Password Management and Phishing - Cyber Security Informer

Security expert Troy Hunt hit by phishing attack

Malwarebytes

MARCH 26, 2025

Internet security expert and educator Troy Hunt disclosed this week that he had been hit by one of the oldestand most provenscams in the online world: A phishing attack. As such, readers should be the lookout for any scams or phishing attempts in the coming weeks. But Hunts immediate disclosure of the attack should be commended.

Phishing

Phishing Data breaches Password Management Scams

Phishing evolves beyond email to become latest Android app threat

Malwarebytes

FEBRUARY 11, 2025

There are plenty of phish in the sea, and the latest ones have little interest in your email inbox. In 2024, Malwarebytes detected more than 22,800 phishing apps on Android, according to the recent 2025 State of Malware report. These Android phishing apps may sound high-tech, but they are not.

Phishing

Phishing Passwords Mobile Authentication

68k Phishing Victims are Now Searchable in Have I Been Pwned, Courtesy of CERT Poland

Troy Hunt

AUGUST 30, 2023

They'd observed a phishing campaign that had collected 68k credentials from unsuspecting victims and asked if HIBP may be used to help alert these individuals to their exposure. Last week I was contacted by CERT Poland. Data accumulated by the malicious activity spanned from October 2022 until just last week.

Phishing

Phishing Password Management Passwords Banking

Gmail Under Siege: FBI Warns of Unusual AI-Driven Phishing Attacks

eSecurity Planet

FEBRUARY 10, 2025

In a stark warning to organizations and everyday users alike, cybersecurity experts and government agencies have sounded the alarm over a new breed of Gmail-targeted phishing attacks. AI-Enhanced Cyberthreats Recent intelligence indicates that the sophistication of Gmail phishing campaigns has reached new heights.

Phishing

Phishing Artificial Intelligence Password Management Accountability

Warning: LastPass Alerts Users to Phishing Scam Using Fake Support Reviews on Chrome Web Store

Penetration Testing

NOVEMBER 5, 2024

LastPass, a leading password management platform, has issued a critical warning to users about a social engineering campaign targeting its customer base through deceptive reviews on its Chrome Web Store... The post Warning: LastPass Alerts Users to Phishing Scam Using Fake Support Reviews on Chrome Web Store appeared first on Cybersecurity (..)

Scams

Scams Phishing Social Engineering Password Management

Fake Booking.com phish uses fake CAPTCHAs to trick hotel staff into downloading malware

Malwarebytes

MARCH 26, 2025

A new phishing campaign that uses the fake CAPTCHA websites we reported about recently is targeting hotel staff in a likely attempt to access customer data, according to research from ThreatDown. Choose a strong password that you dont use for anything else. Better yet, let a password manager choose one for you.

Phishing

Phishing Malware Passwords Password Management

How AI was used in an advanced phishing campaign targeting Gmail users

Malwarebytes

FEBRUARY 13, 2025

Phishers are using AI-based phishing attacks which have proven to raise the effectiveness of phishing campaigns. And if cybercriminals manage to steal the session cookie, they can log in as you, change the password and grab control of your account. Use a password manager to autofill credentials only on trusted sites.

Phishing

Phishing Artificial Intelligence Identity Theft Accountability

Phish of GoDaddy Employee Jeopardized Escrow.com, Among Others

Krebs on Security

MARCH 31, 2020

A spear-phishing attack this week hooked a customer service employee at GoDaddy.com , the world’s largest domain name registrar, KrebsOnSecurity has learned. 49 (that domain is hobbled here because it is currently flagged as hosting a phishing site). It was starting to look like someone had gotten phished.

Phishing

Phishing DNS Social Engineering Accountability

Bitwarden vs 1Password: Compare Top Password Managers

eSecurity Planet

MARCH 8, 2022

Users looking to increase their security without the burden of remembering all those passwords typically turn to password managers to keep their accounts secure. Vault health reports Directory sync Secure password sharing. 1Password is a popular business password manager that encrypts data both at rest and in transit.

