An ongoing email-based phishing scam is attempting to fool recipients into opening malicious attachments disguised as notifications from the U.S. Department of Homeland Security (DHS), according to the Cybersecurity and Infrastructure Security Agency, in a warning posted on the official US-CERT web site this past Tuesday. “The email campaign uses a spoofed email address to…
A technique of using Google Calendar invites and events as spam is gathering volume, according to researchers. The mechanics are relatively simple: an attacker crafts an unsolicited calendar invitation carrying a link to a phishing URL, which is sent to the user’s Gmail or G Suite address. By default, smartphone Gmail will automatically add events…
The IRS once again is warning taxpayers to be on the lookout for phishing scams even after tax season has ended. The agency has identified two new variations of tax related scams with one threatening to cancels a victim’s social security while the other claims to threaten victims with an IRS lien or levy, according…
A newly discovered malicious backdoor by the name of Hawkball was recently observed in a campaign apparently targeting one or more Russian-speaking government entities in Central Asia, according to a blog post this week from FireEye Labs. Upon successful infection, Hawkball offers the unidentified attackers a range of malicious capabilities, writes FireEye blog post author…
By Stu Sjouwerman Since the very dawn of organized phishing attacks, the bad guys have recognized the power of exploiting trusted brands and online services. Our original experience with phishing was defined by spoofed emails purporting to hail from popular banks. Their objective was simple: trick users into coughing up their online banking credentials with…
The Indiana Pacers franchise, Pacers Sports & Entertainment (PSE), fell victim to a phishing attack which resulted in unauthorized gaining access to emails containing personal information related to a limited number of individuals. The threat actors accessed emails containing names, addresses, dates of birth, passport numbers, medical and/or health insurance information, driver’s license/state identification numbers,…
Scammers are promising full movie downloads for the Marvel blockbuster “Avengers: Endgame.” The scam is similar to others that promise users free content and begins with eager fans who are promised either a download or a full viewing of the film. Streaming begins without incident but then users are prompted to create an account to…
Researchers have noticed a recent upswing in attacks against banks featuring the Retefe banking trojan, following what was apparently a fairly quiet 2018 for the malware. The trojan is historically known for targeting the banking industry in countries like Austria, Sweden, Switzerland and the UK. Rather than using malicious web injects to execute man-in-the-browser attacks…
The motivation behind phishing attack that struck the Indian IT consultancy firm Wipro in April may surprisingly be gift card fraud, according to a new Flashpoint report. Flashpoint researchers Jason Reaves, Joshua Platt and Allison Nixon said the far-ranging attack that hit dozens of Wipro employees gave the malicious actors access to more than 100…
Fitness retailer Bodybuilding.com last Friday disclosed that an unauthorized party used a phishing scam to gain access to systems containing its customer data. According to an FAQ page posted on its website, the Boise, Idaho-based retailer discovered the breach incident in February 2019, roughly seven months after the phishing email was received in July 2018.…
