Gov info security logo
Phishing Attack Uses Fake Google reCAPTCHA
March 7, 2021
GovInfoSecurity
A Microsoft-themed phishing campaign is using phony Google reCAPTCHA in an attempt to steal credentials from senior employees of various organizations, a new report by security firm Zscaler says. The company says it prevented more than 2,500 phishing emails tied to the campaign.
Read More
Pymnts logo
While the threat of cyberattacks continues to impact organizations directly, businesses of all sizes are also facing threats from their own supply chains. The latest data suggests that the business email compromise (BEC) scam continues to plague firms and their banking partners, with cybercriminals going after business partners and suppliers, and expanding their target base from there. PYMNTS rounds up the latest stats from this threat, plus more stories in the world of B2B fraud, below.
Read More
Symbol gray 01b
Abnormal Security, a next-generation cloud email security company, today released a new threat research report that reveals an 82% increase in the chance of companies getting attacked through SolarWinds-style vendor email compromise (VEC) during any given week
Read More
Enterprise security tech logo
Abnormal Security, a next-generation cloud email security company, today released a new threat research report that reveals an 82% increase in the chance of companies getting attacked through SolarWinds-style vendor email compromise (VEC) during any given week. The company also found that these attacks can be very costly as it recently detected and stopped a $1.6M VEC attack.
Read More
Beta news logo
The supply chain attack involving SolarWinds software last year has caused ripples throughout the cybersecurity industry, not least because it went undetected for nine months. The attack was able to bypass traditional email security by exploiting trusted communications routes between vendors and customers. A worrying new report from Abnormal Security shows that this technique is becoming a mainstream attack vector.
Read More
Cybersecurity dive logo
While SolarWinds has garnered much of the attention following disclosure of a sophisticated nation-state attack, companies are asking about the role of Microsoft Office 365 in the compromise. Larger questions persist about the overall security of one of the world's largest email and productivity applications.
Read More
Bleeping computer logo
Threat actors are sending phishing emails impersonating a Small Business Administration (SBA) lender to prey on US business owners who want to apply for a Paycheck Protection Program (PPP) loan to keep their business going during the COVID-19 crisis. PPP allows businesses to apply for an SBA loan designed to help them keep their workforce employed throughout the current pandemic.
Read More
Threat post logo
Two new phishing tactics use the platform’s automated responses to evade email filters. Two fresh business email compromise (BEC) tactics have emerged onto the phishing scene, involving the manipulation of Microsoft 365 automated email responses in order to evade email security filters.
Read More
Data breach today logo
Hackers Leave Stolen Email Credentials Exposed
January 22, 2021
Data Breach Today
Hackers waging a phishing campaign stole more than 1,000 corporate email credentials and then stored the stolen data in a database accessible via a simple Google search, Check Point Research says.
Read More
Tech republic logo
The FBI is cautioning companies to beware of a slew of voice phishing attacks aimed at capturing the login credentials of employees. In an advisory released last Thursday, the FBI revealed that as of December 2019, cybercriminals have been working together on social engineering campaigns targeting employees at large firms both in the US and abroad. The criminals are taking advantage of VoIP platforms to launch voice phishing, or vishing, attacks.
Read More
Security intelligence logo
Text phishing scammers are targeting New York state drivers with messages asking them to update their driver’s licenses. Using the ongoing adoption of the REAL ID Act of 2005 in an attempt to make the scam sound legitimate, the attackers have used three specific text phishing messages, the New York State Department of Motor Vehicles (DMV) said in December 2020.
Read More
The fintech times logo
Business Email Compromise attacks are a form of cybercrime that uses email fraud in order to attack organisations and is considered to be one of the most profitable and prevalent forms of attacks conducted by cybercriminals.
Read More
Bank info security logo
In an alert, the Australian Cyber Security Center notes hackers posing as ACSC employees are sending emails requesting that recipients download antivirus software. When the victim clicks on a link, malicious code that can steal banking credentials is downloaded onto the compromised device.
Read More
Forbes logo
Amid the crisis, companies scrambled to create new services for remote workers and students, beef up online shopping and dining options, make customer call centers more efficient and speed development of important new drugs.
Read More
Ooda loop logo
Scammers were able to spoof the New York Department of Labor, sending out emails to thousands of residents from the domain “noreply@labor.ny .gov,” claiming to be sending Covid-19 relief money. The emails bear the NY state logo and capitalize on struggling Americans seeking to claim Covid-19 stimulus checks.
Read More
Gov info security logo
FBI Warns of COVID-19 Vaccine Fraud Schemes
December 24, 2020
GovInfoSecurity
The FBI is warning that fraudsters are exploiting the recent news surrounding the availability of COVID-19 vaccines to launch schemes to steal personal information and money. The warning issued this week included input from the U.S. Department of Health and Human Services Office of Inspector General and the Centers for Medicare and Medicaid Services.
Read More
Enterprise security tech logo
Today, Abnormal Security published research on an email attack campaign designed to prey on shoppers eagerly awaiting ecommerce deliveries leading up to the holidays. In this attack, malicious actors impersonate a USPS package tracking page to steal credit card credentials from unsuspecting customers.
Read More
Toms guide logo
Scammers and phishers are trying to steal your money and your personal information with fake schemes promising to get you the COVID-19 vaccines, warn the FBI and two other federal agencies.
Read More
Bank info security logo
A recently uncovered phishing campaign is spoofing messages from the New York State Department of Labor, claiming to offer $600 as part of a COVID-19 relief program, according to researchers at Abnormal Security. The goal is to harvest personally identifiable information.
Read More
Info security magazine logo
Phishers Spoof New York Department of Labor
December 22, 2020
Infosecurity Group
Scammers are impersonating New York State's Department of Labor to steal personal information from state residents seeking to claim money from a COVID relief fund. Targets are sent an email bearing the state logo that appears to come from “noreply@labor.ny.gov.” The email states that by activating their account, the recipient will receive $600 in pandemic aid.
Read More
Dark reading logo
A new scam using an IRS form as its mechanism has been found targeting users of Google's G Suite, with as many as 50,000 executives and "important" employees affected so far. The campaign, discovered and reported by researchers at Abnormal Security, claims to contain an IRS W-8BEN form in PDF format.
Read More
Health it security logo
Recent spear-phishing campaigns are again targeting Microsoft Office 365 users in an effort to steal user credentials, while one campaign spoofs Microsoft Exchange Online Protection (EOP), according to recent reports from IRONSCALES and Abnormal Security. Nearly 200 million O365 users across the globe and particularly in the healthcare, insurance, financial services, manufacturing, utilities, and telecom sector.
Read More
Bank info security logo
A spear-phishing campaign detected earlier this month that uses messages that appear to originate with legitimate companies is targeting enterprise users in an effort to steal Microsoft Office 365 credentials, according to a report from Abnormal Security. The fraudsters appear to have compromised hundreds of legitimate accounts to help craft realistic-looking emails, the researchers say.
Read More
It world canada
A new spearphishing email campaign has been detected aimed at stealing login usernames and passwords of users of Microsoft Office 365. According to a firm called Abnormal Security, victims get personalized email from impersonated business such as eFax.
Read More