Researchers at Microsoft have observed a widespread phishing campaign that’s abusing open redirectors to fool users into visiting credential-harvesting pages. Open redirects are often used for legitimate purposes, such as tracking click rates. However, they can also be abused to disguise a link to a phishing page. “The use of open redirects in email communications […]
New QuickBooks-Themed Phishing Attack Seeks to Infect Victims with Dridex Malware
Quickbooks Phishing AttackPurporting to be invoices and payment reminders, this new campaign targets users of the popular accounting software to install the banking trojan on its victims endpoints. The bad guys have long known that emails involving the concept that the recipient owes money will get a response. They also know if you use a […]
FBI Finds Phishing Sites Abusing Search Results and Ads to Steal Banking Credentials
The US Federal Bureau of Investigation has sent out a private industry notification (PIN) warning that cybercriminals are using search engine ads and search results to spread phishing sites that impersonate banking websites. The FBI says this campaign has been running since March of 2021, although the Record notes that this technique has been in […]
Phishing Attacks Using PDF Files Have Skyrocketed
Phishing attacks using PDF files have spiked over the past year, according to researchers at Palo Alto Networks’ Unit 42. “From 2019-20, we noticed a dramatic 1,160% increase in malicious PDF files – from 411,800 malicious files to 5,224,056,” the researchers write. “PDF files are an enticing phishing vector as they are cross-platform and allow […]
Microsoft Dominates as the Most Impersonated Brand in Phishing Attacks
New data from phishing detection vendor Inky highlights which brands are most often used by cybercriminals in phishing attacks that will give them the edge needed for a successful phish. If you were to analyze nearly 657 million emails, you’d probably have a good grasp on exactly what the bad guys are doing to phish […]
Optrics Insider – How to Stay Safe Against Phishing Attacks & Social Engineering
Join Scott Young from Optrics Engineering and Mike Brill from KnowBe4 as they discuss the latest Zoom phishing attacks and social engineering and how best to keep you and your staff safe from them. Read the “Running Headfirst into a Breach” blog article mentioned in the above video. Learn more about KnowBe4 by going […]
Running Headfirst Into a Breach
The pandemic changed the fortunes of many organisations. Perhaps none so much as Zoom, which has found itself becoming a noun synonymous with any form of video call. However, its meteoric rise has not been without some hiccups along the way. There have been many cases of people not securing their meetings, leading to many […]
It’s Not Only About the URL
You have to look at the totality of an email to determine whether it is a phishing attack or not. I’ll admit it, I’m guilty. When I get a phishy-looking email, the first thing I do is hover over the URL to see if it is legitimate-looking or not. And, most phishing emails do contain […]
[Heads Up] Email Phishing Is Now the Top Ransomware Attack Vector
New data shows that pushback from the ransomware victim “market” may be influencing just how much cybercriminals are asking for as ransom and are being paid. 2020 seemed to point to ransomware continuing to grow in devastation and cost; Ryuk reached a $34 million ransom payout, organizations were operationally brought to their knees by many […]
Beware the Long Con Phish
Social engineering and phishing happen when a con artist communicates a fraudulent message pretending to be a person or organization which a potential victim might trust in order to get the victim to reveal private information (e.g. a password or document) or perform another desired action (e.g. run a Trojan Horse malware program) that is […]