Phishing


Data Breaches & How They Impact Small Businesses

Data Breaches & How They Impact Small Businesses

The rising threat of cyberattacks and data breaches, in particular, can cripple any organization, especially a small business. SMBs and SMEs are the top targets for threat actors owing to their lack of proper cybersecurity defenses and risk mitigation practices.

SMBs and SMEs need to understand the risks of data breaches and take proactive measures to ensure the security of their enterprise if they wish to maintain a strong market position. They need to evolve their cybersecurity practices with time to grow well for the future.

(more…)

Latest Phishing Trends: Financial Services, Facebook, and Microsoft, the Biggest Impersonation Targets of Threat Actors

Latest Phishing Trends: Financial Services, Facebook, and Microsoft, the Biggest Impersonation Targets of Threat Actors

Phishing remains the top method that cybercriminals use to target individuals and employees worldwide to lure them in and lead them to fake applications, websites, and payment portals to steal information and hard-earned money.

VadeSecure’s latest report highlights how financial services is the most impersonated sector today, along with Facebook and Microsoft taking the crown for the most impersonated brands by phishing criminals. It is imperative to understand the rising threat of phishing, the latest phishing scams, and how you can ensure your organization’s protection against phishing.

(more…)

The surge of LinkedIn Phishing Attacks – Courtesy of the “The Great Resignation”

The surge of LinkedIn Phishing Attacks – Courtesy of the “The Great Resignation”

Cybercriminals have always been actively looking for methods to breach security and acquire information that can be used as leverage over the victims. Due to the recent transition in the job market where individuals are always on the lookout for new and better opportunities, attackers have found a new method to exploit the vulnerabilities of jobseekers. The recent LinkedIn phishing attacks have proven how unguarded LinkedIn users are to such attacks.

(more…)

Cryptocurrency Phishing Scams: 2022’s top and Latest Threat Revealed by Security Regulators

Cryptocurrency Phishing Scams: 2022’s top and Latest Threat Revealed by Security Regulators

The most significant hazards to investors in 2022, according to NASAA (North American Securities Administrators Association), are cryptocurrency and digital asset-related frauds. Investors should be aware of the current cryptocurrency phishing scams getting more attention worldwide.

According to the FTC’s research, threat actors exploit popular social media platforms like Instagram and Facebook as a playground for pulling investment-related scams. Due to their popularity and excellent profits, crypto assets and stablecoins make appealing targets, making cryptocurrency one of the most vulnerable marketplaces for investors globally.

(more…)

Latest Phishing Campaign Targeting Microsoft Proves Why Not Having Multi-Factor Authentication is Risky for Organizations

Latest Phishing Campaign Targeting Microsoft Proves Why Not Having Multi-Factor Authentication is Risky for Organizations

Phishing is the most frequently used break-in technique and an attack vector malicious actors have used for years. The latest report by the Microsoft 365 Defender Threat Intelligence Team warns of a new and powerful phishing campaign that targets employees’ bring-your-own-device(s) (BYODs). The attackers register their own devices in corporate networks and gradually make their way into internal and external corporate networks. In this phishing scam, the adversaries target the unmanaged devices within organizations to compromise networks and evade detection by taking advantage of the absence of security measures like multi-factor authentication (MFA) within organizations.

  (more…)

Threat Actors Exploit Adobe’s Creative Cloud

Threat Actors Exploit Adobe’s Creative Cloud

Entrepreneurs using Adobe Creative Cloud as a part of their organizational operations need to guard against a new cyberattack model employed by threat actors. Other loopholes call for more robust countermeasures even when deploying adequate phishing solutions. Malicious actors are leveraging the popular application, Adobe Creative Cloud, to dispatch malicious links to users that seem legitimate. Failure to have robust email phishing protection mechanisms in place would compromise your credentials.

(more…)

Recent FIFA 22 Incident and Phishing Attacks in the Gaming industry

Recent FIFA 22 Incident and Phishing Attacks in the Gaming industry

There has been an unprecedented rise in gaming during the last few years, with smartphones making it more popular than ever. The gaming industry is valued at $165 billion, with current estimates of over 3.4 billion players worldwide. From a handful of game developers in the early years, the industry now has many options, ranging from individual contributors to substantial gaming providers, rolling out games by the dozen.

(more…)

Malicious Actors Exploit Commenting Feature In Google Docs to Send Phishing Emails

Malicious Actors Exploit Commenting Feature In Google Docs to Send Phishing Emails

According to a recent Axios report, over 2 million monthly active users use G Suite products. In the 2017 Google I/O Conference, the organization mentioned that Google Drive alone has over 800 million daily users, and this figure is only increasing. If someone were to exploit a vulnerability in this famous collaborative work and educational platform, the consequences would affect millions. In a recent incident, cyber adversaries have targeted G Suite product users, exploiting a vulnerability in the ‘Comment’ option available in Google Docs, Google Sheets, and Google Slides. Here are the details about the breach and some recommendations on how to stop phishing emails. (more…)

The Rise of Survey Scams in The Advertising Industry And The Precautions Organizations Need To Take To Prevent Such Scams

The Rise of Survey Scams in The Advertising Industry And The Precautions Organizations Need To Take To Prevent Such Scams

