Cybersecurity and Phishing - Cyber Security Informer

A Day in the Life of a Prolific Voice Phishing Crew

Krebs on Security

JANUARY 7, 2025

Besieged by scammers seeking to phish user accounts over the telephone, Apple and Google frequently caution that they will never reach out unbidden to users this way. million in an elaborate voice phishing attack. The phishing domain used to steal roughly $4.7 Image: Shutterstock, iHaMoo. “ Annie.”

Phishing

Phishing Cryptocurrency Accountability Social Engineering

China-based SMS Phishing Triad Pivots to Banks

Krebs on Security

APRIL 10, 2025

China-based purveyors of SMS phishing kits are enjoying remarkable success converting phished payment card data into mobile wallets from Apple and Google. On the left is the (test) data entered at the phishing site. On the left is the (test) data entered at the phishing site. Image: Ford Merrill. Image: SilentPush.

Phishing

Phishing Banking Mobile Retail

Phishing Threats, GenAI Among Top Cybersecurity Risks in 2025

Security Boulevard

JANUARY 10, 2025

Organizations are facing escalating threats from phishing attacks, personal app usage and the widespread adoption of generative AI (GenAI) in workplaces. According to a Netskope report, phishing attacks surged in 2024, with enterprise employees clicking on phishing links at a rate nearly three times higher than in 2023.

Phishing

Phishing Risk Cybersecurity Security Awareness

News alert: Arsen’s rolls out AI-powered phishing tests to improve social engineering resilience

The Last Watchdog

MARCH 24, 2025

24, 2025, CyberNewswire — Arsen , a leading cybersecurity company specializing in social engineering defense, today announced the full release of Conversational Phishing, a groundbreaking feature embedded in its phishing simulation platform. Paris, France, Mar. Le Coz Threats evolve.

Social Engineering

Social Engineering Engineering Phishing Security Awareness

5 Key Findings From the 2023 FBI Internet Crime Report

The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. In this eBook, we will look at the 2023 report and explore the most important cybersecurity stats and how to prevent them.

Identity Theft

AI-Powered Phishing: Defending Against New Browser-Based Attacks

SecureWorld News

JANUARY 22, 2025

The cybersecurity landscape has witnessed a dramatic shift with the rise of AI-powered phishing attacks. The evolution of AI-enhanced phishing Today's phishing attempts are far more sophisticated than ever before. Multi-factor authentication (MFA) : Enforce robust MFA protocols to add an extra layer of security.

Phishing

Phishing Threat Detection Social Engineering DNS

AI Outsmarts 'Elite' Red Teams in New Era of Phishing, Cyber Defense

SecureWorld News

APRIL 7, 2025

One of the most pressing challenges in cybersecurity is the rise of AI-driven phishing campaigns. Recent findings from Hoxhunt reveal that artificial intelligence is now outpacing human red teams in developing more sophisticated phishing attacks.

Phishing

Phishing Artificial Intelligence Cyber threats Cybersecurity

Operation Heart Blocker: International Police Disrupt Phishing Network

SecureWorld News

FEBRUARY 3, 2025

and Dutch law enforcement agencies have dismantled 39 domains and their associated servers in an effort to disrupt a Pakistan-based network of online marketplaces selling phishing and fraud-enabling tools. However, as new threat actors emerge, cybersecurity experts warn that organizations must remain vigilant. According to the U.S.

Phishing

Phishing Cybercrime Scams Authentication

iMessage text gets recipient to disable phishing protection so they can be phished

Malwarebytes

JANUARY 13, 2025

A smishing (SMS phishing) campaign is targeting iMessage users, attempting to socially engineer them into bypassing Apple’s built in phishing protection. We dont just report on threatswe remove them Cybersecurity risks should never spread beyond a headline. If it doesn’t look real then don’t click on it.

Phishing

Phishing Social Engineering Scams Mobile

Gmail Under Siege: FBI Warns of Unusual AI-Driven Phishing Attacks

eSecurity Planet

FEBRUARY 10, 2025

In a stark warning to organizations and everyday users alike, cybersecurity experts and government agencies have sounded the alarm over a new breed of Gmail-targeted phishing attacks. AI-Enhanced Cyberthreats Recent intelligence indicates that the sophistication of Gmail phishing campaigns has reached new heights.

Phishing

Phishing Artificial Intelligence Password Management Accountability

Fortinet CISO Details ‘Phish-Free’ Phishing Scheme Using PayPal

Security Boulevard

JANUARY 9, 2025

A bad actor is using a Microsoft 365 test domain and a self-created distribution list to bypass traditional email protections and entice victims to hand over their PayPal account information in what Fortinet's CISO is calling a "phish-free" phishing campaign.

