Phishing and Technology - Cyber Security Informer

Chinese Innovations Spawn Wave of Toll Phishing Via SMS

Krebs on Security

JANUARY 16, 2025

Researchers say the surge in SMS spam coincides with new features added to a popular commercial phishing kit sold in China that makes it simple to set up convincing lures spoofing toll road operators in multiple U.S. Reports of similar SMS phishing attacks against customers of other U.S. This is by no means a comprehensive list.

Phishing

Phishing Scams Mobile Passwords

Arrests in Tap-to-Pay Scheme Powered by Phishing

Krebs on Security

MARCH 21, 2025

Details released by authorities so far indicate the mobile wallets being used by the scammers were created through online phishing scams, and that the accused were relying on a custom Android app to relay tap-to-pay transactions from mobile devices located in China. It all starts with phishing. Authorities in at least two U.S.

Phishing

Phishing Mobile Scams Banking

Why Phishers Love New TLDs Like.shop,top and.xyz

Krebs on Security

DECEMBER 3, 2024

Phishing attacks increased nearly 40 percent in the year ending August 2024, with much of that growth concentrated at a small number of new generic top-level domains (gTLDs) — such as.shop ,top ,xyz — that attract scammers with rock-bottom prices and no meaningful registration requirements, new research finds. ”

Cybercrime

Cybercrime Phishing Accountability Internet

Phish-Friendly Domain Registry “.top” Put on Notice

Krebs on Security

JULY 23, 2024

The Chinese company in charge of handing out domain names ending in “ top ” has been given until mid-August 2024 to show that it has put in place systems for managing phishing reports and suspending abusive domains, or else forfeit its license to sell domains. ” Image: Shutterstock. Interisle said.top has roughly 2.76

Phishing

Phishing DNS Scams Technology

Phish Leads to Breach at Calif. State Controller

Krebs on Security

MARCH 23, 2021

A phishing attack last week gave attackers access to email and files at the California State Controller’s Office (SCO), an agency responsible for handling more than $100 billion in public funds each year. And spear-phishing others that frequently interact with the SCO via email could land the bad guys even more access to state systems.

Phishing

Phishing Data breaches Accountability Technology

Crooks bank on Microsoft’s search engine to phish customers

Malwarebytes

NOVEMBER 4, 2024

We identified a new wave of phishing for banking credentials that targets consumers via Microsoft’s search engine. One particularly interesting detail is how a phishing website created barely two weeks ago is already indexed and displayed before the official one. We have reported the fraudulent sites to Microsoft already.

Engineering

Engineering Phishing Banking Authentication

Storm-2372 used the device code phishing technique since August 2024

Security Affairs

FEBRUARY 16, 2025

Russia-linked group Storm-2372 used the device code phishing technique since Aug 2024 to steal login tokens from governments, NGOs, and industries. ” Device code phishing attacks exploit authentication flows to steal tokens, granting attackers access to accounts and data. . ” continues the report.

Phishing

Phishing Authentication Telecommunications Accountability

Feds Charge Five Men in ‘Scattered Spider’ Roundup

Krebs on Security

NOVEMBER 21, 2024

technology companies between 2021 and 2023, including LastPass , MailChimp , Okta , T-Mobile and Twilio. A visual depiction of the attacks by the SMS phishing group known as Scattered Spider, and Oktapus. Image: Amitai Cohen twitter.com/amitaico. com and ouryahoo-okta[.]com. Click to enlarge.

Identity Theft

Identity Theft Phishing Cryptocurrency Accountability

U.S. Justice Department Cracks Down on Scattered Spider Phishing Ring

SecureWorld News

NOVEMBER 22, 2024

The United States Department of Justice (DOJ) has unsealed charges against five individuals accused of orchestrating sophisticated phishing campaigns tied to the notorious Scattered Spider cybercrime group. As this case shows, phishing and hacking has become increasingly sophisticated and can result in enormous losses.

Phishing

Phishing Identity Theft Cryptocurrency Cybercrime

AI Outsmarts 'Elite' Red Teams in New Era of Phishing, Cyber Defense

SecureWorld News

APRIL 7, 2025

One of the most pressing challenges in cybersecurity is the rise of AI-driven phishing campaigns. Recent findings from Hoxhunt reveal that artificial intelligence is now outpacing human red teams in developing more sophisticated phishing attacks.