Digitization has witnessed a sudden boom in online data storage, where not only work but entertainment, education, and communication have become dependent on the internet. Numerous survey scams are gaining popularity once again by promoting various products or free samples to users in return for their information. Scammers pretend to be some famous brand to steal the personal data of the victims using such scams. And everyone using the internet is not entirely accustomed to its usage, nor are they familiar with the features of such frauds.  (more…)

QR Code Phishing Attacks: Save Your Organization From The New Wave of Phishing Scams

QR Code Phishing Attacks: Save Your Organization From The New Wave of Phishing Scams

QR (Quick Response) codes have become ubiquitous as smartphones have become more popular. Furthermore, due to the COVID-19 epidemic, most industries and sectors are getting digitized, with online payments becoming a significant part of this new ecosystem. However, malicious actors can use a counterfeit QR code, causing the link’s original destination to be diverted to a phishing website. QR code phishing identification levels are rising gradually in proportion to the research discovering online and email phishing. These new phishing attacks are called “Quishing” attacks. This article provides information on such QR code attacks, recognizing such frauds, and how to stop phishing emails.

(more…)

Beware of Omicron Phishing Scams

Beware of Omicron Phishing Scams

According to a survey conducted by F5 Labs in 2020, phishing scams have increased by 220% since the onset of the Covid-19 pandemic. A recent example was a COVID-19 health survey conducted among the staff members of the UBC (University of British Columbia), which later turned out to be fake and was instead a ransomware delivery campaign. Examples like these show how malicious actors have used the COVID-19 pandemic to target everyone, from individuals merely browsing the internet for leisure to employees who deal with confidential organizational information. The CSA reported a sharp rise in ransomware, phishing, and cybercrimes in 2020 after the onset of the pandemic.

(more…)

Things You Need to Learn From The Latest GoDaddy Phishing Attack

Things You Need to Learn From The Latest GoDaddy Phishing Attack

As the world transforms into a more digitally connected environment, the risks have also amplified manifold. New York-based domain and web hosting service provider GoDaddy discovered an enormous security breach on November 17 this year, which affected almost 1.2 million accounts. The incident occurred when the attacker accessed the GoDaddy network through a compromised password on September 6, 2021. The incident filed with the Security and Exchange Commission (SEC) states that the organization had observed and identified “suspicious activity” in the hosting environment that managed WordPress. The IT Security team undertook immediate action, but the malicious actor had at their disposal almost two months to establish a rigid presence by that time. GoDaddy stated that anybody using WordPress currently should assume as compromised if not proved otherwise.

(more…)

HTML Smuggling: The New Mode of Phishing Attack

HTML Smuggling: The New Mode of Phishing Attack

Phishing has long been one of the most common types of cybersecurity threats for enterprises. Even though most enterprises operating in the digital mode deploy anti-phishing tools, threat actors have developed a new invasive method of attack, called HTML smuggling. Regardless of the size and industry of your enterprise, it makes sense to draw a line of defense against phishing emails. HTML smuggling serves as an attack mechanism that provides a channel to gain initial access to the system. Subsequently, the attackers can deploy other attacks, such as banking malware, ransomware payloads, and remote administration Trojans.

(more…)

Google Ads Impersonation Scams – How to Avoid Falling Victim to Such Phishing Attempts

Google Ads Impersonation Scams – How to Avoid Falling Victim to Such Phishing Attempts

Google influences many of our buying decisions each day, having an estimated 85-90% of the search engine market share worldwide. Fraudsters find the online advertising world attractive because it involves massive sums of money. Besides, the transactions are impersonal with a complex and opaque supply chain mechanism that add to the anonymity factor. A mighty challenge associated with online ad frauds is that no one knows the magnitude of the scam unless it hits them. Google Ads Impersonation Scams that start with a simple phishing email have become one of the biggest challenges for organizations, advertisers, and publishers. 

(more…)

Everything You Need To Know About The Latest Tech Support Scams Involving Phishing Attacks

Everything You Need To Know About The Latest Tech Support Scams Involving Phishing Attacks

Tech support teams assist users in overcoming various technical challenges they might be facing while operating a computer or a laptop. Many organizations have dedicated technical support teams to mitigate such eventualities, while many outsource to specialized service providers. Malicious actors often disguise themselves as online technical helping hands and illegally access confidential information, taking advantage of this vulnerability. They may also urge individuals to spend a considerable amount of money by fear-mongering. Victims are often unaware of the technicalities concerning their systems and fall for this trap. Therefore, it is imperative to approach only the genuine technical support teams for any action that might be needed to overcome technical faults and issues.

(more…)

Threat Actors are Leveraging Excel Files to Execute Phishing Campaigns – Here’s Everything You Need to Know!

During the past year, users have come across several attacks that leveraged the technique of Excel 4.0 Macros, also known as XLM macros, through phishing emails to infect the users’ systems with malware. It is essential to get acquainted with this excel file weaponizing technique to keep your critical data from falling into the hands of cyber adversaries.

(more…)

The Revival Of IDN (Phishing) Attacks With Microsoft Outlook

The Revival Of IDN (Phishing) Attacks With Microsoft Outlook

The Internationalized Domain Name (IDN) consists of a combined Unicode character set with similar Latin and Cyrillic alphabets, making the domain look identical to the Daily ASCII domain. Unicode domain names could be problematic from a security point of view, as many Unicode characters are hard to distinguish from regular ASCII characters. Phishing attacks with Internationalized Domain Names (IDNs) using Unicode characters and non-Latin character sets such as Cyrillic and Greek look like typical Latin characters.

(more…)