Krebs on Security

DECEMBER 3, 2024

Phishing attacks increased nearly 40 percent in the year ending August 2024, with much of that growth concentrated at a small number of new generic top-level domains (gTLDs) — such as.shop ,top ,xyz — that attract scammers with rock-bottom prices and no meaningful registration requirements, new research finds. ”

Cybercrime 276

Cybercrime Phishing Accountability Internet 276

Adam Shostack

JANUARY 2, 2025

Phishing behaviors, as observed in the wild. Users frequently need to click on links from unfamiliar domains to do their job, and being able to spot a phish is not their job. Users frequently need to click on links from unfamiliar domains to do their job, and being able to spot a phish is not their job.

Phishing 130

Phishing Accountability 130

Schneier on Security

JUNE 3, 2024

Recent research showed that 60% of participants fell victim to artificial intelligence (AI)-automated phishing, which is comparable to the success rates of non-AI-phishing messages created by human experts. Here’s the full text.

Phishing 344

Phishing Artificial Intelligence Scams 344

Malwarebytes

JANUARY 13, 2025

A smishing (SMS phishing) campaign is targeting iMessage users, attempting to socially engineer them into bypassing Apple’s built in phishing protection. For months, iMessage users have been posting examples online of how phishers are trying to get around this protection.

Phishing 134

Phishing Social Engineering Scams Mobile 134

Security Affairs

NOVEMBER 29, 2024

Phishing tool Rockstar 2FA targets Microsoft 365 credentials, it uses adversary-in-the-middle (AitM) attacks to bypass multi-factor authentication. Trustwave researchers are monitoring malicious activity associated with Phishing-as-a-Service (PaaS) platforms, their latest report focuses on a toolkit called Rockstar 2FA.

Phishing 112

Phishing Accountability Authentication Advertising 112

Security Boulevard

JANUARY 9, 2025

A bad actor is using a Microsoft 365 test domain and a self-created distribution list to bypass traditional email protections and entice victims to hand over their PayPal account information in what Fortinet's CISO is calling a "phish-free" phishing campaign.

CISO 113

CISO Phishing Accountability Social Engineering 113

Security Boulevard

OCTOBER 21, 2024

Despite 80% of IT leaders expressing confidence that their organization won’t fall for phishing attacks, nearly two-thirds admitted they’ve clicked on phishing links themselves. The post Phishing Attacks Snare Security, IT Leaders appeared first on Security Boulevard. These were among the chief results of an Arctic.

Phishing 122

Phishing Threat Reports Risk 122

Malwarebytes

FEBRUARY 11, 2025

There are plenty of phish in the sea, and the latest ones have little interest in your email inbox. In 2024, Malwarebytes detected more than 22,800 phishing apps on Android, according to the recent 2025 State of Malware report. These Android phishing apps may sound high-tech, but they are not.

Phishing 129

Phishing Passwords Mobile Authentication 129

Security Affairs

MARCH 17, 2025

Using CSS properties like text-indent , they conceal phishing text from victims while bypassing security parsers. The following phishing message impersonates the Blue Cross Blue Shield organization. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,phishing)

Phishing 116

Phishing Engineering Media Hacking 116

Krebs on Security

JULY 23, 2024

The Chinese company in charge of handing out domain names ending in “ top ” has been given until mid-August 2024 to show that it has put in place systems for managing phishing reports and suspending abusive domains, or else forfeit its license to sell domains. ” Image: Shutterstock. Interisle said.top has roughly 2.76

Phishing 313

Phishing DNS Scams Technology 313

eSecurity Planet

MARCH 4, 2025

Cybersecurity researchers have uncovered a campaign where threat actors exploit misconfigured Amazon Web Services (AWS) environments to send phishing emails. How the attack works The JavaGhost group, active since 2019, initially focused on website defacements before shifting to financially motivated phishing attacks in 2022.

Phishing 95

Phishing Accountability Authentication Risk 95

Malwarebytes

NOVEMBER 4, 2024

We identified a new wave of phishing for banking credentials that targets consumers via Microsoft’s search engine. One particularly interesting detail is how a phishing website created barely two weeks ago is already indexed and displayed before the official one. We have reported the fraudulent sites to Microsoft already.

Engineering 126

Engineering Phishing Banking Authentication 126

SecureWorld News

JANUARY 22, 2025

The cybersecurity landscape has witnessed a dramatic shift with the rise of AI-powered phishing attacks. The evolution of AI-enhanced phishing Today's phishing attempts are far more sophisticated than ever before. AI-powered phishing campaigns can now adapt in real-time, learning from user interactions to refine their approach.