Phishing

Phishing Artificial Intelligence Cyber threats Cybersecurity

Gmail Under Siege: FBI Warns of Unusual AI-Driven Phishing Attacks

eSecurity Planet

FEBRUARY 10, 2025

In a stark warning to organizations and everyday users alike, cybersecurity experts and government agencies have sounded the alarm over a new breed of Gmail-targeted phishing attacks. AI-Enhanced Cyberthreats Recent intelligence indicates that the sophistication of Gmail phishing campaigns has reached new heights.

Phishing

Phishing Artificial Intelligence Password Management Accountability

LLMs and Phishing

Schneier on Security

APRIL 10, 2023

Here’s an experiment being run by undergraduate computer science students everywhere: Ask ChatGPT to generate phishing emails, and test whether these are better at persuading victims to respond or click on the link than the usual spam.

Phishing

Phishing Scams Internet Internet

Phish of GoDaddy Employee Jeopardized Escrow.com, Among Others

Krebs on Security

MARCH 31, 2020

A spear-phishing attack this week hooked a customer service employee at GoDaddy.com , the world’s largest domain name registrar, KrebsOnSecurity has learned. 49 (that domain is hobbled here because it is currently flagged as hosting a phishing site). It was starting to look like someone had gotten phished.

Phishing

Phishing DNS Social Engineering Accountability

FBI: Spike in Hacked Police Emails, Fake Subpoenas

Krebs on Security

NOVEMBER 9, 2024

based technology companies. Donahue said 60 technology companies are now routing all law enforcement data requests through Kodex, including an increasing number of financial institutions and cryptocurrency platforms. “Unfortunately, a lot of this is phishing or malware campaigns,” Donahue said.

Hacking

Hacking Accountability Government Social Engineering

Fake Lawsuit Threat Exposes Privnote Phishing Sites

Krebs on Security

APRIL 4, 2024

The disclosure revealed a profitable network of phishing sites that behave and look like the real Privnote, except that any messages containing cryptocurrency addresses will be automatically altered to include a different payment address controlled by the scammers. A screenshot of the phishing domain privatemessage dot net.

Phishing

Phishing Cryptocurrency DDOS Internet

AI vs AI: Next front in phishing wars

Tech Republic Security

JUNE 16, 2023

Threat intelligence firm Abnormal Software is seeing cybercriminals using generative AI to go phishing; the same technology is part of the defense. The post AI vs AI: Next front in phishing wars appeared first on TechRepublic.

Phishing

Phishing Technology Software Artificial Intelligence

Vulnerability Recap 10/28/24 – Phishing, DoS, RCE & a Zero-Day

eSecurity Planet

OCTOBER 28, 2024

We’ll also look at increased phishing attacks, a couple of different Cisco flaws, and a Fortinet vulnerability that took some time to get its own CVE. Netskope Reports Increase in Webflow Phishing Pages Type of attack: Phishing and subsequent credential theft. webflow.io, which indicates a phishing site.

Phishing

Phishing Authentication Software VPN

We have failed to stop phishing, even after 2 decades. Can we finally agree that emails need digital signatures?

Joseph Steinberg

NOVEMBER 15, 2021

There has likely not been a single hour during the last decade, for example, during which criminals did not carry out successful phishing-based attacks by exploiting the inherent lack of security within standard and ubiquitous email technology. And such issues are just the tip of the iceberg when it comes to email security.

Phishing

Phishing Artificial Intelligence Technology Scams

Scammers Steal Over $25 Million By Using AI Deepfake Video Call To Convince Suspicious Employee That A Phishing Email Is Legitimate

Joseph Steinberg

FEBRUARY 4, 2024

Scammers stole over $25 million from a multinational business by utilizing cutting-edge real-time video deepfake technology to convince an employee in the firm’s accounts-payable department that the worker had properly validated a payment request previously sent to him via email. Million USD at the time of the theft and at present).

Artificial Intelligence

Artificial Intelligence Phishing Scams Accountability

Karma Catches Up to Global Phishing Service 16Shop

Krebs on Security

AUGUST 17, 2023

You’ve probably never heard of “ 16Shop ,” but there’s a good chance someone using it has tried to phish you. A 16Shop phishing page spoofing Apple and targeting Japanese users. Image: Akamai.com. The INTERPOL statement says the platform sold hacking tools to compromise more than 70,000 users in 43 countries.

Phishing

Phishing Passwords Hacking Internet

LW ROUNDTABLE — How 2024’s cyber threats will transform the security landscape in 2025

The Last Watchdog

DECEMBER 16, 2024

Part two of a four-part series The explosion of AI-driven phishing, insider threats, and business logic abuse has forced a shift toward more proactive, AI-enhanced defenses. Legacy IAM systems cant keep up as AI-powered phishing and deepfakes grow more sophisticated. The drivers are intensifying.

