Adam Shostack

APRIL 5, 2025

Troy Hunt has a good post about being phished. Troy honorably admits that he overrode 1Password and filled out the phishing site. If the message is anywhere else, its not sent to the address I gave mailchimp, and its a phish or a spam. Attackers are sneaky. I tell mailchimp my email is mailchimp827@threatsbook.com.

Phishing 130

Phishing Banking Internet Internet 130

SecureWorld News

JANUARY 22, 2025

The cybersecurity landscape has witnessed a dramatic shift with the rise of AI-powered phishing attacks. The evolution of AI-enhanced phishing Today's phishing attempts are far more sophisticated than ever before. AI-powered phishing campaigns can now adapt in real-time, learning from user interactions to refine their approach.

Phishing 114

Phishing Threat Detection Social Engineering DNS 114

Krebs on Security

NOVEMBER 1, 2024

This story examines a recent spear-phishing campaign that ensued when a California hotel had its booking.com credentials stolen. According to the market share website statista.com , booking.com is by far the Internet’s busiest travel service, with nearly 550 million visits in September. million phishing attempts in 2023.”

Phishing 259

Phishing Accountability Artificial Intelligence Cybercrime 259

Krebs on Security

JULY 23, 2024

The Chinese company in charge of handing out domain names ending in “ top ” has been given until mid-August 2024 to show that it has put in place systems for managing phishing reports and suspending abusive domains, or else forfeit its license to sell domains. ” Image: Shutterstock. Interisle said.top has roughly 2.76

Phishing 317

Phishing DNS Scams Technology 317

Malwarebytes

MARCH 26, 2025

Internet security expert and educator Troy Hunt disclosed this week that he had been hit by one of the oldestand most provenscams in the online world: A phishing attack. As such, readers should be the lookout for any scams or phishing attempts in the coming weeks. But Hunts immediate disclosure of the attack should be commended.

Phishing 117

Phishing Data breaches Password Management Scams 117

Malwarebytes

NOVEMBER 4, 2024

We identified a new wave of phishing for banking credentials that targets consumers via Microsoft’s search engine. One particularly interesting detail is how a phishing website created barely two weeks ago is already indexed and displayed before the official one. We have reported the fraudulent sites to Microsoft already.

Engineering 124

Engineering Phishing Banking Authentication 124

Krebs on Security

NOVEMBER 21, 2024

A visual depiction of the attacks by the SMS phishing group known as Scattered Spider, and Oktapus. Some SMS phishing messages told employees their VPN credentials were expiring and needed to be changed; other phishing messages advised employees about changes to their upcoming work schedule. com and ouryahoo-okta[.]com.

Identity Theft 250

Identity Theft Phishing Cryptocurrency Accountability 250

Schneier on Security

APRIL 10, 2023

Here’s an experiment being run by undergraduate computer science students everywhere: Ask ChatGPT to generate phishing emails, and test whether these are better at persuading victims to respond or click on the link than the usual spam. The impersonations in such scams are no longer just princes offering their country’s riches.

Phishing 343

Phishing Scams Internet Internet 343

Security Affairs

MARCH 31, 2025

Morphing Meerkat phishing kits exploit DNS MX records to deliver spoofed login pages, targeting over 100 brands. Threat actors are exploiting DNS techniques to enhance phishing attacks, using MX records to dynamically serve spoofed login pages. “We discovered cyber campaigns that used the phishing kits as early as January 2020.

DNS 85

DNS Phishing Banking Passwords 85

Krebs on Security

NOVEMBER 4, 2021

Here’s a look at a fairly elaborate SMS-based phishing scam that spoofs FedEx in a bid to extract personal and financial information from unwary recipients. One of dozens of FedEx-themed phishing sites currently being advertised via SMS spam. ” Attempting to visit the domain in the phishing link — o001cfedeex[.]com

Phishing 334

Phishing Scams Mobile DNS 334

Krebs on Security

FEBRUARY 8, 2021

Cyber cops in Ukraine carried out an arrest and several raids last week in connection with the author of a U-Admin , a software package used to administer what’s being called “one of the world’s largest phishing services.” The U-Admin phishing panel interface. Image: fr3d.hk/blog. ” U-Admin, a.k.a.

Phishing 327

Phishing Scams Banking Mobile 327

Krebs on Security

AUGUST 18, 2022

” A copy of the phishing message included in the PayPal.com invoice. While the phishing message attached to the invoice is somewhat awkwardly worded, there are many convincing aspects of this hybrid scam. Details of this scam were shared Wednesday with PayPal’s anti-abuse (phish@paypal.com) and media relations teams.