Password Management

Password Management Passwords Encryption Accountability

Level Up Your Security: Embrace Passkeys and Phishing-Resistant 2FA

Thales Cloud Protection & Licensing

JANUARY 31, 2025

Level Up Your Security: Embrace Passkeys and Phishing-Resistant 2FA andrew.gertz@t Fri, 01/31/2025 - 15:17 Celebrate Change Your Password Day and 2FA Day by embracing passkeys and phishing-resistant 2FA. Redefining Change Your Password Day Well start with Change Your Password Day because, frankly, its a little complicated.

Phishing

Phishing Passwords Password Management Authentication

New phishing campaign impersonates LogMeIn to steal user credentials

Tech Republic Security

MAY 20, 2020

LogMeIn is the parent company of LastPass, so attackers may also be attempting to access the password managers of compromised users, says Abnormal Security.

Password Management

Password Management Phishing Passwords

Google: Security Keys Neutralized Employee Phishing

Krebs on Security

JULY 23, 2018

Google has not had any of its 85,000+ employees successfully phished on their work-related accounts since early 2017, when it began requiring all employees to use physical Security Keys in place of passwords and one-time codes, the company told KrebsOnSecurity. A YubiKey Security Key made by Yubico. a mobile device).

Phishing

Phishing Authentication Mobile Passwords

The Life Cycle of a Breached Database

Krebs on Security

JULY 29, 2021

Much like WeLeakInfo and others operated before being shut down by law enforcement agencies, these services sell access to anyone who wants to search through billions of stolen credentials by email address, username, password, Internet address, and a variety of other typical database fields. TARGETED PHISHING. Don’t re-use passwords.

Passwords

Passwords Password Management Phishing Scams

Glove Stealer bypasses Chrome’s App-Bound Encryption to steal cookies

Security Affairs

NOVEMBER 15, 2024

The malware could harvest a huge trove of data from infected systems, including cookies, autofill, cryptocurrency wallets, 2FA authenticators, password managers, and email client information. Gen Digital observed phishing campaigns distributing the Glove Stealer.

Encryption

Encryption Password Management Cryptocurrency Social Engineering

Bitwarden password vaults targeted in Google ads phishing attack

Bleeping Computer

JANUARY 26, 2023

Bitwarden and other password managers are being targeted in Google ads phishing campaigns to steal users' password vault credentials. [.]

Passwords

Passwords Phishing Password Management

Effortlessly upgrade to Passkeys on Pixel phones with Google Password Manager

Google Security

JANUARY 30, 2024

This is why the Pixel team has been especially excited about passkeys —the easier, safer alternative to passwords. Passkeys are safer because they’re unique to each account, and are more resistant against online attacks such as phishing. Google Password manager will incorporate these updates for other platforms in the future.

Password Management

Password Management Passwords Accountability Phishing

Weekly Update 228

Troy Hunt

JANUARY 28, 2021

Ok, that's a bit wordy but the Exodus thing earlier today was frustrating, not because a screen cap of an alleged breach notice was indistinguishable from a phish, but because of the way some people chose to react when I shared the notice. Watch today's vid for an explanation on that one, there's that and a bunch more this week.

Password Management

Password Management Phishing IoT Data breaches

Predatory app downloaded 100,000 times from Google Play Store steals data, uses it for blackmail

Malwarebytes

FEBRUARY 25, 2025

Choose a strong password that you dont use for anything else. Better yet, let a password manager choose one for you. Some forms of two-factor authentication (2FA) can be phished just as easily as a password. 2FA that relies on a FIDO2 device cant be phished. Enable two-factor authentication (2FA).

Passwords

Passwords Password Management Phishing Authentication

Scammers can easily phish your multi-factor authentication codes. Here’s how to avoid it

Malwarebytes

MAY 16, 2024

A type of phishing we’re calling authentication-in-the-middle is showing up in online media. It works like this: A user gets lured to a phishing site masquerading as a site they normally use, such as a bank, email or social media account. Use a password manager. Use security software. Consider passkeys.

Authentication

Authentication Phishing Password Management Scams

Fake LastPass password manager spotted on Apple’s App Store

Bleeping Computer

FEBRUARY 8, 2024

LastPass is warning that a fake copy of its app is being distributed on the Apple App Store, likely used as a phishing app to steal users' credentials. [.]