Cyber threats

Cyber threats CISO IoT Phishing

GUEST ESSAY: The promise and pitfalls of using augmented reality– ‘AR’ — in cybersecurity

The Last Watchdog

NOVEMBER 11, 2024

The technology, which first emerged primarily in the world of gaming and entertainment, now promises to reshape our reality with interactive information and immersive experiences. In short, AR is undoubtedly a groundbreaking technology that will reinvent how we interact with the digital world. Related: Is the Metaverse truly secure?

Cybersecurity

Cybersecurity Social Engineering Technology Threat Detection

New ‘Lucid’ Phishing Platform Abuses iMessage, Android RCS to Slip Past Defenses

eSecurity Planet

MARCH 28, 2025

A sophisticated cybercrime service known as “Lucid” is exploiting vulnerabilities in Apples iMessage and Androids Rich Communication Services (RCS), allowing cyberthieves to conduct large-scale phishing attacks with alarming success. Automated mobile farms that deploy phishing messages at scale.

Phishing

Phishing Scams Cybercrime Retail

How threat actors can use generative artificial intelligence?

Security Affairs

DECEMBER 1, 2024

From generating deepfakes to enhancing phishing campaigns, GAI is evolving into a tool for large-scale cyber offenses GAI has captured the attention of researchers and investors for its transformative potential across industries. However, the rapid pace of technological advancement means that attackers are always a step ahead.

Artificial Intelligence

Artificial Intelligence Phishing Media Cyber threats

LW ROUNDTABLE: Predictive analytics, full-stack visualization to solidify cyber defenses in 2025

The Last Watchdog

DECEMBER 18, 2024

To wrap up our 2024 year-end roundtable, we turn our attention to new technologies and trends that are emerging to help bridge the gaps. AI-powered cryptocurrency attacks will automate phishing and exploit vulnerabilities. We can expect security teams feeling pressure to adopt new technology quickly.

Risk

Risk Threat Detection Technology Phishing

From Notifications to Deepfakes: How Human Behaviour Is Shifting and What It Means for Cybersecurity

Jane Frankland

JANUARY 19, 2025

For us in cyber, how do we navigate these new digital threats especially when we layer in the rise of AI and deepfake technologies, and the stakes grow even higher? Deepfake Technology Amplifying Risks: The evolution and democratisation of deepfake technology have blurred the line between reality and fabrication.

Cybersecurity

Cybersecurity Technology Scams Risk

RSAC Fireside Chat: IRONSCALES utilizes LLM, superior intel to stay a step ahead of Deep Fakes

The Last Watchdog

MAY 21, 2024

I had the chance to sit down with Eyal Benishti , IRONSCALES founder and CEO, to get a breakdown of how their new Generative Adversarial Network (GAN) technology utilizes a specialized LLM to reinforce anti-phishing mitigation services.

Phishing

Phishing Banking Technology Internet

GUEST ESSAY: The rise of ‘PhaaS’ — and a roadmap to mitigate ‘Phishing-as-a-Service’

The Last Watchdog

SEPTEMBER 21, 2022

Phishing is one of the most common social engineering tactics cybercriminals use to target their victims. Cybersecurity experts are discussing a new trend in the cybercrime community called phishing-as-a-service. Phishing-as-a-Service (PhaaS). Ready-to-use phishing kits with all necessary attack items are available on the web.

Phishing

Phishing Artificial Intelligence Cybercrime Social Engineering

How Phishers Are Slinking Their Links Into LinkedIn

Krebs on Security

FEBRUARY 3, 2022

This search via Urlscan reveals dozens of recent phishing attacks that have leveraged the Slinks feature. A recent phishing site that abused LinkedIn’s marketing redirect. A recent phishing site that abused LinkedIn’s marketing redirect. Urlscan also found this phishing scam from Jan. Image: Urlscan.io.

Phishing

Phishing Marketing Scams Accountability

Report: The Dark Side of Phishing Protection

The Hacker News

MAY 27, 2024

The transition to the cloud, poor password hygiene and the evolution in webpage technologies have all enabled the rise in phishing attacks. But despite sincere efforts by security stakeholders to mitigate them - through email protection, firewall rules and employee education - phishing attacks are still a very risky attack vector.

Phishing

Phishing Firewall Education Passwords

The Urgent Call: How a Phishing Email Pushed Buckeye Elementary to Strengthen Cyber Defenses

Security Boulevard

NOVEMBER 11, 2024

Guest speakers Sal Franco, IT Director at Buckeye Elementary, and Fran Watkins, Technology Manager at Centennial School District, shared first-hand stories of ransomware and data loss incidents that tested.

