Bleeping Computer: Persuasive Office 365 phishing uses fake Zoom suspension alerts

Bleeping Computer: Persuasive Office 365 phishing uses fake Zoom suspension alerts. “Microsoft Office 365 users are targeted by a new phishing campaign using fake Zoom notifications to warn those who work in corporate environments that their Zoom accounts have been suspended, with the end goal of stealing Office 365 logins.”

PR Newswire: Cofense Launches Free Resource Center and Searchable Database Highlighting the Latest Phishing Attacks that Bypass Email Security Technologies (PRESS RELEASE)

PR Newswire: Cofense Launches Free Resource Center and Searchable Database Highlighting the Latest Phishing Attacks that Bypass Email Security Technologies . “Cofense®, the global leader in intelligent phishing defense solutions, today launched a comprehensive resource center and easy-to-use Real Phishing Threats searchable database to help organizations see the phishing threats that slip past their secure email gateways (SEG).”

The Asian Age: Google detects coronavirus-themed phishing attacks by firms in India posing as WHO, banks

The Asian Age: Google detects coronavirus-themed phishing attacks by firms in India posing as WHO, banks. “Hack-for-hire firms, many of them based in India, are creating accounts spoofing the World Health Organisation (WHO) and targeting business leaders in financial services, consulting, and healthcare corporations in the US, the UK and Bahrain among other countries amid the COVID-19 pandemic, according to a report by Google.”

The Register: To test its security mid-pandemic, GitLab tried phishing its own work-from-home staff. 1 in 5 fell for it

The Register: To test its security mid-pandemic, GitLab tried phishing its own work-from-home staff. 1 in 5 fell for it. “Code hosting biz GitLab recently concluded a security exercise to test the susceptibility of its all-remote workforce to phishing – and a fifth of the participants submitted their credentials to the fake login page.”

BetaNews: COVID-19 scam sites pass quarter of a million

BetaNews: COVID-19 scam sites pass quarter of a million. “The first quarter of this year has seen a massive growth in phishing and counterfeit pages, with around a third of them related to COVID-19. A new report from fraud prevention company Bolster shows that it detected 854,441 confirmed phishing and counterfeit pages and four million suspicious pages, with more than a quarter of a million devoted to COVID-19.”

The Verge: Hackers are impersonating Zoom, Microsoft Teams, and Google Meet for phishing scams

The Verge: Hackers are impersonating Zoom, Microsoft Teams, and Google Meet for phishing scams. “Hackers have registered domains posing as Zoom, Microsoft Teams, and Google Meet-related URLs, according to a new report from Check Point Research. As significantly more people are using these videoconferencing services during the COVID-19 pandemic, the domains could be used to pose as official links, potentially tricking people into downloading malware or accidentally giving a bad actor access to personal information.”

Neowin: Google is blocking 18 million coronavirus-related scam emails on a daily basis

Neowin: Google is blocking 18 million coronavirus-related scam emails on a daily basis. “Amidst the coronavirus crisis, there has been a lot of misinformation going around, including fake virus cures, deceptive ads, and attempts to link the virus to 5G networks. In that vein, Google has detected a spike in phishing attacks in which criminals attempt to deceive users into revealing personal information. “

Google Blog: Identifying vulnerabilities and protecting you from phishing

Google Blog: Identifying vulnerabilities and protecting you from phishing. “Google’s Threat Analysis Group (TAG) works to counter targeted and government-backed hacking against Google and the people who use our products. Following our November update, today we’re sharing the latest insights to fight phishing, and for security teams, providing more details about our work identifying attacks against zero-day vulnerabilities.”

A Database of Coronavirus Phishing Scams

Spotted on Reddit: Coronavirus Phishing Scams. “Hackers are taking advantage of the coronavirus chaos to trick people into handing over personal details, sensitive information and money. Hundreds of thousands of Covid-19 emails are being sent every week and some cyber security experts say the virus has become the largest theme for phishing scams in years, if not ever. This site collates them and categorises them by attributes.”

Washington Post: Hackers are seizing on coronavirus fears to steal data, researchers and U.S. regulators warn

Washington Post: Hackers are seizing on coronavirus fears to steal data, researchers and U.S. regulators warn. “Chinese hackers have used fake documents about the coronavirus to deliver malicious software and steal sensitive user information, according to a report Thursday from researchers documenting a growing wave of cybercrime exploiting fears about the global pandemic.”

Ars Technica: Anatomy of a dumb spear-phish: Hitting librarians up for Zelle, CashApp cash

Ars Technica: Anatomy of a dumb spear-phish: Hitting librarians up for Zelle, CashApp cash. “Here’s a clue for would-be Internet financial scammers: do not target librarians. They will catch on fast, and you will have wasted your time. Yesterday, the outgoing chair of the Young Adult Library Services Association’s Alex Awards Committee (and my wife) Paula Gallagher got a very odd email that purported to be from a colleague within her library system who is a member of YALSA’s board. The email asked, ‘Are you available to complete an assignment on behalf of the Board, And get reimbursed? Kindly advise.'”

FBI: FBI Releases the Internet Crime Complaint Center 2019 Internet Crime Report

FBI: FBI Releases the Internet Crime Complaint Center 2019 Internet Crime Report. “The FBI’s Internet Crime Complaint Center (IC3) 2019 Internet Crime Report includes information from 467,361 complaints of suspected Internet crime, with reported losses in excess of $3.5 billion. The top three crime types reported by victims in 2019 were phishing/vishing/smishing/pharming, non-payment/non-delivery, and extortion.”

Engadget: Phishing scams leveled up, and we didn’t

Engadget: Phishing scams leveled up, and we didn’t. “More than a bit of ‘I’m smarter than you’ politics creates the divide between hacking headlines and what we actually need to worry about. On one side, researchers present findings at conferences hoping someone will raise the alarm and practical things will get done before things get worse. On the other, we have Jeff Bezos and his iPhone.”

Bleeping Computer: Emotet Gets Ready for Tax Season With Malicious W-9 Forms

Bleeping Computer: Emotet Gets Ready for Tax Season With Malicious W-9 Forms. “Whether it is holiday party invites, invites to climate change protests, or even information about the Coronavirus, the operators of the Emotet Trojan are known to stay on top of current and upcoming events and tailor their spam emails accordingly. This is the case with a new campaign discovered by email security company Cofense, where the Emotet operators are sending spam pretending to be a requested signed W-9 tax form.”