Password Management

Password Management Passwords Phishing

UnitedHealth almost doubles victim numbers from massive Change Healthcare data breach

Malwarebytes

JANUARY 27, 2025

Choose a strong password that you dont use for anything else. Better yet, let a password manager choose one for you. Some forms of two-factor authentication (2FA) can be phished just as easily as a password. 2FA that relies on a FIDO2 device cant be phished. Enable two-factor authentication (2FA).

Data breaches

Data breaches Healthcare Passwords Insurance

How to spot a DocuSign phish and what to do about it

Malwarebytes

AUGUST 18, 2021

Phishing scammers love well known brand names, because people trust them, and their email designs are easy to rip off. Earlier this year, DocuSign specifically warned about phishing campaigns using its brand. We’ve included some examples of DocuSign phishing campaigns below. Real DocuSign emails used for phishing.

Phishing

Phishing Password Management Passwords Accountability

Alleged Boss of ‘Scattered Spider’ Hacking Group Arrested

Krebs on Security

JUNE 15, 2024

0KTAPUS In August 2022, KrebsOnSecurity wrote about peering inside the data harvested in a months-long cybercrime campaign by Scattered Spider involving countless SMS-based phishing attacks against employees at major corporations. A Scattered Spider phishing lure sent to Twilio employees.

Hacking

Hacking Cybercrime Phishing Passwords

Humans are Bad at URLs and Fonts Don’t Matter

Troy Hunt

OCTOBER 28, 2020

But let's also keep some perspective here; look at how many pixels are different between an "i" and an "l": Are we really saying we're going to combat phishing by relying on untrained eyes to spot 6 pixels being off in a screen of more than 2 million of them?! That's a very different kettle of phish (sorry, couldn't help myself!)

Phishing

Phishing Password Management Passwords Internet

100 million US citizens officially impacted by Change Healthcare data breach

Malwarebytes

OCTOBER 25, 2024

Choose a strong password that you don’t use for anything else. Better yet, let a password manager choose one for you. Some forms of two-factor authentication (2FA) can be phished just as easily as a password. 2FA that relies on a FIDO2 device can’t be phished. Enable two-factor authentication (2FA).

Healthcare

Healthcare Data breaches Passwords Identity Theft

Watch out, this LastPass email with "Important information about your account" is a phish

Malwarebytes

SEPTEMBER 13, 2023

The consequences of last year's LastPass breach continue to be felt, with the latest insult to users coming in the form of a highly convincing phishing email. Although the " unauthorized party" that compromised LastPass users' data was able to steal password vaults, it's likely that they are having a hard time cracking them open.

Phishing

Phishing Accountability Passwords Password Management

Phorpiex botnet sent millions of phishing emails to deliver LockBit Black ransomware

Security Affairs

MAY 13, 2024

Experts reported that since April, the Phorpiex botnet sent millions of phishing emails to spread LockBit Black ransomware. Password Management : Use strong, unique passwords and implement multi-factor authentication (MFA) whenever possible, prioritizing authentication apps or hardware tokens over SMS text-based codes.

Phishing

Phishing Ransomware Security Awareness Authentication

City of Columbus breach affects around half a million citizens

Malwarebytes

NOVEMBER 4, 2024

Choose a strong password that you don’t use for anything else. Better yet, let a password manager choose one for you. Some forms of two-factor authentication (2FA) can be phished just as easily as a password. 2FA that relies on a FIDO2 device can’t be phished. Enable two-factor authentication (2FA).

Data breaches

Data breaches Passwords Ransomware Phishing

23andMe bankruptcy: How to delete your data and stay safe from the 2023 breach

Malwarebytes

MARCH 25, 2025

Choose a strong password that you dont use for anything else. Better yet, let a password manager choose one for you. Some forms of two-factor authentication (2FA) can be phished just as easily as a password. 2FA that relies on a FIDO2 device cant be phished. Enable two-factor authentication (2FA).

Passwords

Passwords Accountability Data breaches Phishing

Background check provider data breach affects 3 million people who may not have heard of the company

Malwarebytes

FEBRUARY 25, 2025

Given the field that DISA is active in, that information could interest cybercriminals for use as background information for targeted phishing attempts or extortion. Choose a strong password that you dont use for anything else. Better yet, let a password manager choose one for you. Enable two-factor authentication (2FA).

Data breaches

Data breaches Passwords Phishing Password Management

Still Using Passwords? Get Started with Phishing-Resistant, Passwordless Authentication Now!