CISO

CISO Phishing Accountability Social Engineering

Phishing evolves beyond email to become latest Android app threat

Malwarebytes

FEBRUARY 11, 2025

There are plenty of phish in the sea, and the latest ones have little interest in your email inbox. In 2024, Malwarebytes detected more than 22,800 phishing apps on Android, according to the recent 2025 State of Malware report. These Android phishing apps may sound high-tech, but they are not.

Phishing

Phishing Passwords Mobile Authentication

Crooks bank on Microsoft’s search engine to phish customers

Malwarebytes

NOVEMBER 4, 2024

We identified a new wave of phishing for banking credentials that targets consumers via Microsoft’s search engine. One particularly interesting detail is how a phishing website created barely two weeks ago is already indexed and displayed before the official one. We have reported the fraudulent sites to Microsoft already.

Engineering

Engineering Phishing Banking Authentication

U.S. Justice Department Cracks Down on Scattered Spider Phishing Ring

SecureWorld News

NOVEMBER 22, 2024

The United States Department of Justice (DOJ) has unsealed charges against five individuals accused of orchestrating sophisticated phishing campaigns tied to the notorious Scattered Spider cybercrime group. This case highlights the critical role of employee awareness and robust cybersecurity measures.

Phishing

Phishing Identity Theft Cryptocurrency Cybercrime

“Urgent reminder” tax scam wants to phish your Microsoft credentials

Malwarebytes

APRIL 1, 2025

If the receiver were to scan the QR code, they would be sent to a phishing site. The other big type of scams are phishing emails, like we saw above. Use security software that blocks phishing domains and other scam sites. Thank you for your prompt attention to this matter. Tax Services Team This is an automated message.

Scams

Scams Phishing Artificial Intelligence Social Engineering

Misconfigured AWS Accounts Are Fueling Phishing Campaigns

eSecurity Planet

MARCH 4, 2025

Cybersecurity researchers have uncovered a campaign where threat actors exploit misconfigured Amazon Web Services (AWS) environments to send phishing emails. How the attack works The JavaGhost group, active since 2019, initially focused on website defacements before shifting to financially motivated phishing attacks in 2022.

Phishing

Phishing Accountability Authentication Risk

WhatsApp spear phishing campaign uses QR codes to add device

Malwarebytes

JANUARY 17, 2025

Once a relationship had been established, the target would receive a phishing link or a document that contained a phishing link. How to stay safe These spear phishing campaigns are highly targeted and youll probably never see an invite to this group. There are a few simple rules that will help you avoid this kind of phishing.

Phishing

Phishing Accountability Mobile Risk

Troy Hunt Gets Phished

Schneier on Security

APRIL 4, 2025

In case you need proof that anyone , even people who do cybersecurity for a living, Troy Hunt has a long, iterative story on his webpage about how he got phished. Worth reading.

Phishing

Phishing Cybersecurity Social Engineering Engineering

Hackers Use Malicious PDFs, pose as USPS in Mobile Phishing Scam

Security Boulevard

JANUARY 27, 2025

A large-scale phishing campaign is using PDF files and hidden malicious links, as well as posing at the U.S. Postal Service, in phishing campaign targeting mobile device users in hope that victims will divulge credentials and personal information, Zimperium researchers say.

Mobile

Mobile Scams Phishing Social Engineering

GUEST ESSAY: The promise and pitfalls of using augmented reality– ‘AR’ — in cybersecurity

The Last Watchdog

NOVEMBER 11, 2024

However, before we get too carried away, it is crucial to explore the symbiotic relationship between AR and cybersecurity. This is primarily because AR is still relatively new and a rapidly evolving technology, which ultimately means that it is bound to bring about unprecedented opportunities, challenges, and even risks to cybersecurity.

Cybersecurity

Cybersecurity Social Engineering Technology Threat Detection

American Water Shuts Down Services After Cybersecurity Breach

eSecurity Planet

OCTOBER 15, 2024

The American Water cyber breach has sparked conversations about the importance of cybersecurity in safeguarding essential services and the growing frequency of cyber threats targeting public utilities. Train Employees in Cybersecurity Best Practices Phishing awareness: Many cyberattacks begin with phishing emails.

Cybersecurity

Cybersecurity Penetration Testing Cyber threats Firewall

2025 SecureWorld Theme: Once Upon a Time in Cybersecurity

SecureWorld News

JANUARY 7, 2025

Cybersecurity in today's world is akin to the enchanted realms of fairy tales, where threats lurk in dark digital forests and heroes wield keyboards instead of swords. Welcome to SecureWorld's theme for 2025: Once Upon a Time in Cybersecurity. Welcome to SecureWorld's theme for 2025: Once Upon a Time in Cybersecurity.

