The latest Microsoft Digital Defense Report 2022 says credential phishing schemes are increasing and reveals it is one of the biggest threats online. The crime targets all inboxes from different individuals around the globe, but one of the biggest prey being eyed by operators are those who have Microsoft 365 credentials, the report adds. Image Credit: Microsoft “Microsoft 365 … [Read more...] about Microsoft warns M365 users of growing phishing crimes in new Digital Defense Report
phishing
Actors revamp phishing campaign materials to victim more government contractors with Microsoft 365
A group of malicious actors has leveled up their phishing campaigns in order to fool huge companies (particularly those in the energy, professional services, and construction sectors) into submitting their Microsoft Office 365 account credentials. According to a report from phishing detection and response solutions company Cofense, the campaign operators made improvements in … [Read more...] about Actors revamp phishing campaign materials to victim more government contractors with Microsoft 365
Your next Phishing email may come straight from PayPal
Malicious actors have started to exploit a loophole in the defenses of many home users, organizations, email and security services, to send out phishing emails from legitimate services. image credit: Avanan Threat actors have found a way to send phishing emails using the tools and services provided by legitimate companies such as PayPal or QuickBooks. Most phishing emails … [Read more...] about Your next Phishing email may come straight from PayPal
Another phishing attack that bypasses multi-factor authentication targets Microsoft email users
Cybersecurity research analysts at Zscaler have uncovered a new large-scale phishing campaign targeting Microsoft email users. The main targets of the campaign are corporate users, specifically end users in Enterprise environments that use Microsoft email services. image credit: Zscaler The attackers use so-called Adversary-in-The-Middle (AiTM) techniques to bypass … [Read more...] about Another phishing attack that bypasses multi-factor authentication targets Microsoft email users
Office Phishing Attack circumvents multi-factor authentication
Microsoft security researchers and engineers discovered a massive phishing attack that has been targeting more than 10,000 organizations since September 2021. The malicious actors used adversary-in-the-middle (AiTM) phishing sites to steal passwords and session data; this allowed them to bypass multi-factor authentication protections to access user email inboxes and run … [Read more...] about Office Phishing Attack circumvents multi-factor authentication
Beware: Walmart phishing attack says your package was not delivered
A Walmart phishing campaign is underway that attempts to steal your personal information and verifies your email for further phishing attacks. A new email phishing campaign pretends to be from Walmart with a subject line of "Your Package delivery Problem Notification lD#" stating that they could not deliver your package because your address is incorrect. "Unfortunately we … [Read more...] about Beware: Walmart phishing attack says your package was not delivered
New phishing attack uses Morse code to hide malicious URLs
A new targeted phishing campaign includes the novel obfuscation technique of using Morse code to hide malicious URLs in an email attachment. Samuel Morse and Alfred Vail invented morse code as a way of transmitting messages across telegraph wire. When using Morse code, each letter and number is encoded as a series of dots (short sound) and dashes (long sound). Starting … [Read more...] about New phishing attack uses Morse code to hide malicious URLs
Windows Finger command abused by phishing to download malware
Attackers are using the normally harmless Windows Finger command to download and install a malicious backdoor on victims' devices. The 'Finger' command is a utility that originated in Linux/Unix operating systems that allows a local user to retrieve a list of users on a remote machine or information about a particular remote user. In addition to Linux, Windows includes a … [Read more...] about Windows Finger command abused by phishing to download malware
Warning: Massive Zoom phishing targets Thanksgiving meetings
Everyone should be on the lookout for a massive ongoing phishing attack today, pretending to be an invite for a Zoom meeting. Hosted on numerous landing pages, BleepingComputer has learned that thousands of users' credentials have already been stolen by the attack. With many in the USA hosting virtual Thanksgiving dinners and people in other countries conducting Zoom … [Read more...] about Warning: Massive Zoom phishing targets Thanksgiving meetings
PSA: Watch Out For This New Amazon Email Phishing Scam
Scam artists are getting so good at creating realistic-looking phishing emails that some are getting past Gmail’s spam filters. Although most of us have been trained to spot suspicious email messages, some (like the one above) look like they could be from companies like Amazon. Bad actors posing as companies you do business with is nothing new. If you look at your spam … [Read more...] about PSA: Watch Out For This New Amazon Email Phishing Scam