Cisco Security

NOVEMBER 2, 2022

“ Cisco Duo simplifies the passwordless journey for organizations that want to implement phishing-resistant authentication and adopt a zero trust security strategy. “Over the last few years, we have increased our password complexities and required 2FA wherever possible. This prevents login to fake or phishing websites.

Authentication

Authentication Passwords Phishing Mobile

BayMark Health Services sends breach notifications after ransomware attack

Malwarebytes

JANUARY 10, 2025

Choose a strong password that you dont use for anything else. Better yet, let a password manager choose one for you. Some forms of two-factor authentication (2FA) can be phished just as easily as a password. 2FA that relies on a FIDO2 device cant be phished. Enable two-factor authentication (2FA).

Ransomware

Ransomware Data breaches Passwords Phishing

ConnectWise Quietly Patches Flaw That Helps Phishers

Krebs on Security

DECEMBER 1, 2022

ConnectWise , which offers a self-hosted, remote desktop software application that is widely used by Managed Service Providers (MSPs), is warning about an unusually sophisticated phishing attack that can let attackers take remote control over user systems when recipients click the included link.

Phishing

Phishing Architecture Passwords Accountability

Research on iOS apps shows widespread exposure of secrets

Malwarebytes

MARCH 14, 2025

Choose a strong password that you dont use for anything else. Better yet, let a password manager choose one for you. Some forms of two-factor authentication (2FA) can be phished just as easily as a password. 2FA that relies on a FIDO2 device cant be phished. Enable two-factor authentication (2FA).

Passwords

Passwords Data breaches Phishing Password Management

Hertz data breach caused by CL0P ransomware attack on vendor

Malwarebytes

APRIL 15, 2025

Choose a strong password that you dont use for anything else. Better yet, let a password manager choose one for you. Some forms of two-factor authentication (2FA) can be phished just as easily as a password. 2FA that relies on a FIDO2 device cant be phished. Enable two-factor authentication (2FA).

Data breaches

Data breaches Ransomware Passwords B2B

10 Behaviors That Will Reduce Your Risk Online

Daniel Miessler

MAY 14, 2020

Use unique, strong passwords, and store them in a password manager. Many people get hacked from having guessable or previously compromised passwords. Good passwords are long, random, and unique to each account, which means it’s impossible for a human to manage them on their own.

Risk

Risk Passwords Password Management Accountability

The Risk of Weak Online Banking Passwords

Krebs on Security

AUGUST 5, 2019

The first involves spear phishing attacks to gain access to that second authentication factor, which can be made much more convincing once the attackers have access to specific details about the customer’s account — such as recent transactions or account numbers (even partial account numbers). .

Banking

Banking Passwords Risk Accountability

Ghost Ransomware a Persistent Global Threat to Critical Infrastructure

SecureWorld News

FEBRUARY 20, 2025

Strengthening identity security Enforce phishing-resistant MFA for all privileged accounts. Use Privileged Access Management (PAM) solutions. Require 16+ character unique passwords stored in an enterprise password manager. Regularly audit and remove unused credentials and accounts.

Ransomware

Ransomware IoT Encryption Social Engineering

The Role and Benefits of AI in Cybersecurity

SecureWorld News

APRIL 13, 2025

These platforms can automatically recognize and classify threatening behavior such as suspicious network activity, phishing attacks, and transmission of malware. Here's an example that shows how Google performs phishing detection. Variations in these behavioral patterns can be identified as possible dangers.

Cybersecurity

Cybersecurity Artificial Intelligence Threat Detection Cyber threats

Sperm bank breach deposits data into hands of cybercriminals

Malwarebytes

MARCH 19, 2025

Choose a strong password that you dont use for anything else. Better yet, let a password manager choose one for you. Some forms of two-factor authentication (2FA) can be phished just as easily as a password. 2FA that relies on a FIDO2 device cant be phished. Enable two-factor authentication (2FA).

Banking

Banking Data breaches Computers and Electronics Passwords

Bitwarden’s new auto-fill option adds phishing resistance

Bleeping Computer

FEBRUARY 22, 2024

The Bitwarden open-source password management service has introduced a new inline auto-fill menu that addresses the risk of user credentials being stolen through malicious form fields. [.]

