Today, DocuSign — a provider of e-signature technology — acknowledged a data breach incident following which a third-party managed to gain access to the email addresses of its customers, data that it's now using in massive spam campaigns.
A Twitter user by the name @EugenePupov is trying to take credit for the massive phishing attack that hit Gmail users last night, but currently available evidence isn't lining up with his statements.
A massive phishing campaign took place today, but Google's security staff was on hand and shut down the attacker's efforts within an hour after users first reported the problem on Reddit.
A simple email marketing trick is also abused by cyber-criminals, who are employing a technique known as "pixel tracking" to gather information on possible targets or to improve the efficiency of phishing attacks.
Browsers such as Chrome, Firefox, and Opera are vulnerable to a new variation of an older attack that allows phishers to register and pass fake domains as the websites of legitimate services, such as Apple, Google, eBay, and others.
During the past year, Let's Encrypt has issued a total of 15,270 SSL certificates that contained the word "PayPal" in the domain name or the certificate identity. Of these, approximately 14,766 (96.7%) were issued for domains that hosted phishing sites.
Corporate email addresses are 4.3 more likely to receive malware compared to personal accounts, 6.2 times more likely to receive phishing lures, and 0.4 times less likely to receive spam.
During the past year, social media profiles belonging to a girl named Safeena Malik have been at the heart of a series of phishing attacks that have targeted journalists and activists investigating Qatari migrant worker labor issues.
Security researchers from Proofpoint have come across a sophisticated phishing kit that automates the process of building and deploying high-end phishing pages, and which is extremely efficient at collecting login credentials and user details from PayPal users.
One trick, first seen in June 2016, was observed again this past month. This clever phishing attack relies on telling users they received an important or secure file, and they need to visit a web page to view it. The real trick takes place on the crook's page, which shows a blurred out document on the background.
Browser autofill profiles are a reliable phishing vector that allow attackers to collect information from users via hidden fields, which the browser automatically fills with preset personal information and which the user unknowingly sends to the attacker when he submits a form.
Bitcoin price surge reverberates through cybercriminal landscape, as cyber-criminals ramp up phishing attacks against Bitcoin users.