The Insider reported that QAnon is co-opting a USPS phishing scam, and claim the Vishing text messages are linked to human trafficking. “A viral [text] phishing scheme is targeting people across the country with scammy text messages claiming to be from the United States Postal Service (USPS). Now, QAnon conspiracy theorists have jumped into the […]
[Heads Up] Apparently Slack Phishing Got So Bad They Had To Do Something About It
Slack has announced a slew of new security features, certificates and integrations, including a verification system that adds an additional layer to protect against phishing scams. The announcement follows on from Slack Connect, launched in June, which allows organizations to create shared channels with other companies. This is the company’s big play in its attempt […]
Paying the Ransom After a Ransomware Attack May Become More Complicated, Thanks to the U.S. Treasury
With many organizations considering to pay the ransom should they experience an attack, new guidance from the U.S. Treasury may put a damper on an organization’s ability to pay. When hit with a modern ransomware attack today, the idea of paying the ransom has been brought back into the spotlight due to multiple ransomware variants […]
Explosion of Zoom Meeting Phishing Attacks Over Spring and Summer of 2020 and Targeting Office365 and Outlook Credentials
Researchers at INKY have observed an “explosion” of Zoom-themed phishing attacks over the Spring and Summer of 2020. Most of the attacks are aimed at stealing credentials to services like Outlook and Office 365 by directing users to spoofed login pages. The researchers say they’ve observed the emails being sent from legitimate, compromised accounts as […]
Leaked U.S.-UK Trade Documents Show How Devastating Compromised Email Can Be
An ongoing criminal investigation highlights how classified documents stolen by Russian hackers from former U.K. trade minister Liam Fox may have been used to impact the British 2019 election. Late last year, these trade documents were leaked and disseminated online by a Russian disinformation campaign. The new addition to this story, according to Reuters, is […]
Sawfish Spearphishing Attacks Continue, Prompting Password Resets on GitHub and DeepSource
A new wave of attacks on GitHub users via app developer DeepSource has raised concerns over access to user credentials and development code. I’ve written about phishing attacks targeting GitHub users previously. But this month, users of GitHub partner DeepSource were notified of a security incident in which at least one of DeepSource’s employee credentials […]
1 in 3 Employees Rarely or Never Think About Cybersecurity
Eye-opening data around the impact of human error demonstrates how simple user mistakes can compromise your organization’s cybersecurity posture. It’s something we all know – employees that aren’t paying attention to corporate security aren’t helping. But new data from email security vendor Tessian quantifies this notion with some pretty surprising data. In their Psychology of […]
An Old Dog with Some New Tricks
The Emotet botnet is now including stolen attachments in its phishing emails to increase the appearance of authenticity, BleepingComputer reports. The botnet is well-known for targeting the contacts of compromised email accounts with phishing emails that are sent as replies to existing email threads, but the use of legitimate, benign attachments in these emails is […]
New Calendar Invitations as Phishbait Attack Wave
BleepingComputer warns that cybercriminals are using calendar invites to send phishing links to Wells Fargo customers. Researchers at Abnormal Security discovered this phishing campaign in mid-June, and it’s targeted more than 15,000 people. The attackers are sending emails purporting to come from Wells Fargo that inform the recipient that they need to update their security […]
Pyongyang’s Phishing with Job Offers
An attack campaign with possible ties to North Korea’s Lazarus Group targeted aerospace and military companies in Europe and the Middle East with spear phishing attacks late last year, according to researchers at ESET. The campaign, which the researchers call “Operation In(ter)ception,” used social engineering attacks on LinkedIn to trick employees into opening malware-laden documents. […]