Category: Phishing

Cyber-crime, Phishing

Phishing Campaign Targets Stripe Credentials, Financial Data

October 18, 2019

Via: Dark Reading

Researchers have spotted a new phishing campaign targeting credentials and financial data of people using the Stripe payments platform. Emails are disguised as alerts from Stripe support. Stripe enables e-commerce, facilitates payments, and helps run businesses with its software-as-a-service platform. […]

Email security, Phishing

BEC explodes as attackers exploit email’s identity crisis

October 9, 2019

Via: Help Net Security

850,000 domains worldwide now have DMARC records, a 5x increase since 2016, according to Valimail. However, less than 17% of global DMARC records are at enforcement — meaning fake emails that appear to come from those domains are still arriving […]

Cyber-crime, Phishing

Phishers continue to abuse Adobe and Google Open Redirects

September 30, 2019

Via: Security Affairs

Phishers are abusing Google and Adobe open redirects to bypass spam filters and redirect users to malicious sites. Crooks abuse Google and Adobe services to create URLs that point to malicious websites that anyway are able to bypass security filters […]

Email security, Phishing

Employees are mistakenly confident that they can spot phishing emails

September 26, 2019

Via: Help Net Security

While a majority (79%) of people say they are able to distinguish a phishing message from a genuine one, nearly half (49%) also admit to having clicked on a link from an unknown sender while at work, according to a […]

Cyber-crime, Phishing

Phishing Emails Deliver Amadey Malware to U.S. Taxpayers

September 19, 2019

Via: Security Week

Relatively new and fairly simple, the Amadey botnet is available for hire for cybercriminals. One of the threat groups to have used the botnet is TA505, which leveraged it to distribute the FlawedAmmy RAT and email stealers. The phishing campaign, […]

Email security, Malware, Phishing

Employers Beware: Microsoft Word ‘Resume’ Phish Delivers Quasar RAT

August 28, 2019

Via: Threat Post

Employers who receive an email from someone purporting to be a job applicant, with an attached resume, could fall victim to a difficult-to-detect phishing campaign peddling a remote-access tool used often for espionage. Researchers with Cofense said they have recently […]

Cyber-crime, Email security, Malware, Phishing, Security

Oil and Gas Firms Targeted By New LYCEUM Threat Group

August 27, 2019

Via: Threat Post

Researchers have identified a never-before-seen threat group targeting Middle East critical infrastructure organizations with novel malware, sent via spearphishing emails. The threat group, LYCEUM, was observed in 2019 sending spear phishing emails harboring malicious Microsoft Excel attachments to oil and […]

Malware, Phishing

Should you block newly registered domains? Researchers say yes

August 23, 2019

Via: Help Net Security

7 out of 10 newly registered domains (NDRs) are either malicious, suspicious or not safe for work, say Palo Alto Networks researchers, and advise organizations to block access to them with URL filtering. “While this may be deemed a bit […]


Facebook phishing surges, Microsoft still most impersonated brand

August 23, 2019

Via: Help Net Security

Vade Secure published the results of its Phishers’ Favorites report for Q2 2019. According to the report, which ranks the 25 most impersonated brands in phishing attacks, Microsoft was by far the top target for the fifth straight quarter. There […]

Cyber-crime, Email security, Phishing, Security

Energy Sector Phish Swims Past Microsoft Email Security via Google Drive

August 16, 2019

Via: Threat Post

A targeted spearphishing campaign has hit an organization in the energy sector – after using a savvy trick to get around the company’s Microsoft email security stack. According to Aaron Riley, a researcher from Cofense, the campaign impersonated the CEO […]