Phishing 106

Phishing Threat Detection Social Engineering DNS 106

Krebs on Security

NOVEMBER 1, 2024

This story examines a recent spear-phishing campaign that ensued when a California hotel had its booking.com credentials stolen. KrebsOnSecurity last week heard from a reader whose close friend received a targeted phishing message within the Booking mobile app just minutes after making a reservation at a California.

Phishing 255

Phishing Accountability Artificial Intelligence Cybercrime 255

Security Affairs

NOVEMBER 4, 2024

for phishing scams that stole millions by hacking email accounts. for phishing scams that resulted in the compromise of millions of email accounts. for phishing scams that resulted in the compromise of millions of email accounts. Nigerian Kolade Ojelade gets 26 years in U.S. ” reads the press release published by DoJ.

Scams 123

Scams Phishing Identity Theft Accountability 123

Security Boulevard

JANUARY 10, 2025

Organizations are facing escalating threats from phishing attacks, personal app usage and the widespread adoption of generative AI (GenAI) in workplaces. According to a Netskope report, phishing attacks surged in 2024, with enterprise employees clicking on phishing links at a rate nearly three times higher than in 2023.

Phishing 122

Phishing Risk Cybersecurity Security Awareness 122

Schneier on Security

JANUARY 15, 2025

A very security-conscious company was hit with a (presumed) massive state-actor phishing attack with gift cards, and everyone rallied to combat it—until it turned out it was company management sending the gift cards.

Phishing 269

Phishing 269

SecureWorld News

FEBRUARY 3, 2025

and Dutch law enforcement agencies have dismantled 39 domains and their associated servers in an effort to disrupt a Pakistan-based network of online marketplaces selling phishing and fraud-enabling tools. In a significant victory against cybercrime, U.S. According to the U.S.

Phishing 106

Phishing Cybercrime Scams Authentication 106

Security Affairs

FEBRUARY 16, 2025

Russia-linked group Storm-2372 used the device code phishing technique since Aug 2024 to steal login tokens from governments, NGOs, and industries. ” Device code phishing attacks exploit authentication flows to steal tokens, granting attackers access to accounts and data. ” continues the report.

Phishing 113

Phishing Authentication Telecommunications Accountability 113

eSecurity Planet

FEBRUARY 10, 2025

In a stark warning to organizations and everyday users alike, cybersecurity experts and government agencies have sounded the alarm over a new breed of Gmail-targeted phishing attacks. AI-Enhanced Cyberthreats Recent intelligence indicates that the sophistication of Gmail phishing campaigns has reached new heights.

Phishing 116

Phishing Artificial Intelligence Password Management Accountability 116

Security Boulevard

JANUARY 27, 2025

A large-scale phishing campaign is using PDF files and hidden malicious links, as well as posing at the U.S. Postal Service, in phishing campaign targeting mobile device users in hope that victims will divulge credentials and personal information, Zimperium researchers say.

Mobile 116

Mobile Scams Phishing Social Engineering 116

SecureWorld News

NOVEMBER 22, 2024

The United States Department of Justice (DOJ) has unsealed charges against five individuals accused of orchestrating sophisticated phishing campaigns tied to the notorious Scattered Spider cybercrime group. As this case shows, phishing and hacking has become increasingly sophisticated and can result in enormous losses.

Phishing 102

Phishing Identity Theft Cryptocurrency Cybercrime 102

eSecurity Planet

FEBRUARY 26, 2025

Cybercriminals are shifting their focus from emails to text messages, using mishing a more deceptive form of phishing to target mobile users and infiltrate corporate networks, according to new security research by Zimperium. Vishing: Also known as voice phishing. What is mishing? and 9%in Brazil.

Phishing 89

Phishing Mobile Social Engineering Data breaches 89

Malwarebytes

JANUARY 17, 2025

Once a relationship had been established, the target would receive a phishing link or a document that contained a phishing link. How to stay safe These spear phishing campaigns are highly targeted and youll probably never see an invite to this group. There are a few simple rules that will help you avoid this kind of phishing.

Phishing 140

Phishing Accountability Mobile Risk 140

Krebs on Security

NOVEMBER 21, 2024

A visual depiction of the attacks by the SMS phishing group known as Scattered Spider, and Oktapus. Some SMS phishing messages told employees their VPN credentials were expiring and needed to be changed; other phishing messages advised employees about changes to their upcoming work schedule. com and ouryahoo-okta[.]com.