Phishing

Phishing Ransomware Technology Cybersecurity

Level Up Your Security: Embrace Passkeys and Phishing-Resistant 2FA

Thales Cloud Protection & Licensing

JANUARY 31, 2025

Level Up Your Security: Embrace Passkeys and Phishing-Resistant 2FA andrew.gertz@t Fri, 01/31/2025 - 15:17 Celebrate Change Your Password Day and 2FA Day by embracing passkeys and phishing-resistant 2FA. of automated attacks and dramatically reduces the success of phishing attempts. Why Use Passkeys? Lets stay one step ahead.

Phishing

Phishing Passwords Password Management Authentication

Black Friday Triggers Near 700% Rise in Retail Cyber Scams

SecureWorld News

DECEMBER 4, 2024

The United States retail sector faced an especially aggressive wave of cyber threats, with phishing attacks mimicking major holiday brands [3] including Walmart, Target, and Best Buy increasing by more than 2,000% during peak shopping periods.

Retail

Retail Scams Phishing Cyber threats

News Alert: Perception Point reports rates of ‘BEC,’ phishing attacks climb in the first half of 2023

The Last Watchdog

JULY 27, 2023

In its H1 2023 Report: Cybersecurity Trends & Insights , Perception Point reported an overall increase in social engineering attacks, including a 20% growth in the prevalence of Business Email Compromise (BEC) attacks along with a 41% surge in phishing attacks from H2 2022 to H1 2023.

Phishing

Phishing Social Engineering Engineering Media

Next-Gen Phishing Techniques – How Back-End Tech Made Scams More Effective

Heimadal Security

FEBRUARY 28, 2025

Phishing scams are no longer just poorly written emails full of typos. Todays sophisticated back-end technologies take phishing and social engineering to the next level. The era of messages from long-lost, wealthy relatives leaving fortunes to unknown heirs has passed its peak.

Scams

Scams Phishing Social Engineering Engineering

Bypassing 2FA with phishing and OTP bots

SecureList

JUNE 10, 2024

This article examines methods that rely on social engineering, where attackers manipulate the victim into giving away the OTP, and tools that they use to automate the manipulations: so-called OTP bots and administration panels to control phishing kits. Phishing is typically how they get the most up-to-date credentials.

Phishing

Phishing Banking Social Engineering Accountability

Voice Phishers Targeting Corporate VPNs

Krebs on Security

AUGUST 19, 2020

The COVID-19 epidemic has brought a wave of email phishing attacks that try to trick work-at-home employees into giving away credentials needed to remotely access their employers’ networks. The employee phishing page bofaticket[.]com. Image: urlscan.io.

Phishing

Phishing VPN Social Engineering Media

North Korean Hackers Target Brazilian Fintech with Sophisticated Phishing Tactics

The Hacker News

JUNE 13, 2024

Threat actors linked to North Korea have accounted for one-third of all the phishing activity targeting Brazil since 2020, as the country's emergence as an influential power has drawn the attention of cyber espionage groups.

Phishing

Phishing Financial Services Government Accountability

Phishing attacks target mobile users via progressive web applications (PWA)

Security Affairs

AUGUST 23, 2024

ESET researchers detailed a phishing campaign against mobile users that uses Progressive Web Applications (PWAs). A progressive web app (PWA) is an app that’s built using web platform technologies, but that provides a user experience like that of a platform-specific app. ” reads the report published by ESET.

Phishing

Phishing Mobile Banking Social Engineering

News alert: INE Security shares cyber hygiene guidance for small- and medium-sized businesses

The Last Watchdog

OCTOBER 23, 2024

As small businesses increasingly depend on digital technologies to operate and grow, the risks associated with cyber threats also escalate. Cary, NC, Oct. 22, 2024, CyberNewswire — INE Security offers essential advice to protect digital assets and enhance security.

Small Business

Small Business Data breaches Backups Passwords

Iran-Linked MuddyWater Deploys Atera for Surveillance in Phishing Attacks

The Hacker News

MARCH 25, 2024

The Iran-affiliated threat actor tracked as MuddyWater (aka Mango Sandstorm or TA450) has been linked to a new phishing campaign in March 2024 that aims to deliver a legitimate Remote Monitoring and Management (RMM) solution called Atera.

Phishing

Phishing Surveillance Manufacturing Technology

Old Habits, New Threats: Why More Phishing Attacks are Bypassing Outdated Perimeter Detection

Security Boulevard

SEPTEMBER 9, 2024

The rise in sophisticated phishing threats like polymorphic attacks, social engineering tactics, and the use of compromised accounts have undoubtedly highlighted the significant gaps in perimeter technology, leading to a notable increase in bypassed attacks.