Cybersecurity

Cybersecurity Social Engineering Phishing Engineering

Identity Phishing: Using Legitimate Cloud Services to Steal User Access

Security Boulevard

DECEMBER 5, 2024

Identity phishing doesn’t just lead to data theft – it can also lead to financial fraud, targeted social engineering attacks and lateral movement across endpoints. The post Identity Phishing: Using Legitimate Cloud Services to Steal User Access appeared first on Security Boulevard.

Phishing

Phishing Social Engineering Engineering Security Awareness

LW ROUNDTABLE — How 2024’s cyber threats will transform the security landscape in 2025

The Last Watchdog

DECEMBER 16, 2024

Part two of a four-part series The explosion of AI-driven phishing, insider threats, and business logic abuse has forced a shift toward more proactive, AI-enhanced defenses. Alkove Jim Alkove , CEO, Oleria Identity is cybersecurity’s biggest challenge. The drivers are intensifying. Attackers arent hacking in theyre logging in.

Cyber threats

Cyber threats CISO IoT Phishing

WordPress Plugin Exploited to Turn Legitimate Sites Into Phishing Traps

Security Boulevard

JANUARY 6, 2025

The post WordPress Plugin Exploited to Turn Legitimate Sites Into Phishing Traps appeared first on Security Boulevard. A WordPress plugin known as PhishWP, has been discovered on Russian cybercrime forums and is being exploited by cybercriminals to steal sensitive data from unsuspecting users.

Phishing

Phishing Cybercrime Cybersecurity

From Notifications to Deepfakes: How Human Behaviour Is Shifting and What It Means for Cybersecurity

Jane Frankland

JANUARY 19, 2025

While this might protect our mental bandwidth, and in some cases help us avoid hacking attempts via exhaustion tactics, it also has unintended consequenceswhen it comes to cybersecurity. While skepticism is healthy, excessive distrust can lead to the dismissal of genuine outreach or important instructionsundermining cybersecurity efforts.

Cybersecurity

Cybersecurity Technology Scams Risk

Why is.US Being Used to Phish So Many of Us?

Krebs on Security

SEPTEMBER 1, 2023

Domain names ending in “ US ” — the top-level domain for the United States — are among the most prevalent in phishing scams, new research shows. government, which is frequently the target of phishing domains ending in.US. US phishing domains.US This is noteworthy because.US is overseen by the U.S.

Phishing

Phishing Telecommunications Government DNS

How AI was used in an advanced phishing campaign targeting Gmail users

Malwarebytes

FEBRUARY 13, 2025

Phishers are using AI-based phishing attacks which have proven to raise the effectiveness of phishing campaigns. How to avoid AI Gmail phishing Never click on links or download files from unexpected emails or messages. The FBI has also warned users to be cautious when receiving unsolicited emails or text messages.

Phishing

Phishing Artificial Intelligence Identity Theft Accountability

Grandoreiro Trojan Resurges in Phishing Attacks

Penetration Testing

APRIL 8, 2025

Cybercriminals are actively distributing the Grandoreiro banking trojan through large-scale phishing campaigns, primarily targeting banking users in Latin America and Europe. According to a report by Forcepoint X-Labs, this resurgence involves the use of advanced techniques to evade detection and maximize impact.

Phishing

Phishing Banking Cybersecurity Malware

Cybersecurity Resolutions for 2025

IT Security Guru

JANUARY 9, 2025

Resolution #1: Adopt a Proactive Approach to Cybersecurity to Combat AI-Driven Attacks Adopt a proactive approach to cybersecurity that integrates advanced defence mechanisms with fundamental best practices to mitigate and combat AI-driven attacks. This will require expertise in cryptography, IT infrastructure and cybersecurity.

Cybersecurity

Cybersecurity Cyber threats Architecture Digital transformation

Phishing Campaign Impersonates Booking.com, Plants Malware

eSecurity Planet

MARCH 14, 2025

A recent phishing campaign has raised alarms among cybersecurity professionals after it impersonated Booking.com to deliver a suite of credential-stealing malware. The phishing messages include links or attachments that direct users to fake Booking.com pages.

Phishing

Phishing Malware Social Engineering Authentication

Mishing Is the New Phishing — And It’s More Dangerous

eSecurity Planet

FEBRUARY 26, 2025

Cybercriminals are shifting their focus from emails to text messages, using mishing a more deceptive form of phishing to target mobile users and infiltrate corporate networks, according to new security research by Zimperium. Vishing: Also known as voice phishing. What is mishing? and 9%in Brazil.

