Phishing


RTLO Phishing Scam Revival – Everything You Need to Know About this Age-old Cyber Threat

RTLO Phishing Scam Revival – Everything You Need to Know About this Age-old Cyber Threat

The RTLO (or RLO) technique is one of the cybercriminals’ oldest and most common techniques. With the help of this technique, they can make a hyperlink look less suspicious, making you think that it is safe to click on it. However, once you click on the link, it might take you to the attacker’s domain that might ask you for confidential information under a suspicious ruse or download suspicious software on your local device.

Continue reading “RTLO Phishing Scam Revival – Everything You Need to Know About this Age-old Cyber Threat” »

Threat Actors are Using the Russia-Ukraine Conflict to Launch Phishing Attacks

Threat Actors are Using the Russia-Ukraine Conflict to Launch Phishing Attacks

Recently, according to a Google report, Russian and Belarusian cybercriminals have attacked Ukrainian citizens, using the ongoing conflict as an opportunity to benefit from it. The recent Russia-Ukraine war has become an opportunity for cyberattackers. CSIS reported that in February of 2022, the Ukrainian Ministries, Education, and Infrastructures were attacked. This led to a massive loss for the Ukrainian government. Grasping the understanding of the Ukrainian system gave the cybercriminals a clear understanding of how to proceed with their activities.

Continue reading “Threat Actors are Using the Russia-Ukraine Conflict to Launch Phishing Attacks” »

Data Breaches & How They Impact Small Businesses

Data Breaches & How They Impact Small Businesses

The rising threat of cyberattacks and data breaches, in particular, can cripple any organization, especially a small business. SMBs and SMEs are the top targets for threat actors owing to their lack of proper cybersecurity defenses and risk mitigation practices.

SMBs and SMEs need to understand the risks of data breaches and take proactive measures to ensure the security of their enterprise if they wish to maintain a strong market position. They need to evolve their cybersecurity practices with time to grow well for the future.

Continue reading “Data Breaches & How They Impact Small Businesses” »

Latest Phishing Trends: Financial Services, Facebook, and Microsoft, the Biggest Impersonation Targets of Threat Actors

Latest Phishing Trends: Financial Services, Facebook, and Microsoft, the Biggest Impersonation Targets of Threat Actors

Phishing remains the top method that cybercriminals use to target individuals and employees worldwide to lure them in and lead them to fake applications, websites, and payment portals to steal information and hard-earned money.

VadeSecure’s latest report highlights how financial services is the most impersonated sector today, along with Facebook and Microsoft taking the crown for the most impersonated brands by phishing criminals. It is imperative to understand the rising threat of phishing, the latest phishing scams, and how you can ensure your organization’s protection against phishing.

Continue reading “Latest Phishing Trends: Financial Services, Facebook, and Microsoft, the Biggest Impersonation Targets of Threat Actors” »

The surge of LinkedIn Phishing Attacks – Courtesy of the “The Great Resignation”

The surge of LinkedIn Phishing Attacks – Courtesy of the “The Great Resignation”

Cybercriminals have always been actively looking for methods to breach security and acquire information that can be used as leverage over the victims. Due to the recent transition in the job market where individuals are always on the lookout for new and better opportunities, attackers have found a new method to exploit the vulnerabilities of jobseekers. The recent LinkedIn phishing attacks have proven how unguarded LinkedIn users are to such attacks.

Continue reading “The surge of LinkedIn Phishing Attacks – Courtesy of the “The Great Resignation”” »

Two Decades-Old Phishing Attack Revamped

Two Decades-Old Phishing Attack Revamped

The RLO technique is a simple technique that disguises malicious files making them seem like simple text files. When downloaded by the user, these files could damage their device or could be used to acquire sensitive information. Although this technique became outdated, recently, attackers started using it again as people lowered their guard against cyber attacks.

Continue reading “Two Decades-Old Phishing Attack Revamped” »

Cryptocurrency Phishing Scams: 2022’s top and Latest Threat Revealed by Security Regulators

Cryptocurrency Phishing Scams: 2022’s top and Latest Threat Revealed by Security Regulators

The most significant hazards to investors in 2022, according to NASAA (North American Securities Administrators Association), are cryptocurrency and digital asset-related frauds. Investors should be aware of the current cryptocurrency phishing scams getting more attention worldwide.

According to the FTC’s research, threat actors exploit popular social media platforms like Instagram and Facebook as a playground for pulling investment-related scams. Due to their popularity and excellent profits, crypto assets and stablecoins make appealing targets, making cryptocurrency one of the most vulnerable marketplaces for investors globally.