Scams 339

Scams Phishing Accountability Software 339

Krebs on Security

MARCH 31, 2020

A spear-phishing attack this week hooked a customer service employee at GoDaddy.com , the world’s largest domain name registrar, KrebsOnSecurity has learned. 49 (that domain is hobbled here because it is currently flagged as hosting a phishing site). It was starting to look like someone had gotten phished.

Phishing 327

Phishing DNS Social Engineering Accountability 327

Krebs on Security

FEBRUARY 28, 2025

Security experts say the Russia-based service provider Prospero OOO (the triple O is the Russian version of “LLC”) has long been a persistent source of malicious software, botnet controllers, and a torrent of phishing websites. And BEARHOST has been cultivating its reputation since at least 2019. Image: cidr-report.org.

Malware 238

Malware Antivirus Software DDOS 238

Krebs on Security

MARCH 28, 2024

Here’s the story of a recent thread hijacking attack in which a journalist was copied on a phishing email from the unwilling subject of a recent scoop. Instead, he forwarded the messages to LancasterOneline’s IT team, which quickly flagged them as phishing attempts. “We were just perplexed,” Murse said.

Phishing 305

Phishing Scams Accountability Passwords 305

Krebs on Security

APRIL 4, 2024

The disclosure revealed a profitable network of phishing sites that behave and look like the real Privnote, except that any messages containing cryptocurrency addresses will be automatically altered to include a different payment address controlled by the scammers. A screenshot of the phishing domain privatemessage dot net.

Phishing 269

Phishing Cryptocurrency DDOS Internet 269

The Last Watchdog

AUGUST 21, 2024

I recently learned all about the state-of-the art of phishing attacks – the hard way. We discussed just how targeted and contextualized advanced phishing attacks, like the one I experienced, can be. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be. (LW

Phishing 289

Phishing Internet Internet 289

Krebs on Security

JANUARY 7, 2020

Late last year saw the re-emergence of a nasty phishing tactic that allows the attacker to gain full access to a user’s data stored in the cloud without actually stealing the account password. The phishing lure starts with a link that leads to the real login page for a cloud email and/or file storage service.

Phishing 286

Phishing Passwords Accountability Authentication 286

Krebs on Security

APRIL 3, 2024

Roughly nine years ago, KrebsOnSecurity profiled a Pakistan-based cybercrime group called “ The Manipulaters ,” a sprawling web hosting network of phishing and spam delivery platforms. Manipulaters advertisement for “Office 365 Private Page with Antibot” phishing kit sold on the domain heartsender,com.

Phishing 276

Phishing Cybercrime Malware Advertising 276

The Last Watchdog

JULY 14, 2022

Phishing itself is not a new or a particularly complicated threat. But the emergence of advanced phishing techniques – “DeepSea Phishing” – poses an entirely new challenge for enterprises. The financial impact of phishing attacks quadrupled over the past six years, with the average cost for U.S. companies rising to $14.8

Phishing 277

Phishing Education Cybersecurity Threat Detection 277

Krebs on Security

JUNE 13, 2020

Until recently, I couldn’t quite work out what Privnotes was up to, but today it became crystal clear: Any messages containing bitcoin addresses will be automatically altered to include a different bitcoin address, as long as the Internet addresses of the sender and receiver of the message are not the same. The altered message.

Phishing 254

Phishing Encryption Internet Internet 254

Krebs on Security

AUGUST 17, 2023

You’ve probably never heard of “ 16Shop ,” but there’s a good chance someone using it has tried to phish you. A 16Shop phishing page spoofing Apple and targeting Japanese users. Image: Akamai.com. The INTERPOL statement says the platform sold hacking tools to compromise more than 70,000 users in 43 countries.

Phishing 230

Phishing Passwords Hacking Internet 230

The Last Watchdog

OCTOBER 25, 2022

And this is the fundamental reason phishing persists as a predominant cybercriminal activity. The poll found that security teams are spending one-third of their time handling phishing threats every week. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be. (LW

Phishing 234

Phishing Cloud Migration Small Business Marketing 234

Security Affairs

APRIL 22, 2025

Japan s Financial Services Agency (FSA) reported that the damage caused by unauthorized access to and transactions on internet trading services is increasing. from fake websites (phishing sites) disguised as websites of real securities companies.” ” reads the FSA’s alert. . ” reads the FSA’s alert.

Financial Services 120

Financial Services Passwords Accountability Antivirus 120

The Last Watchdog

DECEMBER 16, 2024

Part two of a four-part series The explosion of AI-driven phishing, insider threats, and business logic abuse has forced a shift toward more proactive, AI-enhanced defenses. Legacy IAM systems cant keep up as AI-powered phishing and deepfakes grow more sophisticated. The drivers are intensifying.

