Threat hunters say they’ve seen a concerted rise in the use of a phishing tactic designed to bypass traditional email defenses by subtly changing the prefixes (a.k.a. schemes) of malicious URLs in hyperlinks. (Sean Gallup/Getty Images) Threat hunters say they’ve seen a concerted rise in the use of a phishing tactic
Tag: phishing
Google Firebase hosts Microsoft Office phishing attack
A phishing attack recently uncovered by researchers pretends to share information about an electronic funds transfer (EFT) by offering up a link to download an HTML invoice that then loads to a page with Microsoft Office branding that’s hosted on Google Firebase. The attack culminates with a final phishing page that
Phishing scheme shows CEOs may be ‘most valuable asset,’ and ‘greatest vulnerability’
While no specific names were included, a new report pointed to CEOs of U.S. companies as a primary target of a new phishing scheme. Here, Amazon founder Jeff Bezos speaks about a recent development by Blue Origin, the space company he founded. (Mark Wilson/Getty Images) Cybercriminals have been using a phishing
Phishing campaign spoofs Microsoft domain. Is lack of DMARC enforcement to blame?
Building 92 at Microsoft Corporation headquarters in Redmond, Washington. (Coolcaesar, CC BY-SA 4.0 https://creativecommons.org/licenses/by-sa/4.0, via Wikimedia Commons) An email security company says its researchers observed a spear phishing campaign that exactly spoofed a Microsoft email domain to trick Office 365 users. This suggests Microsoft’s servers were not enforcing protective DMARC authentication
GoDaddy scam shows how voice phishing can be more deceptive than email schemes
A GoDaddy office location in Sunnyvale, California (GoDaddy Inc.). Companies can protect employees from phishing schemes through a combination of training, secure email gateways and filtering technologies. But what protects workers from phone-based voice phishing (vishing) scams, like the kind that recently targeted GoDaddy and a group of cryptocurrency platforms that
‘Insensitive’ phishing test stirs debate over ethics of security training
An email sent to employees of Chicago-based Tribune Publishing, parent company of the Chicago Tribune, told recipients that they would receive $5,000 to $10,000 in bonus payments, “as a direct result of the success created by the ongoing efforts to cut our costs.” (Adam Jones, Ph.D. via Creative Commons Attribution-Share
Phishing attack targeted top financial pro at large company
Attackers using a novel credential phishing attack that leverages Active Directory to verify a victim’s password and gain access to an Office 365 account targeted a top financial person in a division of a large American corporation. Once inside a victim’s account, bad actors could access sensitive financial documents, emails, calendar
Hackers hijack design platform to go phishing
Australian design platform Canva unwittingly provided phishing campaigns with graphics, making threat actors’ schemes appear more legitimate as they pilfer credentials through social engineering trickery. Hackers hijacked the graphic design site, owned by the fast-growing company whose valuation recently grew from $3.2 billion to $6 billion, and used it to leverage
SANS Institute breach proves anyone can fall victim to a ‘consent phishing’ scam
DNA companies vulnerable to phishing, privacy violations after attacks
A malicious server compromise recently confirmed by DNA investigation services provider GEDmatch serves a reminder of the incident response challenges and privacy ramifications that companies face when they trade in sensitive data – in this case, DNA, the most personal of data – especially when such incidents create unique opportunities for targeted