Phishing - Cyber Security Informer

Search:

DAY

WEEK

MONTH

YEAR

Apr 12 - Apr 18

Apr 05 - Apr 11

Mar 29 - Apr 04

Mar 22 - Mar 28

MORE

MORE

MORE

MORE

Select your country:
Sign up | Log in

Phishing

article thumbnail

Chinese Innovations Spawn Wave of Toll Phishing Via SMS

Krebs on Security

JANUARY 16, 2025

Researchers say the surge in SMS spam coincides with new features added to a popular commercial phishing kit sold in China that makes it simple to set up convincing lures spoofing toll road operators in multiple U.S. Reports of similar SMS phishing attacks against customers of other U.S. This is by no means a comprehensive list.

Phishing Scams Mobile Passwords

article thumbnail

A Day in the Life of a Prolific Voice Phishing Crew

Krebs on Security

JANUARY 7, 2025

Besieged by scammers seeking to phish user accounts over the telephone, Apple and Google frequently caution that they will never reach out unbidden to users this way. million in an elaborate voice phishing attack. The phishing domain used to steal roughly $4.7 Image: Shutterstock, iHaMoo. “ Annie.”

Phishing Cryptocurrency Accountability Social Engineering

Join 28,000+

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Webinars

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

Trending Sources

article thumbnail

China-based SMS Phishing Triad Pivots to Banks

Krebs on Security

APRIL 10, 2025

China-based purveyors of SMS phishing kits are enjoying remarkable success converting phished payment card data into mobile wallets from Apple and Google. On the left is the (test) data entered at the phishing site. On the left is the (test) data entered at the phishing site. Image: Ford Merrill. Image: SilentPush.

Phishing Banking Mobile Retail

Webinars

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

article thumbnail

FBI, Dutch Police Disrupt ‘Manipulaters’ Phishing Gang

Krebs on Security

JANUARY 31, 2025

Department of Justice refers to the cybercrime group as Saim Raza , after a pseudonym The Manipulaters communally used to promote their spam, malware and phishing services on social media. ” Manipulaters advertisement for Office 365 Private Page with Antibot phishing kit sold via Heartsender. Image: DomainTools. ” U.S.

Phishing Cybercrime Advertising Malware

article thumbnail

5 Key Findings From the 2023 FBI Internet Crime Report

Advertisement

The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI).

article thumbnail

Device Code Phishing

Schneier on Security

FEBRUARY 19, 2025

This isn’t new, but it’s increasingly popular : The technique is known as device code phishing. It exploits “device code flow,” a form of authentication formalized in the industry-wide OAuth standard. Authentication through device code flow is designed for logging printers, smart TVs, and similar devices into accounts.

Phishing Authentication Accountability Passwords

article thumbnail

When Getting Phished Puts You in Mortal Danger

Krebs on Security

MARCH 27, 2025

Many successful phishing attacks result in a financial loss or malware infection. But falling for some phishing scams, like those currently targeting Russians searching online for organizations that are fighting the Kremlin war machine, can cost you your freedom or your life. The text has been machine-translated from Russian.

Phishing Government Engineering Internet

article thumbnail

Arrests in Tap-to-Pay Scheme Powered by Phishing

Krebs on Security

MARCH 21, 2025

Details released by authorities so far indicate the mobile wallets being used by the scammers were created through online phishing scams, and that the accused were relying on a custom Android app to relay tap-to-pay transactions from mobile devices located in China. It all starts with phishing. Authorities in at least two U.S.

Phishing Mobile Scams Banking

article thumbnail

Why Phishers Love New TLDs Like.shop,top and.xyz

Krebs on Security

DECEMBER 3, 2024

Phishing attacks increased nearly 40 percent in the year ending August 2024, with much of that growth concentrated at a small number of new generic top-level domains (gTLDs) — such as.shop ,top ,xyz — that attract scammers with rock-bottom prices and no meaningful registration requirements, new research finds. ”

Cybercrime Phishing Accountability Internet

article thumbnail

Phishing Defenses

Adam Shostack

JANUARY 2, 2025

Phishing behaviors, as observed in the wild. Users frequently need to click on links from unfamiliar domains to do their job, and being able to spot a phish is not their job. Users frequently need to click on links from unfamiliar domains to do their job, and being able to spot a phish is not their job.

Phishing Accountability

article thumbnail

Learning from Troy Hunt’s Sneaky Phish

Adam Shostack

APRIL 5, 2025

Troy Hunt has a good post about being phished. Troy honorably admits that he overrode 1Password and filled out the phishing site. If the message is anywhere else, its not sent to the address I gave mailchimp, and its a phish or a spam. Attackers are sneaky. I tell mailchimp my email is mailchimp827@threatsbook.com.

