A brazen phishing campaign took Iceland by surprise the last weekend, sending out malicious emails to thousands of individuals, in an attempt to fool them into installing a powerful remote access tool.
Yesterday we reported on a phishing attack that utilizes Azure Blob storage in order to have login forms secured by a Microsoft issued SSL certificate. After reviewing the URLs used by the same attacker, BleepingComputer has discovered that these same bad actors are utilizing the Cloudflare IPFS gateway for the same purpose.
In a bizarre sequence of events, after the CRM software company Zoho was taken offline by their domain registrar, they posted to Twitter asking for help getting their service back up and running again. When Zoho customer's contacted TierraNet, they were told the CRM service was taken down due to phishing violations.
A Nigerian man has been sentenced to five years of prison time and pay $2.54 million in restitution for running business email compromise scams that attempted to steal $25 million.
While phishing continues to be the prevalent threat in malware-less email-based attacks, cybercriminals refine their methods by adding an impersonation component to increase the success rate against company employees.
An unpatched vulnerability in the Safari web browser allows an attacker to control the content displayed in the address bar, a security researcher discovered. The method enables well-crafted phishing attacks that are difficult to spot by the average consumer.
An Iranian hacking group has continued its phishing operations undeterred by indictments from the US Department of Justice.
A recent hacking attempt against the Democratic National Committee (DNC) proved to be a false alarm, according to a clarifying statement released by the DNC chief security officer Bob Lord.
A threat actor named DarkHydrus that is relatively new to the scene relies on open-source tools for spear-phishing attacks designed to steal credentials from government and educational institutions in the Middle East.
Malware distributors, hackers, and phishing scammers are continuing to use the practice of hiding login forms for their web shells in fake HTTP error documents. These pages pretend to be HTTP errors such as 404 Not Found or Forbidden, while in reality they are login pages that allow an attacker to issues commands on the server.
Cyrillic (Russian alphabet) characters are the most common characters used in IDN homograph attacks, according to research published last month by Farsight Security.
A hacker has breached a Hola VPN developer account and has replaced the official Chrome extension with one that redirected users of the MyEtherWallet.com website to a phishing page controlled by the attacker.
The team behind the Trezor multi-cryptocurrency wallet service has discovered a phishing attack against some of its users that took place over the weekend.
Cyber-criminals are currently using a trick that allows them to bypass Microsoft's security filters and deliver spam and phishing emails to Office 365 email accounts.
Despite their leader's arrest in Spain two months ago, the Cobalt hacker group that's specialized in stealing money from banks and financial institutions has remained active, even launching a new campaign.
There really is no honor among thieves. I recently found a phishing scheme that contains a list of names that are associated with other scams that the recipient should avoid.
Phishing threats are currently targeting your credentials for Apple, Facebook, Gmail, and more. In this roundup we detail some of the current Phishing threats active on the Internet.
Facebook has updated a phishing detection toolkit it developed two years ago. The update now allows webmasters who sign up for the tool to detect homograph (Unicode-based lookalike) domains created for their websites.
A new phishing email scam is under way that pretends to be from a company's human resources (HR) department and requests that the recipient read and acknowledge an attached "Rules of Conduct" document. This document, though, prompts you to login at a fake Office 365 login prompt, which is used to steal your credentials.