 2023

A particularly nasty slice of phishing, scamming, and social engineering is responsible for DoorDash drivers losing a group total of around $950k. A 21 year old man named David Smith, from Connecticut, allegedly figured out a way to extract large quantities of cash from drivers with a scam stretching back to 2020.

Scams 97

Scams Phishing Password Management Passwords 97

SecureList

FEBRUARY 16, 2023

Short-lived phishing sites often offered to see the premieres before the eagerly awaited movie or television show was scheduled to hit the screen. At the beginning of that year, we still observed phishing attacks that used the themes of infection and prevention as the bait.

Phishing 118

Phishing Scams Accountability Energy and Utilities 118