Phishing Banking Internet Internet

article thumbnail

AI Will Increase the Quantity—and Quality—of Phishing Scams

Schneier on Security

JUNE 3, 2024

Recent research showed that 60% of participants fell victim to artificial intelligence (AI)-automated phishing, which is comparable to the success rates of non-AI-phishing messages created by human experts. Here’s the full text.

Phishing Artificial Intelligence Scams

article thumbnail

AI-Powered Phishing: Defending Against New Browser-Based Attacks

SecureWorld News

JANUARY 22, 2025

The cybersecurity landscape has witnessed a dramatic shift with the rise of AI-powered phishing attacks. The evolution of AI-enhanced phishing Today's phishing attempts are far more sophisticated than ever before. AI-powered phishing campaigns can now adapt in real-time, learning from user interactions to refine their approach.

Phishing Threat Detection Social Engineering DNS

article thumbnail

iMessage text gets recipient to disable phishing protection so they can be phished

Malwarebytes

JANUARY 13, 2025

A smishing (SMS phishing) campaign is targeting iMessage users, attempting to socially engineer them into bypassing Apple’s built in phishing protection. For months, iMessage users have been posting examples online of how phishers are trying to get around this protection.

Phishing Social Engineering Scams Mobile

article thumbnail

Phishing-as-a-Service Rockstar 2FA continues to be prevalent

Security Affairs

NOVEMBER 29, 2024

Phishing tool Rockstar 2FA targets Microsoft 365 credentials, it uses adversary-in-the-middle (AitM) attacks to bypass multi-factor authentication. Trustwave researchers are monitoring malicious activity associated with Phishing-as-a-Service (PaaS) platforms, their latest report focuses on a toolkit called Rockstar 2FA.

Phishing Accountability Authentication Advertising

article thumbnail

Fortinet CISO Details ‘Phish-Free’ Phishing Scheme Using PayPal

Security Boulevard

JANUARY 9, 2025

A bad actor is using a Microsoft 365 test domain and a self-created distribution list to bypass traditional email protections and entice victims to hand over their PayPal account information in what Fortinet's CISO is calling a "phish-free" phishing campaign.

CISO

CISO Phishing Accountability Social Engineering

article thumbnail

Phishing attacks leveraging HTML code inside SVG files

SecureList

APRIL 21, 2025

With each passing year, phishing attacks feature more and more elaborate techniques designed to trick users and evade security measures. However, attackers are exploiting this by embedding scripts with links to phishing pages within the image file. Sample SVG file with embedded HTML code.

Phishing Software

article thumbnail

Phish-Friendly Domain Registry “.top” Put on Notice

Krebs on Security

JULY 23, 2024

The Chinese company in charge of handing out domain names ending in “ top ” has been given until mid-August 2024 to show that it has put in place systems for managing phishing reports and suspending abusive domains, or else forfeit its license to sell domains. ” Image: Shutterstock. Interisle said.top has roughly 2.76

Phishing DNS Scams Technology

article thumbnail

Phishing Attacks Snare Security, IT Leaders

Security Boulevard

OCTOBER 21, 2024

Despite 80% of IT leaders expressing confidence that their organization won’t fall for phishing attacks, nearly two-thirds admitted they’ve clicked on phishing links themselves. The post Phishing Attacks Snare Security, IT Leaders appeared first on Security Boulevard. These were among the chief results of an Arctic.

Phishing Threat Reports Risk

article thumbnail

Crooks bank on Microsoft’s search engine to phish customers

Malwarebytes

NOVEMBER 4, 2024

We identified a new wave of phishing for banking credentials that targets consumers via Microsoft’s search engine. One particularly interesting detail is how a phishing website created barely two weeks ago is already indexed and displayed before the official one. We have reported the fraudulent sites to Microsoft already.

Engineering Phishing Banking Authentication

article thumbnail

Security expert Troy Hunt hit by phishing attack

Malwarebytes

MARCH 26, 2025

Internet security expert and educator Troy Hunt disclosed this week that he had been hit by one of the oldestand most provenscams in the online world: A phishing attack. As such, readers should be the lookout for any scams or phishing attempts in the coming weeks. But Hunts immediate disclosure of the attack should be commended.

Phishing Data breaches Password Management Scams

article thumbnail

Phishing evolves beyond email to become latest Android app threat

Malwarebytes

FEBRUARY 11, 2025

There are plenty of phish in the sea, and the latest ones have little interest in your email inbox. In 2024, Malwarebytes detected more than 22,800 phishing apps on Android, according to the recent 2025 State of Malware report. These Android phishing apps may sound high-tech, but they are not.