Identity Theft 245

Identity Theft Phishing Cryptocurrency Accountability 245

Schneier on Security

JANUARY 17, 2025

I am always interested in new phishing tricks, and watching them spread across the ecosystem. A few days ago I started getting phishing SMS messages with a new twist. They were standard messages about delayed packages or somesuch, with the goal of getting me to click on a link and entering some personal information into a website.

Social Engineering 292

Social Engineering Engineering Phishing 292

Security Boulevard

DECEMBER 5, 2024

Identity phishing doesn’t just lead to data theft – it can also lead to financial fraud, targeted social engineering attacks and lateral movement across endpoints. The post Identity Phishing: Using Legitimate Cloud Services to Steal User Access appeared first on Security Boulevard.

Phishing 111

Phishing Social Engineering Engineering Security Awareness 111

Krebs on Security

SEPTEMBER 19, 2024

Many GitHub users this week received a novel phishing email warning of critical security holes in their code. Those who clicked the link for details were asked to distinguish themselves from bots by pressing a combination of keyboard keys that causes Microsoft Windows to download password-stealing malware.

Phishing 320

Phishing Scams Malware Passwords 320

Security Boulevard

JANUARY 6, 2025

The post WordPress Plugin Exploited to Turn Legitimate Sites Into Phishing Traps appeared first on Security Boulevard. A WordPress plugin known as PhishWP, has been discovered on Russian cybercrime forums and is being exploited by cybercriminals to steal sensitive data from unsuspecting users.

Phishing 119

Phishing Cybercrime Cybersecurity 119

Security Affairs

NOVEMBER 29, 2024

Phishing tool Rockstar 2FA targets Microsoft 365 credentials, it uses adversary-in-the-middle (AitM) attacks to bypass multi-factor authentication. Trustwave researchers are monitoring malicious activity associated with Phishing-as-a-Service (PaaS) platforms, their latest report focuses on a toolkit called Rockstar 2FA.

Phishing 95

Phishing Accountability Authentication Advertising 95

Security Boulevard

FEBRUARY 12, 2025

As Valentines Day approaches, cybercriminals are ramping up their efforts to exploit consumers through romance scams, phishing campaigns and fraudulent e-commerce offers. The post Cybercriminals Exploit Valentines Day with Romance Scams, Phishing Attacks appeared first on Security Boulevard.

Scams 114

Scams Phishing Security Awareness Cybercrime 114

Troy Hunt

FEBRUARY 23, 2024

I've been getting a lot of those "your parcel couldn't be delivered" phishing attacks lately and if you're a human with a phone, you probably have been too. And so, when I received the following SMS earlier this week I was expecting a parcel and I was expecting phishing attacks: So. Parcel or phish?

Phishing 361

Phishing Scams Banking Social Engineering 361

Security Boulevard

JANUARY 17, 2025

The post California Wildfires Spark Phishing Scams Exploiting Chaos appeared first on Security Boulevard. As Southern California continues to battle devastating wildfires, cybercriminals have seized the opportunity to exploit the chaos, targeting vulnerable individuals and organizations.

Scams 108

Scams Phishing Security Awareness Cybersecurity 108

Malwarebytes

FEBRUARY 13, 2025

Phishers are using AI-based phishing attacks which have proven to raise the effectiveness of phishing campaigns. How to avoid AI Gmail phishing Never click on links or download files from unexpected emails or messages. The FBI has also warned users to be cautious when receiving unsolicited emails or text messages.

Phishing 109

Phishing Artificial Intelligence Identity Theft Accountability 109

Troy Hunt

AUGUST 30, 2023

They'd observed a phishing campaign that had collected 68k credentials from unsuspecting victims and asked if HIBP may be used to help alert these individuals to their exposure. Last week I was contacted by CERT Poland. Data accumulated by the malicious activity spanned from October 2022 until just last week.

Phishing 346

Phishing Password Management Passwords Banking 346

Security Boulevard

FEBRUARY 3, 2025

The NIST Phish Scale framework offers a structured and effective approach to improving phishing awareness training in organizations. The post Using the NIST Phish Scale Framework to Detect and Fight Phishing Attacks appeared first on Security Boulevard.

Phishing 90

Phishing Security Awareness Cybersecurity 90

Krebs on Security

MARCH 14, 2025

In November 2024, KrebsOnSecurity reported that hundreds of hotels that use booking.com had been subject to targeted phishing attacks. From there, they sent out phishing messages asking for financial information from people who’d just booked travel through the company’s app. Source: Sekoia.

Phishing 247

Phishing Malware Scams Passwords 247