Phishing News, Articles and Updates

Diagnosing employee phishing weaknesses key to improving email security

Administering a phishing test and training without knowing an employee's weakness is not only ineffective and expensive, but unlikely to teach workers how to avoid a phishing attack.

Scotland's government council heavily targeted by cyberattacks

Cybercriminals have been targeting Scottish government, universities and health organizations at a high rate with more than half of their local councils being hit since 2014

Newcastle University spoofed in phishing scam

While the fraudsters committed a few errors in phony site, those unfamiliar with the actual site, such as foreign exchange students might easily mistake it for real.

Prospective students tricked into handing over confidential information

Prospective Newcastle University students are being scammed into handing over details and making payments for fake courses.

'Unverified app' warning adds anti-phishing protection to G Suite

Google claims new 'unverified app' warning will cut down on phishing attacks from within G Suite by giving users information on potentially dodgy apps and scripts.

Time is Money: How many threat$ can you fit in a cyberminute?

We all know time is money but when it comes to cybercrime even a minute of down time could cost the mightiest of firms a hefty fine.

UPDATE: Wyden pushes DHS to adopt DMARC

The standard, which is not yet widely adopted by the federal government, including DHS, "would make it significantly harder for fraudsters and foreign governments to impersonate" agencies, Wyden wrote in a letter.

WhatsApp: 'your subscriptions up so please pay up,' phishing scam

ESET researchers warn users beware phishing messages purportedly from WhatsApp warning users their subscription is up.

OSX/Dok malware spread via phishing to steal banking credentials

Researchers spotted a phishing campaign combined with a man-in-the-middle (MiTM) attack to target Mac OS users and spread the OSX/Dok malware.

Oracle Access Manager servers open to session hijacking

Two Belgian security researchers have found a flaw with Oracle Access Manager (OAM) version 10g that 99 percent of the companies they checked on did not have properly configured thus leaving those organizations open to a specially crafted phishing attack.

As security gets tough, hackers revert to living off land, report

Symantec researchers spotted attackers increasingly making use of tools already installed on targeted computers.

Jayden K Smith Facebook friend request won't result in hack

A hoax warning is circulating Facebook urging users to decline a friend request from alleged hacker Jayden K Smith.

Reports: Feds issue alert after adversary breaches power plant business networks

Since May, foreign hackers have breached computer networks at 12 or more U.S. power plants, including nuclear facilities, prompting the FBI and DHS to issue an urgent amber warning to utility companies, according to reports.

AFA, AT&T to host CyberCamps for teens

The teens will sharpen their cyber skills and ethics, learning how to improve password security, avoid phishing lures and improve other network security skills under the tutelage of AFA employee experts at AT&T offices.

New York Supreme Court Justice fell for $1M phishing attack

New York State Supreme Court Justice Lori Sattler was duped out of more than $1 million while trying to sell her Upper East Side apartment and purchase another.

One quarter of Australian companies hit by phishing attack this week: Mailguard

The phishing attacks against Australian energy customers grew yesterday with Mailguard reporting an enormous number of phishing attempts made centered on fake Origin Energy bills.

Phishing scam hitting EnergyAustralia customers

Mailguard is reporting that a large number of malicious emails posing as a bill from EnergyAustralia is swarming across that nation.

FIN10 extorting companies in cyber schemes, FireEye

A cyber extortion group has been burrowing its way into enterprise networks, stealing data and then using their ill-gotten gains to demand ransom from victims.

Photo with ID requested in new PayPal phish

A new phishing scam is duping victims into sending selfies to a site they believe is PayPal, but is, in fact, harvesting their credit card data

Cybercriminals using phishing scams to steal cryptocurrencies

With the value of cryptocurrencies like bitcoin continuing to climb, cybercriminals are looking to expand the tricks they use to steal these virtual dollars.

Up to 'old' tricks: Hackers compromise Stanford University 'Biology of Aging" website for months

A Stanford University website was reportedly compromised for four months without detection, allowing hackers to abuse it to host malicious web shells, phishing kits and defacement images.

NY DMV warns drivers about traffic ticket phishing scam

New York drivers are being targeted in a phishing scam where an email they receive warns they have 48 hours to pay a fine or have their driver's license revoked.

Phishing scam compromises data on 25,000 individuals at University of Alaska

A phishing scam in December 2016 resulted in a data breach at the University of Alaska, affecting around 25,000 students, staff and faculty members, according to a report on Wednesday by local Anchorage NBC affiliate KTUU.

Tainted leaks technique tied, sort of, to Russia

A recent investigative study by the Citizen Lab connects Russian actors to the practice of stealing, negatively altering and then releasing documents in an effort to damage the personal reputation of government officials, candidates and journalists in dozens of countries.

LNK files again being used to deliver malicious PowerShell script

Cybercriminals have brought back an older attack vector using LNK files to execute PowerShell scripts to download malware.

Federal insider threats still not properly addressed despite progress

Federal agencies are setting up more formal insider threat prevention programs at a much higher rate but few have seen progress as a result.

DocuSign's stolen emails lead to phishing attacks

Threat actors are using stolen DocuSign customer emails in a phishing campaign to spread malicious Word Documents.

Bank of France customers targeted in phishing campaign

Cyber-criminals are attempting to steal credentials from French companies and consumers, yet the campaign is falsely attributed to the Bank of France.