Phishing Passwords Mobile Authentication

article thumbnail

Booking.com Phishers May Leave You With Reservations

Krebs on Security

NOVEMBER 1, 2024

This story examines a recent spear-phishing campaign that ensued when a California hotel had its booking.com credentials stolen. KrebsOnSecurity last week heard from a reader whose close friend received a targeted phishing message within the Booking mobile app just minutes after making a reservation at a California.

Phishing Accountability Artificial Intelligence Cybercrime

article thumbnail

Operation Heart Blocker: International Police Disrupt Phishing Network

SecureWorld News

FEBRUARY 3, 2025

and Dutch law enforcement agencies have dismantled 39 domains and their associated servers in an effort to disrupt a Pakistan-based network of online marketplaces selling phishing and fraud-enabling tools. In a significant victory against cybercrime, U.S. According to the U.S.

Phishing Cybercrime Scams Authentication

article thumbnail

A Sneaky Phish Just Grabbed My Mailchimp Mailing List

Troy Hunt

MARCH 25, 2025

That's me right now, and the penny has just dropped that a Mailchimp phish has grabbed my credentials, logged into my account and exported the mailing You know when you're really jet lagged and really tired and the cogs in your head are just moving that little bit too slow?

Phishing Accountability

article thumbnail

“Urgent reminder” tax scam wants to phish your Microsoft credentials

Malwarebytes

APRIL 1, 2025

If the receiver were to scan the QR code, they would be sent to a phishing site. The other big type of scams are phishing emails, like we saw above. Use security software that blocks phishing domains and other scam sites. Thank you for your prompt attention to this matter. Tax Services Team This is an automated message.

Scams

Scams Phishing Artificial Intelligence Social Engineering

article thumbnail

Nigerian man Sentenced to 26+ years in real estate phishing scams

Security Affairs

NOVEMBER 4, 2024

for phishing scams that stole millions by hacking email accounts. for phishing scams that resulted in the compromise of millions of email accounts. for phishing scams that resulted in the compromise of millions of email accounts. Nigerian Kolade Ojelade gets 26 years in U.S. ” reads the press release published by DoJ.

Scams

Scams Phishing Identity Theft Accountability

article thumbnail

Phishing Threats, GenAI Among Top Cybersecurity Risks in 2025

Security Boulevard

JANUARY 10, 2025

Organizations are facing escalating threats from phishing attacks, personal app usage and the widespread adoption of generative AI (GenAI) in workplaces. According to a Netskope report, phishing attacks surged in 2024, with enterprise employees clicking on phishing links at a rate nearly three times higher than in 2023.

Phishing Risk Cybersecurity Security Awareness

article thumbnail

U.S. Justice Department Cracks Down on Scattered Spider Phishing Ring

SecureWorld News

NOVEMBER 22, 2024

The United States Department of Justice (DOJ) has unsealed charges against five individuals accused of orchestrating sophisticated phishing campaigns tied to the notorious Scattered Spider cybercrime group. As this case shows, phishing and hacking has become increasingly sophisticated and can result in enormous losses.

Phishing Identity Theft Cryptocurrency Cybercrime

article thumbnail

AI Outsmarts 'Elite' Red Teams in New Era of Phishing, Cyber Defense

SecureWorld News

APRIL 7, 2025

One of the most pressing challenges in cybersecurity is the rise of AI-driven phishing campaigns. Recent findings from Hoxhunt reveal that artificial intelligence is now outpacing human red teams in developing more sophisticated phishing attacks.

Phishing Artificial Intelligence Cyber threats Cybersecurity

article thumbnail

News alert: Arsen’s rolls out AI-powered phishing tests to improve social engineering resilience

The Last Watchdog

MARCH 24, 2025

24, 2025, CyberNewswire — Arsen , a leading cybersecurity company specializing in social engineering defense, today announced the full release of Conversational Phishing, a groundbreaking feature embedded in its phishing simulation platform. To learn more about Conversational Phishing, users can visit [link].

Social Engineering

Social Engineering Engineering Phishing Security Awareness

article thumbnail

Phishing False Alarm

Schneier on Security

JANUARY 15, 2025

A very security-conscious company was hit with a (presumed) massive state-actor phishing attack with gift cards, and everyone rallied to combat it—until it turned out it was company management sending the gift cards.

Phishing

article thumbnail

Storm-2372 used the device code phishing technique since August 2024

Security Affairs

FEBRUARY 16, 2025

Russia-linked group Storm-2372 used the device code phishing technique since Aug 2024 to steal login tokens from governments, NGOs, and industries. ” Device code phishing attacks exploit authentication flows to steal tokens, granting attackers access to accounts and data. ” continues the report.

