Phishing news & analysis | SC Media

Phishing

Event invitation phishing scheme usurps efficacy of Microsoft, Google and Wells Fargo

A phishing campaign in multiple enterprise email environments purportedly protected by Proofpoint and Microsoft entices users with false event invitations in the form of .ics calendar invite attachments, Cofense Phishing Defense Center (PDC) reported. The convoluted scheme dupes recipients into thinking their bank accounts have been compromised, even though the ruse’s initial focus is stuffing…

Australia says state-based actor is behind surge of sophisticated cyberattacks

Australian Prime Minister Scott Morrison warned late last week that a sophisticated, state-sponsored cyber actor has been attacking the country’s government and corporate institutions, as well as critical infrastructure operators, with increasing regularity. Morrison did not name-and-shame the specific country that is responsible for the alleged attacks. But inside sources told Reuters that China is…

Report: Lazarus Group has large-scale Covid-19 phishing campaign in the works

North Korea’s Lazarus group is likely behind a planned coronavirus-related phishing campaign taking aim at more than 5 million businesses and people in the U.S. and five other countries June 21. “The hacking campaign involved using phishing emails under the guise of local authorities in charge of dispensing government-funded Covid-19 support initiatives,” researchers at Cyfirma…

Sapphire Software’s Nicholas Takacs asks: Is self-aware malware possible yet?

“Two can play at this game…” Cybersecurity is a non-stop arms race between white hats and malicious hackers, and the three “A’s” — automation, analytics and artificial intelligence — are among the more powerful defensive tools that CISOs can implement to defend their organizations. But cybercriminals can also potentially employ them to magnify their attacks…

Cyber snoops targeted aerospace, defense employees with fake job offers on LinkedIn

A cyber espionage operation used fake job offers, sent via LinkedIn messages, to target employees at aerospace and military companies in Europe and the Middle East late last year, researchers from ESET have reported. The highly targeted campaign — dubbed Operation In(ter)ception (an allusion to one malware sample’s file name) — took place from September…

Microsoft’s Kelley: Six principles that influence people to say yes can be leveraged to thwart social engineering

Behind nearly every cybersecurity incident there’s a person who was either unwittingly duped or with malicious intent breached an organization from the inside. But as the rich array of experts in the Awareness, Decisions & Devices: The Human Layer of Security track at InfoSec World 2020 can attest, it’s possible to boost awareness and spark…

Black Lives Matter phishing scam looks to spread TrickBot malware

Scammers often craft social engineering schemes around major crises and news events, as demonstrated by the wealth of coronavirus-themed phishing campaigns seen this year. Now, as massive U.S. and global protests continue following the May 25 killing of George Floyd at the hands of a Minneapolis police officer, a new phishing operation is attempting to…

German phishing scheme preyed on high-level execs needing PPE

One hundred German companies in need of personal protective equipment (PPE) such as facemasks and medical gear were targeted in a COVID-19 phishing scheme designed to steal and exfiltrate user credentials. IBM X-Force IRIS discovered unknown hackers erected a fake Microsoft login page connected to different Yandex email accounts, although it was unknown how many…

Phishing campaign targets remote workers with fake voicemail notifications

Looking for new angles to socially engineer employees working from home under COVID-19 conditions, attackers have devised a new phishing campaign that distributes emails that look as if they were generated by  Private Branch Exchange (PBX), a legacy technology that integrates with employees’ email clients so they can receive their voicemail recordings. In a company…

election hacking

Chinese, Iranian phishing campaigns target Biden, Trump campaigns

Joe Biden and Donald Trump’s campaigns may be worlds apart on issues and in style, but they share common cyber enemies, according to the Google Threat Analysis Group (TAG), which said both are the targets of phishing campaigns by nation-states like China and Iran. “Recently TAG saw China APT group targeting Biden campaign staff &…

Next post in Election Coverage