Continue reading “Cryptocurrency Phishing Scams: 2022’s top and Latest Threat Revealed by Security Regulators” »

Latest Phishing Campaign Targeting Microsoft Proves Why Not Having Multi-Factor Authentication is Risky for Organizations

Latest Phishing Campaign Targeting Microsoft Proves Why Not Having Multi-Factor Authentication is Risky for Organizations

Phishing is the most frequently used break-in technique and an attack vector malicious actors have used for years. The latest report by the Microsoft 365 Defender Threat Intelligence Team warns of a new and powerful phishing campaign that targets employees’ bring-your-own-device(s) (BYODs). The attackers register their own devices in corporate networks and gradually make their way into internal and external corporate networks. In this phishing scam, the adversaries target the unmanaged devices within organizations to compromise networks and evade detection by taking advantage of the absence of security measures like multi-factor authentication (MFA) within organizations.

  Continue reading “Latest Phishing Campaign Targeting Microsoft Proves Why Not Having Multi-Factor Authentication is Risky for Organizations” »

Threat Actors Exploit Adobe’s Creative Cloud

Threat Actors Exploit Adobe’s Creative Cloud

Entrepreneurs using Adobe Creative Cloud as a part of their organizational operations need to guard against a new cyberattack model employed by threat actors. Other loopholes call for more robust countermeasures even when deploying adequate phishing solutions. Malicious actors are leveraging the popular application, Adobe Creative Cloud, to dispatch malicious links to users that seem legitimate. Failure to have robust email phishing protection mechanisms in place would compromise your credentials.

Continue reading “Threat Actors Exploit Adobe’s Creative Cloud” »

Recent FIFA 22 Incident and Phishing Attacks in the Gaming industry

Recent FIFA 22 Incident and Phishing Attacks in the Gaming industry

There has been an unprecedented rise in gaming during the last few years, with smartphones making it more popular than ever. The gaming industry is valued at $165 billion, with current estimates of over 3.4 billion players worldwide. From a handful of game developers in the early years, the industry now has many options, ranging from individual contributors to substantial gaming providers, rolling out games by the dozen.

Continue reading “Recent FIFA 22 Incident and Phishing Attacks in the Gaming industry” »

Malicious Actors Exploit Commenting Feature In Google Docs to Send Phishing Emails

Malicious Actors Exploit Commenting Feature In Google Docs to Send Phishing Emails

According to a recent Axios report, over 2 million monthly active users use G Suite products. In the 2017 Google I/O Conference, the organization mentioned that Google Drive alone has over 800 million daily users, and this figure is only increasing. If someone were to exploit a vulnerability in this famous collaborative work and educational platform, the consequences would affect millions. In a recent incident, cyber adversaries have targeted G Suite product users, exploiting a vulnerability in the ‘Comment’ option available in Google Docs, Google Sheets, and Google Slides. Here are the details about the breach and some recommendations on how to stop phishing emails. Continue reading “Malicious Actors Exploit Commenting Feature In Google Docs to Send Phishing Emails” »

The Rise of Survey Scams in The Advertising Industry And The Precautions Organizations Need To Take To Prevent Such Scams

The Rise of Survey Scams in The Advertising Industry And The Precautions Organizations Need To Take To Prevent Such Scams

Digitization has witnessed a sudden boom in online data storage, where not only work but entertainment, education, and communication have become dependent on the internet. Numerous survey scams are gaining popularity once again by promoting various products or free samples to users in return for their information. Scammers pretend to be some famous brand to steal the personal data of the victims using such scams. And everyone using the internet is not entirely accustomed to its usage, nor are they familiar with the features of such frauds.  Continue reading “The Rise of Survey Scams in The Advertising Industry And The Precautions Organizations Need To Take To Prevent Such Scams” »

QR Code Phishing Attacks: Save Your Organization From The New Wave of Phishing Scams

QR Code Phishing Attacks: Save Your Organization From The New Wave of Phishing Scams

QR (Quick Response) codes have become ubiquitous as smartphones have become more popular. Furthermore, due to the COVID-19 epidemic, most industries and sectors are getting digitized, with online payments becoming a significant part of this new ecosystem. However, malicious actors can use a counterfeit QR code, causing the link’s original destination to be diverted to a phishing website. QR code phishing identification levels are rising gradually in proportion to the research discovering online and email phishing. These new phishing attacks are called “Quishing” attacks. This article provides information on such QR code attacks, recognizing such frauds, and how to stop phishing emails.

