Latest Phishing news

Hotel hackers redirect guests to fake Booking.com to steal cards

Security researchers discovered a multi-step information stealing campaign where hackers breach the systems of hotels, booking sites, and travel agencies and then use their access to go after financial data belonging to customers.
- Ionut Ilascu
- September 22, 2023
- 07:41 AM
- 11
Claimants in Celsius crypto bankruptcy targeted in phishing attack

Scammers are impersonating the bankruptcy claim agent for crypto lender Celsius in phishing attacks that attempt to steal funds from cryptocurrency wallets.
- Lawrence Abrams
- September 19, 2023
- 07:38 PM
- 0
Retool blames breach on Google Authenticator MFA cloud sync feature

Software company Retool says the accounts of 27 cloud customers were compromised following a targeted and multi-stage social engineering attack.
- Sergiu Gatlan
- September 15, 2023
- 03:15 PM
- 3
Sponsored Content
How end-user phishing training works (and why it doesn’t)

Training end-users to spot phishing has its benefits, but it's clear to see organizations as a whole have failed to make a dent in phishing attacks. Learn more from Specops Software on how phishers use social engineering to exploit human psychology.
- Sponsored by Specops Software
- September 13, 2023
- 10:02 AM
- 0
Ransomware access broker steals accounts via Microsoft Teams phishing

Microsoft says an initial access broker known for working with ransomware groups has recently switched to Microsoft Teams phishing attacks to breach corporate networks.
- Sergiu Gatlan
- September 12, 2023
- 03:14 PM
- 1
Facebook Messenger phishing wave targets 100K business accounts per week

Hackers use a massive network of fake and compromised Facebook accounts to send out millions of Messenger phishing messages to target Facebook business accounts with password-stealing malware.
- Bill Toulas
- September 11, 2023
- 11:01 AM
- 0
Associated Press warns that AP Stylebook data breach led to phishing attack

The Associated Press is warning of a data breach impacting AP Stylebook customers where the attackers used the stolen data to conduct targeted phishing attacks.
- Lawrence Abrams
- September 10, 2023
- 01:22 PM
- 1
Microsoft Teams phishing attack pushes DarkGate malware

A new phishing campaign is abusing Microsoft Teams messages to send malicious attachments that install the DarkGate Loader malware.
- Bill Toulas
- September 09, 2023
- 10:50 AM
- 1
Google is enabling Chrome real-time phishing protection for everyone

Google announced today that it is bringing additional security to the Google Chrome standard Safe Browsing feature by enabling real-time phishing protection for all users.
- Lawrence Abrams
- September 07, 2023
- 05:03 PM
- 1
Google Looker Studio abused in cryptocurrency phishing attacks

Cybercriminals are abusing Google Looker Studio to create counterfeit cryptocurrency phishing websites that phish digital asset holders, leading to account takeovers and financial losses.
- Bill Toulas
- September 07, 2023
- 03:07 PM
- 0
W3LL phishing kit hijacks thousands of Microsoft 365 accounts, bypasses MFA

A threat actor known as W3LL developed a phishing kit that can bypass multi-factor authentication along with other tools that compromised more than 8,000 Microsoft 365 corporate accounts.
- Ionut Ilascu
- September 06, 2023
- 06:33 AM
- 2
Classiscam fraud-as-a-service expands, now targets banks and 251 brands

The "Classiscam" scam-as-a-service operation has broadened its reach worldwide, targeting many more brands, countries, and industries, causing more significant financial damage than before.
- Bill Toulas
- August 31, 2023
- 04:00 AM
- 0
Spain warns of LockBit Locker ransomware phishing attacks

The National Police of Spain is warning of an ongoing 'LockBit Locker' ransomware campaign targeting architecture companies in the country through phishing emails.
- Bill Toulas
- August 28, 2023
- 02:25 PM
- 0
Kroll data breach exposes info of FTX, BlockFi, Genesis creditors

Multiple reports on social media warn of a data breach at financial and risk advisory company Kroll that resulted in exposing to an unauthorized third-party the personal data of some credit claimants.
- Bill Toulas
- August 25, 2023
- 10:10 AM
- 0
Hotmail email delivery fails after Microsoft misconfigures DNS

Hotmail users worldwide have problems sending emails, with messages flagged as spam or not delivered after Microsoft misconfigured the domain's DNS SPF record.
- Lawrence Abrams
- August 18, 2023
- 11:44 AM
- 2
Phishing campaign steals accounts for Zimbra email servers worlwide

An ongoing phishing campaign has been underway since at least April 2023 that attempts to steal credentials for Zimbra Collaboration email servers worldwide.
- Bill Toulas
- August 17, 2023
- 01:22 PM
- 0
Major U.S. energy org targeted in QR code phishing attack

A phishing campaign was observed predominantly targeting a notable energy company in the US, employing QR codes to slip malicious emails into inboxes and bypass security.
- Bill Toulas
- August 16, 2023
- 10:16 AM
- 1
Lapsus$ hackers took SIM-swapping attacks to the next level

The U.S. government released a report after analyzing simple techniques, e.g. SIM swapping, used by the Lapsus$ extortion group to breach dozens of organizations with a strong security posture.
- Ionut Ilascu
- August 11, 2023
- 02:23 AM
- 1
Hackers use open source Merlin post-exploitation toolkit in attacks

Ukraine is warning of a wave of attacks targeting state organizations using 'Merlin,' an open-source post-exploitation and command and control framework.
- Bill Toulas
- August 09, 2023
- 05:32 PM
- 1
EvilProxy phishing campaign targets 120,000 Microsoft 365 users

EvilProxy is becoming one of the more popular phishing platforms to target MFA-protected accounts, with researchers seeing 120,000 phishing emails sent to over a hundred organizations to steal Microsoft 365 accounts.
- Bill Toulas
- August 09, 2023
- 05:00 AM
- 0