Phishing Authentication Telecommunications Accountability

article thumbnail

Morphing Meerkat phishing kits exploit DNS MX records

Security Affairs

MARCH 31, 2025

Morphing Meerkat phishing kits exploit DNS MX records to deliver spoofed login pages, targeting over 100 brands. Threat actors are exploiting DNS techniques to enhance phishing attacks, using MX records to dynamically serve spoofed login pages. “We discovered cyber campaigns that used the phishing kits as early as January 2020.

DNS

DNS Phishing Banking Passwords

article thumbnail

Hackers Use Malicious PDFs, pose as USPS in Mobile Phishing Scam

Security Boulevard

JANUARY 27, 2025

A large-scale phishing campaign is using PDF files and hidden malicious links, as well as posing at the U.S. Postal Service, in phishing campaign targeting mobile device users in hope that victims will divulge credentials and personal information, Zimperium researchers say.

Mobile

Mobile Scams Phishing Social Engineering

article thumbnail

Gmail Under Siege: FBI Warns of Unusual AI-Driven Phishing Attacks

eSecurity Planet

FEBRUARY 10, 2025

In a stark warning to organizations and everyday users alike, cybersecurity experts and government agencies have sounded the alarm over a new breed of Gmail-targeted phishing attacks. AI-Enhanced Cyberthreats Recent intelligence indicates that the sophistication of Gmail phishing campaigns has reached new heights.

Phishing Artificial Intelligence Password Management Accountability

article thumbnail

Feds Charge Five Men in ‘Scattered Spider’ Roundup

Krebs on Security

NOVEMBER 21, 2024

A visual depiction of the attacks by the SMS phishing group known as Scattered Spider, and Oktapus. Some SMS phishing messages told employees their VPN credentials were expiring and needed to be changed; other phishing messages advised employees about changes to their upcoming work schedule. com and ouryahoo-okta[.]com.

Identity Theft Phishing Cryptocurrency Accountability

article thumbnail

Misconfigured AWS Accounts Are Fueling Phishing Campaigns

eSecurity Planet

MARCH 4, 2025

Cybersecurity researchers have uncovered a campaign where threat actors exploit misconfigured Amazon Web Services (AWS) environments to send phishing emails. How the attack works The JavaGhost group, active since 2019, initially focused on website defacements before shifting to financially motivated phishing attacks in 2022.

Phishing Accountability Authentication Risk

article thumbnail

WhatsApp spear phishing campaign uses QR codes to add device

Malwarebytes

JANUARY 17, 2025

Once a relationship had been established, the target would receive a phishing link or a document that contained a phishing link. How to stay safe These spear phishing campaigns are highly targeted and youll probably never see an invite to this group. There are a few simple rules that will help you avoid this kind of phishing.

Phishing Accountability Mobile Risk

article thumbnail

Social Engineering to Disable iMessage Protections

Schneier on Security

JANUARY 17, 2025

I am always interested in new phishing tricks, and watching them spread across the ecosystem. A few days ago I started getting phishing SMS messages with a new twist. They were standard messages about delayed packages or somesuch, with the goal of getting me to click on a link and entering some personal information into a website.

Social Engineering

Social Engineering Engineering Phishing

article thumbnail

Attackers use CSS to create evasive phishing messages

Security Affairs

MARCH 17, 2025

Using CSS properties like text-indent , they conceal phishing text from victims while bypassing security parsers. The following phishing message impersonates the Blue Cross Blue Shield organization. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,phishing)

Phishing Engineering Media Hacking

article thumbnail

Identity Phishing: Using Legitimate Cloud Services to Steal User Access

Security Boulevard

DECEMBER 5, 2024

Identity phishing doesn’t just lead to data theft – it can also lead to financial fraud, targeted social engineering attacks and lateral movement across endpoints. The post Identity Phishing: Using Legitimate Cloud Services to Steal User Access appeared first on Security Boulevard.

Phishing Social Engineering Engineering Security Awareness

article thumbnail

This Windows PowerShell Phish Has Scary Potential

Krebs on Security

SEPTEMBER 19, 2024

Many GitHub users this week received a novel phishing email warning of critical security holes in their code. Those who clicked the link for details were asked to distinguish themselves from bots by pressing a combination of keyboard keys that causes Microsoft Windows to download password-stealing malware.

Phishing Scams Malware Passwords

article thumbnail

WordPress Plugin Exploited to Turn Legitimate Sites Into Phishing Traps

Security Boulevard

JANUARY 6, 2025

The post WordPress Plugin Exploited to Turn Legitimate Sites Into Phishing Traps appeared first on Security Boulevard. A WordPress plugin known as PhishWP, has been discovered on Russian cybercrime forums and is being exploited by cybercriminals to steal sensitive data from unsuspecting users.

Phishing Cybercrime Cybersecurity