Cyber threats 264

Cyber threats CISO IoT Phishing 264

Thales Cloud Protection & Licensing

FEBRUARY 11, 2025

Together for a Better Internet: Celebrating Safer Internet Day 2025 andrew.gertz@t Tue, 02/11/2025 - 14:57 At a time when technology is integral to our lives, Safer Internet Day (SID) has never been more relevant. These measures align perfectly with the spirit of Safer Internet Day. With an estimated 5.8

Internet 62

Internet Internet Education Technology 62

Krebs on Security

MARCH 11, 2022

As their cities suffered more intense bombardment by Russian military forces this week, Ukrainian Internet users came under renewed cyberattacks, with one Internet company providing service there saying they blocked ten times the normal number of phishing and malware attacks targeting Ukrainians.

DNS 326

DNS Internet Internet Phishing 326

eSecurity Planet

MARCH 28, 2025

A sophisticated cybercrime service known as “Lucid” is exploiting vulnerabilities in Apples iMessage and Androids Rich Communication Services (RCS), allowing cyberthieves to conduct large-scale phishing attacks with alarming success. Automated mobile farms that deploy phishing messages at scale.

Phishing 58

Phishing Scams Cybercrime Retail 58

Tech Republic Security

APRIL 7, 2023

These phishing campaigns are exploiting a Zimbra vulnerability and affecting internet-facing webmail services. The post Phishing from threat actor TA473 targets US and NATO officials appeared first on TechRepublic. Learn how to protect your organization from this security threat.

Phishing 162

Phishing Internet Internet Government 162

Krebs on Security

NOVEMBER 9, 2024

In the United States, when federal, state or local law enforcement agencies wish to obtain information about an account at a technology provider — such as the account’s email address, or what Internet addresses a specific cell phone account has used in the past — they must submit an official court-ordered warrant or subpoena.

Hacking 276

Hacking Accountability Government Social Engineering 276

Krebs on Security

FEBRUARY 3, 2022

This search via Urlscan reveals dozens of recent phishing attacks that have leveraged the Slinks feature. A recent phishing site that abused LinkedIn’s marketing redirect. A recent phishing site that abused LinkedIn’s marketing redirect. Urlscan also found this phishing scam from Jan. Image: Urlscan.io.

Phishing 357

Phishing Marketing Scams Accountability 357

Krebs on Security

SEPTEMBER 27, 2023

The victim shaming site operated by the Snatch ransomware group is leaking data about its true online location and internal operations, as well as the Internet addresses of its visitors, KrebsOnSecurity has found. Probably the most active Internet address accessing Snatch’s darknet site is 193.108.114[.]41 top , sntech2ch[.]top

Ransomware 310

Ransomware Internet Internet Phishing 310

The Last Watchdog

MAY 21, 2024

I had the chance to sit down with Eyal Benishti , IRONSCALES founder and CEO, to get a breakdown of how their new Generative Adversarial Network (GAN) technology utilizes a specialized LLM to reinforce anti-phishing mitigation services. For a full drill down, please give the accompanying podcast a listen.

Phishing 303

Phishing Banking Technology Internet 303

Malwarebytes

JANUARY 15, 2025

Table of contents Overview Criminals impersonate Google Ads Lures hosted on Google Sites Phishing for Google account credentials Victimology Who is behind these campaigns? Figure 12: The actual phishing page that follows Finally, all the data is combined with the username and password and sent to the remote server via a POST request.

Advertising 132

Advertising Accountability Phishing Scams 132

Webroot

MAY 31, 2024

What is Internet Safety Month? Each June, the online safety community observes Internet Safety Month as a time to reflect on our digital habits and ensure we’re taking the best precautions to stay safe online. 4 30% of phishing emails are opened by targeted users. 4 30% of phishing emails are opened by targeted users.

Internet 124

Internet Internet Identity Theft Passwords 124

Krebs on Security

AUGUST 19, 2020

The COVID-19 epidemic has brought a wave of email phishing attacks that try to trick work-at-home employees into giving away credentials needed to remotely access their employers’ networks. The employee phishing page bofaticket[.]com. Image: urlscan.io.

Phishing 363

Phishing VPN Social Engineering Media 363

Security Boulevard

JULY 17, 2024

The APT group Void Banshee exploited a now-patched Windows security flaw and the retired Internet Explorer browser to distributed the Atlantida malware to steal system information and sensitive data from victims. The post Void Banshee Group Used ‘Windows Relic’ IE in Phishing Campaign appeared first on Security Boulevard.

Phishing 126

Phishing Internet Internet Malware 126