Phishing

Phishing Mobile Social Engineering Data breaches

Microsoft Warns: Midnight Blizzard’s Ongoing Spear-Phishing Campaign with RDP Files

Heimadal Security

NOVEMBER 1, 2024

An ongoing spear-phishing campaign is affecting a variety of companies, including governmental agencies. According to Microsoft, the Russian APT group Midnight Blizzard (also known as APT29, UNC2452, and Cozy Bear) is behind the attacks.

Phishing

Phishing Cybersecurity

Cybercriminals Exploit Valentine’s Day with Romance Scams, Phishing Attacks

Security Boulevard

FEBRUARY 12, 2025

As Valentines Day approaches, cybercriminals are ramping up their efforts to exploit consumers through romance scams, phishing campaigns and fraudulent e-commerce offers. The post Cybercriminals Exploit Valentines Day with Romance Scams, Phishing Attacks appeared first on Security Boulevard.

Scams

Scams Phishing Security Awareness Cybercrime

Google's AI Trends Report: Key Insights and Cybersecurity Implications

SecureWorld News

FEBRUARY 25, 2025

Artificial intelligence (AI) is transforming industries at an unprecedented pace, and its impact on cybersecurity is no exception. From automating cybersecurity defenses to combatting adversarial AI threats, the report underscores both the power and pitfalls of AI-driven security.

Cybersecurity

Cybersecurity Social Engineering Artificial Intelligence Cyber threats

California Wildfires Spark Phishing Scams Exploiting Chaos

Security Boulevard

JANUARY 17, 2025

The post California Wildfires Spark Phishing Scams Exploiting Chaos appeared first on Security Boulevard. As Southern California continues to battle devastating wildfires, cybercriminals have seized the opportunity to exploit the chaos, targeting vulnerable individuals and organizations.

Scams

Scams Phishing Security Awareness Cybersecurity

Warning: LastPass Alerts Users to Phishing Scam Using Fake Support Reviews on Chrome Web Store

Penetration Testing

NOVEMBER 5, 2024

LastPass, a leading password management platform, has issued a critical warning to users about a social engineering campaign targeting its customer base through deceptive reviews on its Chrome Web Store... The post Warning: LastPass Alerts Users to Phishing Scam Using Fake Support Reviews on Chrome Web Store appeared first on Cybersecurity (..)

Scams

Scams Phishing Social Engineering Password Management

Researcher Uncovers New Phishing Campaign Deploying Remcos RAT with Advanced Evasion Techniques

Penetration Testing

NOVEMBER 10, 2024

Fortinet’s FortiGuard Labs has identified a sophisticated phishing campaign leveraging a new variant of Remcos RAT (Remote Administration Tool).

Phishing

Phishing Cybersecurity Malware

Using the NIST Phish Scale Framework to Detect and Fight Phishing Attacks

Security Boulevard

FEBRUARY 3, 2025

The NIST Phish Scale framework offers a structured and effective approach to improving phishing awareness training in organizations. The post Using the NIST Phish Scale Framework to Detect and Fight Phishing Attacks appeared first on Security Boulevard.

Phishing

Phishing Security Awareness Cybersecurity

See No Risk, Hear No Warning, Speak No Breach: The Cybersecurity Trap for Small Businesses

Jane Frankland

APRIL 10, 2025

Just like the three wise monkeys , some small business owners are unintentionally following a philosophy of see no risk, hear no warning, speak no threat when it comes to cybersecurity. In the context of cybersecurity, its a silent enabler for hackers who thrive on unguarded systems and untrained staff.

Small Business

Small Business Risk Cybersecurity Cyber Risk

The Biggest Cybersecurity Risk We're Ignoring—And No, It's Not AI

SecureWorld News

FEBRUARY 28, 2025

But amidst all these flashy, futuristic threats, the biggest cybersecurity risk remains the same as it's always beenhumans. Cybersecurity Through Human Behaviour just confirmed what most of us in the field already know: Cybersecurity isn't just a tech problemit's a behavior problem. And humbly, we're getting it very wrong.

Cybersecurity

Cybersecurity Risk Social Engineering Phishing

Vulnerability Recap 10/28/24 – Phishing, DoS, RCE & a Zero-Day

eSecurity Planet

OCTOBER 28, 2024

A July Microsoft SharePoint issue has been added to the Cybersecurity Infrastructure and Security Agency’s catalog of known exploitable vulnerabilities. We’ll also look at increased phishing attacks, a couple of different Cisco flaws, and a Fortinet vulnerability that took some time to get its own CVE.

