Phishing News, Articles and Updates

Beware Catphishing attacks targeting the hearts of security pros

Malwarebytes researchers are warning IT workers seeking love online to beware "CatPhishing" scams which can leave entire companies devastated.

Marcher banking trojan campaign attacks Austrians' finances three different ways

An attack campaign targeting Android users in Austria has been employing a unique trio of techniques to steal their funds: a credentials phishing web page, malicious banking app overlays, and credit card phishing screens.

Russian hackers altered Clinton campaign email, part of broader initiative

The altered missive came from Campaign Chairman John Podesta's email. Podesta was netted in a phishing campaign.

QtBot downloader discovered in geo-based Locky-Trickbot campaign

Researchers from Palo Alto Networks have uncovered QtBot, an intermediate-stage downloader that helps to deliver the final payload in geography-based Locky-Trickbot malspam campaigns.

Land of the rising trojan: Ursnif banking malware surges in Japan

Malspam campaigns designed to spread the Ursnif banking trojan have been heavily targeting Japanese banks and payment card providers in 2017, especially since this past September, according to IBM's X-Force research.

Swiss phishing scam aims to download Retefe banking trojan

The details of a phishing campaign currently being run in Switzerland that uses a tax dodge to entice its victims to open an attached file which will then download the Retefe banking trojan have been released by PhishMe.

Third man pleads guilty in Celebgate case

A 32-year-old Chicago man is reportedly facing a maximum five years in prison after agreeing to plead guilty to hacking celebrities' Gmail and iCloud accounts in order to obtain their nude photos and videos.

DHS, FBI issue warning and details concerning on-going ICS attacks on power, aviation sectors

The Department of Homeland Security (DHS) and the FBI issued a joint alert concerning an advanced persistent threat targeting the government and organizations in the energy, nuclear, water and manufacturing sectors.

Dept. of Education warns districts over extortion cyberattacks

The U.S. Department of Education issued a belated warning to the nation's school districts concerning cyberattacks that use threats of violence against students in an attempt to extort money from the district.

Office 365 joke: KnockKnock, Who's there? Botnet malware

Microsoft's already battered Office 365 is once again being targeted, this time by KnockKnock, a botnet attack designed to specifically victimize the office productivity software suite.

Spammed in 30 minutes or less: Domino's Australia warns of email campaign, third-party breach

Domino's Pizza Australia has disclosed that a data breach at one of its third-party suppliers may have resulted in a spam campaign aimed at customers of the restaurant and food delivery chain.

DHS will order agencies to adopt DMARC, https

DHS Acting Secretary Elaine Duke, will release a binding order requiring agencies to comply with DMARC plan within 30 days and https within 120 days.

TrickBot tests waters in Latin America in expansion of global reach

The cybergang behind the Trickbot banking trojan appears to have set its sights on Latin American as it continues to expands its list of global targets.

Phishers imitate SEC, abuse Microsoft feature, to distribute DNSMessenger malware

A spear phishing campaign impersonating the SEC was recently discovered attempting to infect victims with DNSMessenger malware, using malicious Word attachments that abuse Microsoft Windows' Dynamic Data Exchange (DDE) protocol.

North Korea spearphishing campaign aimed at U.S. power grid

FireEye called the attempt "early-stage reconnaissance" and believes North Korean operatives don't have the capability to disrupt the power supply.

Top 5 anti-phishing training programs

With phishing and business email compromise-style attacks the primary methods used by cybercriminals to gain access to an organization, it is imperative that employees be taught what to look out for when going through their email. So SC Media asked some top cybersecurity executives for their best training tips.

Job seekers, freelance journalists targeted in Atlantic Magazine scam

Freelance writers were the targets of a phishing scam when they received emails purportedly from editors at The Atlantic offering non-existent jobs.

6,000 Atlanta Public School employees possibly compromised

Federal investigators have warned the Atlanta Public School system that all 6,000 of its employees may have had their personal information compromised due to a phishing scam.

Locky is coming: Ransomware campaign uses Game of Thrones-themed scripting variables

A Lannister always pays his debts. And you, too, may have to pay up if you become infected with Locky ransomware, delivered in an email distribution campaign that uses Game of Thrones references in its scripting variables.

Election season spam correlates with the polls, study

A recent study on election spam found spammers use candidates with the strongest brands in their lures.

Sour notes: OurMine hackers briefly post private files from Vevo music video service

The OurMine hacking collective broke into the servers of music video hosting service Vevo and posted approximately 3.12 terabytes of stolen documents, in an unusually aggressive attack by the group.

LinkedIn Premium accounts being used in phishing scam

LinkedIn and Wells Fargo have found themselves once again at the center of a cyber issue, but this time hackers are using the business-oriented social media site to send phishing InMails posing as a Wells Fargo messages.

Return of the EMOTET Trojan, spreads via spambots

Trend Micro researchers spotted the return of the EMOTET trojan, this time spreading via Spam bots.

Major malspam campaign pushing Locky ransomware via spoofed internal email addresses

A large malspam campaign using spoofed email addresses has attempted to infect recipients with ransomware in roughly 20 million detected attacks since Tuesday, researchers from Barracuda Networks have reported.