Phishing

Phishing Social Engineering Engineering Accountability

Report Shows Ransomware Has Grown 41% for Construction Industry

Digital Shadows

NOVEMBER 12, 2024

Top MITRE Technique: Spearphishing The construction sector is no stranger to phishing attacks, which topped the list of initial access techniques between October 1, 2023, and September 30, 2024. Phishing is favored by threat actors for its simplicity and effectiveness.

Ransomware

Ransomware Phishing Cyber threats Malware

Operation ForumTroll: APT attack with Google Chrome zero-day exploit chain

SecureList

MARCH 25, 2025

In mid-March 2025, Kaspersky technologies detected a wave of infections by previously unknown and highly sophisticated malware. In all cases, infection occurred immediately after the victim clicked on a link in a phishing email, and the attackers’ website was opened using the Google Chrome web browser.

Malware

Malware Education Technology Media

Chinese Innovations Spawn Wave of Toll Phishing Via SMS

Arrests in Tap-to-Pay Scheme Powered by Phishing

Trending Sources

Why Phishers Love New TLDs Like.shop,top and.xyz

Phish-Friendly Domain Registry “.top” Put on Notice

Phish Leads to Breach at Calif. State Controller

Crooks bank on Microsoft’s search engine to phish customers

Storm-2372 used the device code phishing technique since August 2024

Feds Charge Five Men in ‘Scattered Spider’ Roundup

U.S. Justice Department Cracks Down on Scattered Spider Phishing Ring

AI Outsmarts 'Elite' Red Teams in New Era of Phishing, Cyber Defense

Gmail Under Siege: FBI Warns of Unusual AI-Driven Phishing Attacks

LLMs and Phishing

Phish of GoDaddy Employee Jeopardized Escrow.com, Among Others

FBI: Spike in Hacked Police Emails, Fake Subpoenas

Fake Lawsuit Threat Exposes Privnote Phishing Sites

AI vs AI: Next front in phishing wars

Vulnerability Recap 10/28/24 – Phishing, DoS, RCE & a Zero-Day

We have failed to stop phishing, even after 2 decades. Can we finally agree that emails need digital signatures?

Scammers Steal Over $25 Million By Using AI Deepfake Video Call To Convince Suspicious Employee That A Phishing Email Is Legitimate

Karma Catches Up to Global Phishing Service 16Shop

LW ROUNDTABLE — How 2024’s cyber threats will transform the security landscape in 2025

GUEST ESSAY: The promise and pitfalls of using augmented reality– ‘AR’ — in cybersecurity

New ‘Lucid’ Phishing Platform Abuses iMessage, Android RCS to Slip Past Defenses

How threat actors can use generative artificial intelligence?

LW ROUNDTABLE: Predictive analytics, full-stack visualization to solidify cyber defenses in 2025

From Notifications to Deepfakes: How Human Behaviour Is Shifting and What It Means for Cybersecurity

RSAC Fireside Chat: IRONSCALES utilizes LLM, superior intel to stay a step ahead of Deep Fakes

GUEST ESSAY: The rise of ‘PhaaS’ — and a roadmap to mitigate ‘Phishing-as-a-Service’

How Phishers Are Slinking Their Links Into LinkedIn

Report: The Dark Side of Phishing Protection

The Urgent Call: How a Phishing Email Pushed Buckeye Elementary to Strengthen Cyber Defenses

Level Up Your Security: Embrace Passkeys and Phishing-Resistant 2FA

Black Friday Triggers Near 700% Rise in Retail Cyber Scams

News Alert: Perception Point reports rates of ‘BEC,’ phishing attacks climb in the first half of 2023

Next-Gen Phishing Techniques – How Back-End Tech Made Scams More Effective

Bypassing 2FA with phishing and OTP bots

Voice Phishers Targeting Corporate VPNs

North Korean Hackers Target Brazilian Fintech with Sophisticated Phishing Tactics

Phishing attacks target mobile users via progressive web applications (PWA)

News alert: INE Security shares cyber hygiene guidance for small- and medium-sized businesses

Iran-Linked MuddyWater Deploys Atera for Surveillance in Phishing Attacks

Old Habits, New Threats: Why More Phishing Attacks are Bypassing Outdated Perimeter Detection

Report Shows Ransomware Has Grown 41% for Construction Industry

Operation ForumTroll: APT attack with Google Chrome zero-day exploit chain

Stay Connected