Password Management

Password Management Phishing Passwords Risk

Phishing scam takes $950k from DoorDash drivers

Malwarebytes

JUNE 19, 2023

A particularly nasty slice of phishing, scamming, and social engineering is responsible for DoorDash drivers losing a group total of around $950k. How to avoid phishing Block known bad websites. Malwarebytes DNS filtering blocks malicious websites used for phishing attacks, as well as websites used to spread or control malware.

Scams

Scams Phishing Password Management Passwords

Should you allow your browser to remember your passwords?

Malwarebytes

NOVEMBER 2, 2023

At Malwarebytes we’ve been telling people for years not to reuse passwords, and that a password manager is a secure way of remembering all the passwords you need for your online accounts. But we also know that a password manager can be overwhelming, especially when you’re just getting started.

Passwords

Passwords Password Management Data breaches Authentication

Digital life protection: How Webroot keeps you safe in a constantly changing world

Webroot

FEBRUARY 21, 2025

Phishing scams, ransomware attacks, data breaches, and identity theft are part of a growing list of online dangers that are a daily reality. Password Manager Ensures your passwords are strong and secure, while also making them easy to access and manage. Anti-phishing protection Shields you from phishing attempts.

Antivirus

Antivirus Identity Theft Cyber threats Phishing

Security expert Troy Hunt hit by phishing attack

Phishing evolves beyond email to become latest Android app threat

Trending Sources

68k Phishing Victims are Now Searchable in Have I Been Pwned, Courtesy of CERT Poland

Gmail Under Siege: FBI Warns of Unusual AI-Driven Phishing Attacks

Warning: LastPass Alerts Users to Phishing Scam Using Fake Support Reviews on Chrome Web Store

Fake Booking.com phish uses fake CAPTCHAs to trick hotel staff into downloading malware

How AI was used in an advanced phishing campaign targeting Gmail users

Phish of GoDaddy Employee Jeopardized Escrow.com, Among Others

Bitwarden vs 1Password: Compare Top Password Managers

Level Up Your Security: Embrace Passkeys and Phishing-Resistant 2FA

New phishing campaign impersonates LogMeIn to steal user credentials

Google: Security Keys Neutralized Employee Phishing

The Life Cycle of a Breached Database

Glove Stealer bypasses Chrome’s App-Bound Encryption to steal cookies

Bitwarden password vaults targeted in Google ads phishing attack

Effortlessly upgrade to Passkeys on Pixel phones with Google Password Manager

Weekly Update 228

Predatory app downloaded 100,000 times from Google Play Store steals data, uses it for blackmail

Scammers can easily phish your multi-factor authentication codes. Here’s how to avoid it

Fake LastPass password manager spotted on Apple’s App Store

UnitedHealth almost doubles victim numbers from massive Change Healthcare data breach

How to spot a DocuSign phish and what to do about it

Alleged Boss of ‘Scattered Spider’ Hacking Group Arrested

Humans are Bad at URLs and Fonts Don’t Matter

100 million US citizens officially impacted by Change Healthcare data breach

Watch out, this LastPass email with "Important information about your account" is a phish

Phorpiex botnet sent millions of phishing emails to deliver LockBit Black ransomware

City of Columbus breach affects around half a million citizens

23andMe bankruptcy: How to delete your data and stay safe from the 2023 breach

Background check provider data breach affects 3 million people who may not have heard of the company

Still Using Passwords? Get Started with Phishing-Resistant, Passwordless Authentication Now!

BayMark Health Services sends breach notifications after ransomware attack

ConnectWise Quietly Patches Flaw That Helps Phishers

Research on iOS apps shows widespread exposure of secrets

Hertz data breach caused by CL0P ransomware attack on vendor

10 Behaviors That Will Reduce Your Risk Online

The Risk of Weak Online Banking Passwords

Ghost Ransomware a Persistent Global Threat to Critical Infrastructure

The Role and Benefits of AI in Cybersecurity

Sperm bank breach deposits data into hands of cybercriminals

Bitwarden’s new auto-fill option adds phishing resistance

Phishing scam takes $950k from DoorDash drivers

Should you allow your browser to remember your passwords?

Digital life protection: How Webroot keeps you safe in a constantly changing world

Stay Connected