The Daily Swig: Machine learning technique detects phishing sites based on markup visualization

The Daily Swig: Machine learning technique detects phishing sites based on markup visualization. “Machine learning models trained on the visual representation of website code can help improve the accuracy and speed of detecting phishing websites. This is according to a paper (PDF) by security researchers at the University of Plymouth and the University of Portsmouth, UK. The researchers aim to address the shortcomings of existing detection methods, which are either too slow or not accurate enough.”

Ars Technica: Microsoft Outlook shows real person’s contact info for IDN phishing emails

Ars Technica: Microsoft Outlook shows real person’s contact info for IDN phishing emails. “This week, infosec professional and pentester DobbyWanKenobi demonstrated how they were able to trick the Address Book component of Microsoft Office to display a real person’s contact info for a spoofed sender email address by using IDNs. Internationalized Domain Names (IDNs) are domains consisting of a mixed Unicode character set, such as letters from both Latin and Cyrillic alphabets that could make the domain appear identical to a regular ASCII domain.”

PCWorld: Beware this new phishing attack that’s after your passwords!

PCWorld: Beware this new phishing attack that’s after your passwords!. “A classic bit of internet security advice just bit the dust. For ages, email users were told to hover their mouse over a link to see where it led—if you saw the URL of a legitimate website, you were in the clear. But on Tuesday, Microsoft shared details on a kind of phishing attack it’s seeing more frequently: Email with links that contain a known website at the start, but actually redirect to a malicious page.”

Techdirt: Copyright Scammers Getting More Sophisticated, Just As The US Is About To Make It Easier For Them

Techdirt: Copyright Scammers Getting More Sophisticated, Just As The US Is About To Make It Easier For Them. “These scams are different than standard copyright trolling, in which there may even be a kernel of truth in the initial copyright claim. Here, the scammers are just phishing for logins or other private data, and using the ridiculously overbroad power of copyright statutory damages to frighten people into coughing up the information. And, not surprisingly, the scam is evolving.”

Microsoft: Evasive Office 365 phishing campaign active since July 2020 (Bleeping Computer)

Bleeping Computer: Microsoft: Evasive Office 365 phishing campaign active since July 2020. “Microsoft says that a year-long and highly evasive spear-phishing campaign has targeted Office 365 customers in multiple waves of attacks starting with July 2020. The ongoing phishing campaign lures targets into handing over their Office 365 credentials using invoice-themed XLS.HTML attachments and various information about the potential victims, such as email addresses and company logos.”

Krebs on Security: Phishing Sites Targeting Scammers and Thieves

Krebs on Security: Phishing Sites Targeting Scammers and Thieves. “I was preparing to knock off work for the week on a recent Friday evening when a curious and annoying email came in via the contact form on this site: ‘Hello I go by the username Nuclear27 on your site Briansclub[.]com,’ wrote ‘Mitch,’ confusing me with the proprietor of perhaps the underground’s largest bazaar for stolen credit and identity data. ‘I made a deposit to my wallet on the site but nothing has shown up yet and I would like to know why.’”

Wired: AI Wrote Better Phishing Emails Than Humans in a Recent Test

Wired: AI Wrote Better Phishing Emails Than Humans in a Recent Test. “NATURAL LANGUAGE PROCESSING continues to find its way into unexpected corners. This time, it’s phishing emails. In a small study, researchers found that they could use the deep learning language model GPT-3, along with other AI-as-a-service platforms, to significantly lower the barrier to entry for crafting spearphishing campaigns at a massive scale.”

TechRadar: Google Docs is being weaponized by hackers

TechRadar: Google Docs is being weaponized by hackers. “Web-based word processor Google Docs is being actively exploited to disguise dangerous web domains, security analysts have warned. As discovered by security firm Avanan, cybercriminals have found a way to conceal attacks behind standard Google Docs URLs, which can be delivered to victims via email without triggering security software.”

Phishing SCAM Alert: Beware of Fake Email from an “Experienced Photographer and Illustrator” Claiming Copyright Infringement (SangFroid Web)

SangFroid Web: Phishing SCAM Alert: Beware of Fake Email from an “Experienced Photographer and Illustrator” Claiming Copyright Infringement. “We have received reports from clients about a malicious scammer named ‘Mel’ (‘Mellie’ in one case and ‘Melina’ in the other) filling out their website form, and very aggressively claiming copyright infringement. The email arrives via your website contact form and accuses you of using copyrighted website images and asks you to click on a link to see the list of the images that are in violation. (DON’T CLICK THE LINK.) The writer threatens to file a complaint with your hosting company and sue you.” The one I got, the person was named Rochelle.

SC Magazine: Hackers rush to new doc builder that uses Macro-exploit, posing as DocuSign

SC Magazine: Hackers rush to new doc builder that uses Macro-exploit, posing as DocuSign. “Researchers at Intel471 have identified a new malicious document builder that has gone from a new, relatively unknown exploit to being incorporated into the attack chains of top cybercriminal groups in less than a year. The builder, dubbed EtterSilent, comes in two flavors: one version exploits an old remote code execution vulnerability in Microsoft Office and another uses a Macro-based exploit and is designed to look like DocuSign, a popular software program that allows individuals or businesses to electronically sign documents.”

The Register: Scammers tried slurping folks’ login details through 70,000 coronavirus-themed phishing URLs during 2020

The Register: Scammers tried slurping folks’ login details through 70,000 coronavirus-themed phishing URLs during 2020. “In a post published today, Palo Alto’s Unit 42 threat intel division said COVID-themed phishing lure URLs ‘largely centered around Personal Protective Equipment (PPE) and testing kits in March 2020, government stimulus programs from April through the summer 2020 (including a fake US Trading Commission website that posed as the US Federal Trade Commission in order to steal user credentials) and vaccines from late fall 2020 onward.’ It added that it had seen 69,950 phishing URLs between January 2020 and January 2021 which focused on ‘COVID-related topics’.”

BetaNews: Phishing campaign uses US tax season to lure victims

BetaNews: Phishing campaign uses US tax season to lure victims . “Researchers at Cybereason have detected a new campaign targeting US taxpayers with documents that purport to contain tax-related content. These deliver NetWire and Remcos — two powerful and popular RATs which can allow attackers to take control of the victims’ machines and steal sensitive information. The malicious documents used are roughly 7MB in size, which allows them to evade traditional AV mechanisms and heuristic detection.”