Phishing News, Articles and Updates

Twitter adds U2F support and other features to prevent phishing, spam and fake accounts

The new feature will help protect users from remote attacks because unlike text message codes which can be intercepted, U2F uses a physical device such as a two-factor keyfob which requires a user to push a button to authorize a login.

Threat actors behind Necurs rolling out new abilities on a monthly basis

Even after six years in the wild, the team behind the Necurs is finding new uses for its malware botnet.

539 percent uptick in attacks targeting consumer-grade routers since, study

The first quarter of 2018 saw a dramatic increase in the number of cyberattacks targeting consumer-grade routers.

Fake WannaCry sent via phishing emails

Cybercriminals are once again looking to extort victims by piggybacking off the success of WannaCry with their own scareware demanding bitcoin based on fear rather than an actual ransomware attack.

Cybercriminals attempt to score using FIFA World Cup phishing emails

Considering the number of scams popping up that use the FIFA World Cup as part of their social engineering scheme it would appear cybercriminals have been preparing for the tournament for as long as the teams now competing in Russia.

MuddyWater trojan campaign adds a few new notes

The malicious actors behind the MuddyWater campaign have given the malware a facelift changing the way the malicious files are executed and altering the social engineering used to entice its victims to open the infected Word document.

HealthEquity breach exposes PII of 23,000 customers

About 23,000 accounts have been compromised by a data breach that took place at HealthEquity when an employee fell for a phishing scam.

Law enforcement operation scoops up 74 BEC scammers

In a wide-ranging operation, six-month-long operation that spanned three continents 74 individuals were arrested for operating a large-scale business email compromise (BEC)scheme.

Sofacy rolls our Zebrocy toolkit to hit government targets

The Russian APT cybergang Sofacy has rolled out a new campaign based on a seldom used attack tool called Zebrocy and is using it to target government, diplomatic and other strategic organizations primarily in North America and Europe.

Florida leads list of states with worst cyber hygiene, New Hampshire the safest

When it comes to cyber hygiene people who live in the Northeast are marginally more likely to have good habits, while those with poor habits are scattered liberally across the country, according to a new Webroot report.

RAT campaign targets Koreans with phishing lures featuring U.S.-North Korea summit

A remote access trojan that apparently went undiscovered for at least two years was found targeting Koreans in a spam campaign using the possible upcoming U.S.-North Korea nukes summit as a phishing lure.

Supermarket retailer CISO identifies millennials, sales and marketing pros as riskiest employees

Supermarket giant Ahold Delhaize has determined that the employees who engage in the riskiest cyber behavior tend to be sales and marketing professionals, high-level executives and millennials, according to the company's global CISO Carolyn Schreiber.

Cobalt shrugs off arrests, resumes cyberattacks on banks

The arrest of several leaders of the Cobalt cybergang, including its leader, has not stopped the group from launching additional attacks with the most recent being tracked late last week.

Scammers using FIFA World Cup as a lure

The FIFA World Cup is set to start in less than two weeks, and just like the Seoul Winter Olympics cybercriminals are lining up to take advantage of fans searching for tickets or deals.

Roaming Mantis malicious redirection campaign preys on Android, iOS and PC users

A recently discovered a DNS hijacking campaign that was found spreading banking trojan malware to Android smartphone users largely in Asia has expanded it reach to iOS and PC users as well, while targeting speakers of 27 different languages.

Two alleged Syrian Electronic Army members indicted for spear phishing and defacement campaign

U.S. prosecutors filed an indictment yesterday for two alleged Syrian Electronic Army hacktivists who are accused of compromising news media websites and social media accounts in order to spread propaganda supporting the regime of Sryian president Bashar al-Assad.

New Apple ID phishing operation protects web assets with AES encryption

A recently discovered email phishing campaign was found targeting Apple ID credentials, while using AES encryption to thwart active countermeasures against their malicious website.

Vega Stealer malware targeting marketing, public relations and advertising sectors

Researchers have come across a new ransomware variant named Vega Stealer that is taking special aim at those in the marketing, advertising, public relations and retail/manufacturing industries.

USB drive sniffing K-9 helps capture student hacker

A San Francisco Bay-area student accused of hacking his school's computer system to change grades was captured with the aid of a K-9 unit when its dog was able to sniff out a thumb drive holding incriminating evidence.

Cybercrime losses exceed $1.4B in 2017

Two of the top three crimes, non-payment/non-delivery, and personal data breaches were also in the top spot in 2016 while phishing beat out 419/overpayment scams which dropped to fourth place in 2017, affecting only 23,135 victims compared to the 25,716 victims in 2016.

Phishing campaign aimed at Airbnb guests uses GDPR hook

Phishing emails supposedly from Airbnb hosts seem to be directed to business addresses and ask potential victims to accept a new privacy policy in the lead up to GDPR.

Cyberattack map shows impacted U.S. school districts

A group called the K-12 Cybersecurity Resource Center has created an interactive incident map that shows all of the school districts in the U.S. that have been affected by a cyberattack since 2016.

Michigan man gets 7 years for hacking jail computer to spring inmate

A Michigan man was sentenced to 87 months behind bars for illegally accessing a county government computer in an attempt to spring a county jail inmate early.