Tag Archives: phishing

Bleeping Computer: Bloomberg Crypto X account snafu leads to Discord phishing attack

Posted on by
Reply

Bleeping Computer: Bloomberg Crypto X account snafu leads to Discord phishing attack. “The official Twitter account for Bloomberg Crypto was used earlier today to redirect users to a deceptive website that stole Discord credentials in a phishing attack. As first spotted by crypto fraud investigator ZachXBT, the profile contained a link to a Telegram channel with 14,000 members, further pushing visitors to join a fake Bloomberg Discord server with 33,968 members.”

CISA: CISA, NSA, FBI, and MS-ISAC Release Phishing Prevention Guidance

Posted on by
Reply

CISA: CISA, NSA, FBI, and MS-ISAC Release Phishing Prevention Guidance. “Today, the Cybersecurity Infrastructure and Security Agency (CISA), the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) released a joint guide, Phishing Guidance: Stopping the Attack Cycle at Phase One. The joint guide outlines phishing techniques malicious actors commonly use and provides guidance for both network defenders and software manufacturers to reduce the impact of phishing techniques used in obtaining credentials and deploying malware.”

Bleeping Computer: Google Workspace will require two admins to sign off on critical changes

Posted on by

Bleeping Computer: Google Workspace will require two admins to sign off on critical changes. “Google announced today new cybersecurity defense controls that will allow security teams to thwart social engineering attacks like phishing targeting Workspace users and prevent account takeover attempts. Prominently among these new capabilities is the ability to add an additional layer of protection that requires sensitive Google Workspace actions to be signed off by two admins.”

Krebs on Security: Karma Catches Up to Global Phishing Service 16Shop

Posted on by

Krebs on Security: Karma Catches Up to Global Phishing Service 16Shop. “The international police organization INTERPOL said last week it had shuttered the notorious 16Shop, a popular phishing-as-a-service platform launched in 2017 that made it simple for even complete novices to conduct complex and convincing phishing scams. INTERPOL said authorities in Indonesia arrested the 21-year-old proprietor and one of his alleged facilitators, and that a third suspect was apprehended in Japan.”

Ars Technica: Torrent of image-based phishing emails are harder to detect and more convincing

Posted on by

Ars Technica: Torrent of image-based phishing emails are harder to detect and more convincing. “Phishing mongers have released a torrent of image-based junk emails that embed QR codes into their bodies to successfully bypass security protections and provide a level of customization to more easily fool recipients, researchers said.”

PsyPost: Younger, more extroverted, and more agreeable individuals are more vulnerable to email phishing scams

Posted on by

PsyPost: Younger, more extroverted, and more agreeable individuals are more vulnerable to email phishing scams. “New research published in Applied Cognitive Psychology suggests that the older you are, the less susceptible you are to phishing scams. In addition, highly extroverted and agreeable people are more susceptible to this style of cyber attack.”

Google Ads data: $4M stolen through crypto phishing URLs (Cointelegraph)

Posted on by

Cointelegraph: Google Ads data: $4M stolen through crypto phishing URLs. “According to Web3 anti-scam service provider ScamSniffer, malicious adverts for phishing websites have been prevalent on Google ads searches in recent weeks. The URLs lead to fraudulent websites that prompt wallet login signature requests that compromise users’ addresses.”

El País: Cybercriminals take advantage of Twitter chaos to step up phishing campaigns

Posted on by

El País: Cybercriminals take advantage of Twitter chaos to step up phishing campaigns. “According to the US cybersecurity company Proofpoint, its researchers have observed a considerable increase in phishing campaigns. Specifically, the company said, cybercriminals are using account verification and the new Twitter Blue product as lures to steal Twitter credentials.”

NextGov: Malicious Emails Surged for Election Workers in 2 Battleground States Ahead of Primaries

Posted on by

NextGov: Malicious Emails Surged for Election Workers in 2 Battleground States Ahead of Primaries . “Research conducted by cybersecurity firm Trellix found that county election workers in Arizona and Pennsylvania saw an increase in phishing schemes ahead of their primary elections.”

TechRadar: Google Translate is being hijacked by phishers to steal your data

Posted on by

TechRadar: Google Translate is being hijacked by phishers to steal your data. “A new phishing campaign has been discovered impersonating Google Translate in order to trick victims. The campaign was spotted by cybersecurity researchers from Avanan, which found numerous phishing emails, some of which were written in Spanish.”

News Australia: Older Aussies are exposed by shift to online banking

Posted on by

News Australia: Older Aussies are exposed by shift to online banking. “Data shows phishing attacks on senior Australians are on the rise in a big way, with the ACCC’s Scamwatch reporting Australians over 65 have lost more money to phishing scams this year than all other age groups combined – totalling over $6.5 million in the first eight months of the year. And that could just be the tip of the iceberg.”

Bleeping Computer: Death of Queen Elizabeth II exploited to steal Microsoft credentials

Posted on by

Bleeping Computer: Death of Queen Elizabeth II exploited to steal Microsoft credentials. “Threat actors are exploiting the death of Queen Elizabeth II in phishing attacks to lure their targets to sites that steal their Microsoft account credentials. Besides Microsoft account details, the attackers also attempt to steal their victims’ multi-factor authentication (MFA) codes to take over their accounts.”

Axios: Anatomy of a text message phishing scam

Posted on by

Axios: Anatomy of a text message phishing scam. “The growth of text-based phishing scams hit close to home for Axios last week when several employees got fake text messages claiming to be from company president and co-founder Roy Schwartz…. We dug into the recent campaign targeting Axios employees to learn more about how these scams operate — especially as reports about text message scams continue to outpace reports about email scams this year for the first time, per the Federal Trade Commission.”

Motherboard: How a Third-Party SMS Service Was Used to Take Over Signal Accounts

Posted on by

Motherboard: How a Third-Party SMS Service Was Used to Take Over Signal Accounts. “Last week, hackers broke into the systems of Twilio, a cloud communications company that provides infrastructure to other companies to automate sending text messages to their users. By breaking into Twilio systems, hackers could have sent text messages to victims, and read their text messages as well. This potentially gave the hackers a chance to take over any victim’s accounts that were tied to their phone number on services that use Twilio. Crucially, Twilio provides text verification services for the encrypted messaging app Signal.”

Ars Technica: I’m a security reporter and got fooled by a blatant phish

Posted on by

Ars Technica: I’m a security reporter and got fooled by a blatant phish . “I also have long held the belief that phishers aren’t all that bright, else they’d rely on more technical means of breaching a target’s security. That gave me a sense of invincibility. The person behind the DM almost certainly relied on a script that either monitored new Twitter verifications or my timeline and swooped in almost immediately after the verification went into effect, probably with the use of an automated script. In retrospect, that’s an obvious thing for a phisher to do, but it hadn’t occurred to me before that someone would be this determined and resourceful.”