Phishing News, Articles and Updates

Report: Multiple groups likely collaborating on Shamoon malware campaign

Analysis of the 2016-2017 Shamoon malware attacks against Saudi organizations suggests that multiple hacker groups may be collaborating on this effort on behalf of a nation-state actor, according to a new report.

Paid in the USA: Americans more likely to pony up when infected with ransomware

The U.S. suffered 34 percent of global ransomware infections last year - and it's no wonder why, with 64 percent of Americans willing to pay to retrieve their encrypted files, compared to 34 percent of victims worldwide, according to Symantec.

Cat, Mouse, RAT?: Felismus poses powerful threat

Researchers spotted a remote access trojan (RAT) dubbed Felismus which has a modular construction that allows it to hide or extend its capabilities.

Trend Micro breaks down Pawn Storm tactics, methods and goals

An in depth look at the cyberespionage gang Pawn Storm by Trend Micro reveals an incredibly complicated and capable group that has penetrated several important political and government organization and for the most part has done so on the back of one of the most basic attack methodologies available. Phishing.

Asian Interpol operation finds nearly 9,000 CnC servers

Investigators from seven Southeast Asian nations collaborated on a joint Interpol operation that identified approximately 8,800 C2 servers in eight countries and nearly 270 compromised websites, including government portals.

Iowa veterans warned of possible data breach

On April 21, the Iowa Veterans Home (IVH) began notifying thousands of residents, former residents and applicants that their personal information may have been compromised.

Hackers launch Delta fake ticket receipt scam

Heimdal Security researchers spotted fraudsters sending phishing emails under the guise of blank Delta Airlines' ticket confirmations.

MYOB phishing campaign wants to mind your business

MailGuard researchers spotted a phishing campaign impersonating Australian payment solutions software firm MYOB in order to spread malware.

ROKRAT using Twitter, other social media as command and control link

Security researchers at Cisco Talos explain how the ROKRAT malware is leveraging social media to hide its C&C communications in plain sight.

World of Warcraft phishing attack offer free pets

Malwarebytes researcher Chris Boyd spotted a phishing campaign offering World of Warcraft (WoW) players free pets.

With March Madness in full swing, online scams go for the steal

Alley-OOPS! March Madness fans scouring the web for bracket contests and live game streams instead may find themselves all fouled up by online scams, Zscaler reported in a blog post this week.

Saudi Arabia hit with cyberespionage spearphishing campaign

About a dozen Saudi Arabian agencies were singled out for spearphishing attacks aimed at placing cyberespionage malware on government computers using an infected Word document.

Lithuanian arrested in $100 million multinational BEC whaling fraud

A Lithuanian national has been arrested for defrauding two major tech companies out of $100 million by pretending to be a business affiliate.

BEC attacks up 45% and gaining in sophistication: Proofpoint

Proofpoint reports a 45 percent increase in business email compromise (BEC) attacks during the closing months of 2016.

Demi Lovato nudes leaked, scammer targets private citizens for sex shows

A spearphishing scammer demanded a sex show from a private citizen after obtaining the victim's email credentials.

IRS warns of new, last minute tax scams

With tax scammers redoubling their efforts in the waning days of the 2017 tax season, the Internal Revenue Service (IRS) issued a warning to tax professionals and citizens to be on the lookout for last-minute scams.

Government contractor Defense Point Security hit with W-2 scam

The cybersecurity firm Defense Point Security that holds several government contracts told its employees it was hit with a W-2 phishing scam resulting in the exposure of all the personally identifiable information.

Spam hitting Germans with personalized messages

A spam campaign that targets recipients with personalized messages is spreading in Germany, similar to a previous scourge there earlier this year and another that spread in the U.K. in April 2016.

Report: Cloud-based spyware NexusLogger sold in guise of 'parental monitoring tool'

A new cloud-based keylogger has hit the market, resulting in a small number of cybercriminals attempting to infect businesses and collect keystrokes, system information, stored passwords, screenshots, and game credentials.

IT pros fear cyberespionage may be top 2017 threat

A recent Trend Micro study found 20 percent of IT leaders believe cyberespionage will be the top threat of 2017.

U.S. Air Force personnel data exposed on internet

A United States Air Force officer mistakenly exposed not only the personally identifiable information (PII) of many service members, but also the records of on-going criminal investigations and instructions for recovering encryption keys for military documents.

Symantec finds fake AV being distributed using HSBC phishing emails

Fake HSBC emails are being spread, asking users to install a malicious version of Rapport, a legitimate security program designed to protect online bank accounts from fraud.

Cybercriminal's skills now on par with nation states: Mandiant

There was some good news reported in Mandiant's M-Trends 2017 report, but this was heavily outweighed by many negative points.

Bold phishers use Australian myGov to pull PII

Australians need be aware of a phishing campaign utilizing that nation's myGov website as the hook to have its targets unknowingly give up an absolute treasure trove of personal information.