Phishing news & analysis | SC Media

Phishing

Phishing scam targets users of Stripe payment processing service

Cybercriminals have devised a phishing campaign that that takes aim at customers of the online payment processing company Stripe, with the intention to steal their credentials, compromise their accounts and presumably view their payment card data. The attackers employ two clever tricks to hide their malicious activity. First, they use a technique to block email…

njRat

TA505 debuts Get2 downloader and SDBbot RAT in new phishing campaigns

The cybercriminal group TA505 has developed a new downloader tool and remote access trojan (RAT), both of which were observed in a sequence of phishing campaigns that began this past September. The downloader, named Get2, has been used in campaigns to deliver a variety of secondary payloads, including the FlawedGrace and FlawedAmmyy RATs and Snatch…

Iran hackers targeted presidential campaign, journalists

A threat group, dubbed Phosphorus, that Microsoft believes to be linked to Iran’s government targeted email accounts associated with a presidential campaign as well as government officials, journalists and prominent Iranians living outside the country. “In a 30-day period between August and September, the Microsoft Threat Intelligence Center (MSTIC) observed Phosphorus making more than 2,700…

Power plant Russia

Second phishing campaign featuring LookBack malware targets U.S. utilities

A malicious threat actor continued to target the U.S. utilities sector with LookBack malware last August, launching a new phishing campaign that targeted organizations with emails impersonating a certification test administrator. Discovered earlier this year by researchers at Proofpoint, LookBack includes a proxy mechanism and a remote access trojan module. In July, the attackers behind…

Millions of YouTube accounts hijacked through phishing and compromised 2FA

Cybersecurity executives blamed YouTube’s continued use of multifactor authentication and relying on user credentials instead of more advanced forms authentication as the reasons behind why millions of accounts were hijacked over the last few days. The attackers used phishing attacks that convinced account owners to give up their Google account login credentials, used that information…

Restaurant Depot customers targets of phishing emails

Customers of commercial food service wholesaler Restaurant Depot received phishing emails asking for payment of an (attached) outstanding invoice or else the company would deduct the balance from their accounts. Some of those recipients began tweeting to the company’s customer service department with one noting that he “finally got through to tell them. They’re aware.…

The fairly convincing phishing scam is being hosted on a compromised EA Games server.

Fake résumé emails attempt to spread Ordinypt Wiper to German recipients

Attention German HR departments: You may want to cross off a certain “Eva Richter” from your list of employment candidates. Especially because her so-called résumé actually infects recipients with the destructive Ordinypt Wiper malware, according to a new report. The fake résumé phishing campaign began on Sept. 11 and is specifically aimed at German-speaking employers,…

Researchers: Iranian phishing campaign targets universities with fake library emails

The Mabna Institute, an Iranian firm whose members were indicted last year for cyberattacks against U.S. universities and other organizations, appears to have launched a new global phishing operation targeting the education sector last July and August. This past’s summer campaign follows the same basic m.o. as previous attacks that the same threat group has…

LYCEUM threat group targets oil and gas, critical infrastructure orgs in MidEast

A LYCEUM threat group targeting critical infrastructure entities – including oil and gas and telecommunications organizations in the Middle East – went undetected for more than a year, according to researchers at the Dell SecureWorks Counter Threat Unit (CTU). “Stylistically, the observed tradecraft resembles activity from groups such as COBALT GYPSY (which is related to…

The fairly convincing phishing scam is being hosted on a compromised EA Games server.

Instagram phishing scam uses fake 2FA code to appear trustworthy

Researchers recently spotted a sneaky phishing scam that uses a phony two-factor authentication request to trick email recipients into entering their Instagram login credentials. “Someone tried to log in to your Instagram account. If this wasn’t you, please use the following code to confirm your identity,” according to the fraudulent email, which provides a six-digit…

Next post in Cybercrime