Phishing

Phishing Authentication Software VPN

Q&A: Cybersecurity in ‘The Intelligent Era’

IT Security Guru

MARCH 26, 2025

This transformation comes with immense responsibility from our business, IT and especially cybersecurity professionals to keep data safe and their colleagues, friends and family members protected from fraud and intrusion of privacy. With AI evolving rapidly, what new cybersecurity challenges will IT professionals need to tackle?

Cybersecurity

Cybersecurity Encryption Threat Detection Authentication

Scammers Steal Over $25 Million By Using AI Deepfake Video Call To Convince Suspicious Employee That A Phishing Email Is Legitimate

Joseph Steinberg

FEBRUARY 4, 2024

The worker however, was aware of phishing scams, and was suspicious that the request from the firm’s CFO to issue the $25 Million payment was fraudulent. Million USD at the time of the theft and at present). For those who still do not believe that they can be tricked by deepfakes – the time to wakeup is now.

Artificial Intelligence

Artificial Intelligence Phishing Scams Accountability

A Day in the Life of a Prolific Voice Phishing Crew

China-based SMS Phishing Triad Pivots to Banks

Trending Sources

Phishing Threats, GenAI Among Top Cybersecurity Risks in 2025

News alert: Arsen’s rolls out AI-powered phishing tests to improve social engineering resilience

5 Key Findings From the 2023 FBI Internet Crime Report

AI-Powered Phishing: Defending Against New Browser-Based Attacks

AI Outsmarts 'Elite' Red Teams in New Era of Phishing, Cyber Defense

Operation Heart Blocker: International Police Disrupt Phishing Network

iMessage text gets recipient to disable phishing protection so they can be phished

Gmail Under Siege: FBI Warns of Unusual AI-Driven Phishing Attacks

Fortinet CISO Details ‘Phish-Free’ Phishing Scheme Using PayPal

Phishing evolves beyond email to become latest Android app threat

Crooks bank on Microsoft’s search engine to phish customers

U.S. Justice Department Cracks Down on Scattered Spider Phishing Ring

“Urgent reminder” tax scam wants to phish your Microsoft credentials

Misconfigured AWS Accounts Are Fueling Phishing Campaigns

WhatsApp spear phishing campaign uses QR codes to add device

Troy Hunt Gets Phished

Hackers Use Malicious PDFs, pose as USPS in Mobile Phishing Scam

GUEST ESSAY: The promise and pitfalls of using augmented reality– ‘AR’ — in cybersecurity

American Water Shuts Down Services After Cybersecurity Breach

2025 SecureWorld Theme: Once Upon a Time in Cybersecurity

Identity Phishing: Using Legitimate Cloud Services to Steal User Access

LW ROUNDTABLE — How 2024’s cyber threats will transform the security landscape in 2025

WordPress Plugin Exploited to Turn Legitimate Sites Into Phishing Traps

From Notifications to Deepfakes: How Human Behaviour Is Shifting and What It Means for Cybersecurity

Why is.US Being Used to Phish So Many of Us?

How AI was used in an advanced phishing campaign targeting Gmail users

Grandoreiro Trojan Resurges in Phishing Attacks

Cybersecurity Resolutions for 2025

Phishing Campaign Impersonates Booking.com, Plants Malware

Mishing Is the New Phishing — And It’s More Dangerous

Microsoft Warns: Midnight Blizzard’s Ongoing Spear-Phishing Campaign with RDP Files

Cybercriminals Exploit Valentine’s Day with Romance Scams, Phishing Attacks

Google's AI Trends Report: Key Insights and Cybersecurity Implications

California Wildfires Spark Phishing Scams Exploiting Chaos

Warning: LastPass Alerts Users to Phishing Scam Using Fake Support Reviews on Chrome Web Store

Researcher Uncovers New Phishing Campaign Deploying Remcos RAT with Advanced Evasion Techniques

Using the NIST Phish Scale Framework to Detect and Fight Phishing Attacks

See No Risk, Hear No Warning, Speak No Breach: The Cybersecurity Trap for Small Businesses

The Biggest Cybersecurity Risk We're Ignoring—And No, It's Not AI

Vulnerability Recap 10/28/24 – Phishing, DoS, RCE & a Zero-Day

Q&A: Cybersecurity in ‘The Intelligent Era’

Scammers Steal Over $25 Million By Using AI Deepfake Video Call To Convince Suspicious Employee That A Phishing Email Is Legitimate

Stay Connected