Continue reading “QR Code Phishing Attacks: Save Your Organization From The New Wave of Phishing Scams” »

Beware of Omicron Phishing Scams

Beware of Omicron Phishing Scams

According to a survey conducted by F5 Labs in 2020, phishing scams have increased by 220% since the onset of the Covid-19 pandemic. A recent example was a COVID-19 health survey conducted among the staff members of the UBC (University of British Columbia), which later turned out to be fake and was instead a ransomware delivery campaign. Examples like these show how malicious actors have used the COVID-19 pandemic to target everyone, from individuals merely browsing the internet for leisure to employees who deal with confidential organizational information. The CSA reported a sharp rise in ransomware, phishing, and cybercrimes in 2020 after the onset of the pandemic.

Continue reading “Beware of Omicron Phishing Scams” »

Things You Need to Learn From The Latest GoDaddy Phishing Attack

Things You Need to Learn From The Latest GoDaddy Phishing Attack

As the world transforms into a more digitally connected environment, the risks have also amplified manifold. New York-based domain and web hosting service provider GoDaddy discovered an enormous security breach on November 17 this year, which affected almost 1.2 million accounts. The incident occurred when the attacker accessed the GoDaddy network through a compromised password on September 6, 2021. The incident filed with the Security and Exchange Commission (SEC) states that the organization had observed and identified “suspicious activity” in the hosting environment that managed WordPress. The IT Security team undertook immediate action, but the malicious actor had at their disposal almost two months to establish a rigid presence by that time. GoDaddy stated that anybody using WordPress currently should assume as compromised if not proved otherwise.

Continue reading “Things You Need to Learn From The Latest GoDaddy Phishing Attack” »

HTML Smuggling: The New Mode of Phishing Attack

HTML Smuggling: The New Mode of Phishing Attack

Phishing has long been one of the most common types of cybersecurity threats for enterprises. Even though most enterprises operating in the digital mode deploy anti-phishing tools, threat actors have developed a new invasive method of attack, called HTML smuggling. Regardless of the size and industry of your enterprise, it makes sense to draw a line of defense against phishing emails. HTML smuggling serves as an attack mechanism that provides a channel to gain initial access to the system. Subsequently, the attackers can deploy other attacks, such as banking malware, ransomware payloads, and remote administration Trojans.

Continue reading “HTML Smuggling: The New Mode of Phishing Attack” »

Google Ads Impersonation Scams – How to Avoid Falling Victim to Such Phishing Attempts

Google Ads Impersonation Scams – How to Avoid Falling Victim to Such Phishing Attempts

Google influences many of our buying decisions each day, having an estimated 85-90% of the search engine market share worldwide. Fraudsters find the online advertising world attractive because it involves massive sums of money. Besides, the transactions are impersonal with a complex and opaque supply chain mechanism that add to the anonymity factor. A mighty challenge associated with online ad frauds is that no one knows the magnitude of the scam unless it hits them. Google Ads Impersonation Scams that start with a simple phishing email have become one of the biggest challenges for organizations, advertisers, and publishers. 

Continue reading “Google Ads Impersonation Scams – How to Avoid Falling Victim to Such Phishing Attempts” »

Everything You Need To Know About The Latest Tech Support Scams Involving Phishing Attacks

Everything You Need To Know About The Latest Tech Support Scams Involving Phishing Attacks

Tech support teams assist users in overcoming various technical challenges they might be facing while operating a computer or a laptop. Many organizations have dedicated technical support teams to mitigate such eventualities, while many outsource to specialized service providers. Malicious actors often disguise themselves as online technical helping hands and illegally access confidential information, taking advantage of this vulnerability. They may also urge individuals to spend a considerable amount of money by fear-mongering. Victims are often unaware of the technicalities concerning their systems and fall for this trap. Therefore, it is imperative to approach only the genuine technical support teams for any action that might be needed to overcome technical faults and issues.

Continue reading “Everything You Need To Know About The Latest Tech Support Scams Involving Phishing Attacks” »

Threat Actors are Leveraging Excel Files to Execute Phishing Campaigns – Here’s Everything You Need to Know!

Threat Actors are Leveraging Excel Files to Execute Phishing Campaigns – Here’s Everything You Need to Know!

During the past year, users have come across several attacks that leveraged the technique of Excel 4.0 Macros, also known as XLM macros, through phishing emails to infect the users’ systems with malware. It is essential to get acquainted with this excel file weaponizing technique to keep your critical data from falling into the hands of cyber adversaries.

Continue reading “Threat Actors are Leveraging Excel Files to Execute Phishing Campaigns – Here’s Everything You Need to Know!” »