Phishing Watchdog – Stay Safe with Instant Alerts


Phishing Watchdog “Phishing Watchdog” Is A Timeline of All Major Phishing Attacks Reported As They Breakout


An Updated Feed of All Significant Phishing Attacks

This is a comprehensive and frequently updated resource page that lists all the significant Phishing Attacks as they are discovered and happen online. Each attack is summarized here with links to further information about each attack. The list below is updated instantly with threat details as soon as the attack is verified to be authentic.

Please Sign Up To Get Instant Phishing Attack Alerts by Email



Rights Group: APP Bank Fraud Cost Consumers £1bn

18th March 2020 | Target: Right Group | Reported Here

Financial institutions could have prevented hundreds of millions of pounds worth of fraud over the past three years by implementing a simple payee-checking service online, a consumer rights group has claimed.

Which? estimates that £1.1 billion has been lost to bank transfer fraud since 2017. In these cases, a scammer posing as a trusted entity tricks the victim to transfer money to a bank account under their control — known as “authorized push payment” (APP) fraud.



Ryuk Ransomware Takes Out Durham, North Carolina

8th March 2020 | Target: Durham, North Carolina | Reported Here

The city of Durham, North Carolina temporarily disabled its phone system last weekend after suffering a Ryuk ransomware attack.

The city of Durham and Durham County published a joint statement on March 8 in which they revealed that a malware attack had affected their IT services. According to the statement, the government bodies first learned of the security incident on March 6. Both entities relied on their notification systems to alert IT teams of the attack.



266,000 Passwords Stolen in Trident Crypto Fund Data Breach

6th March 2020 | Target: Trident Crypto Fund | Reported Here

In a major privacy breach, the usernames and passwords of more than a quarter of a million Trident Crypto Fund customers have been stolen and published online.

Technical director of cybersecurity firm DeviceLock Ashot Oganesyan told Russian news outlet IZ the database — which contains email addresses, cellphone numbers, encrypted passwords and IP addresses — had been uploaded to various file sharing websites on February 20.


[above via Coin-Telegraph post


UK ICO Fines Cathay Pacific with £500,000 for 2018 Data Breach

4th March 2020 | Target: Cathay Pacific | Reported Here

The Information Commissioner’s Office (ICO) has fined Cathay Pacific Airways Limited £500,000 for failing to protect the security of its customers’ personal data.

Between October 2014 and May 2018 Cathay Pacific’s computer systems lacked appropriate security measures which led to customers’ personal details being exposed, 111,578 of whom were from the UK, and approximately 9.4 million more worldwide.


[above via Ico post] Update 1 / Update 2


Ransomware Attack: Georgia City Pays $380K Ransom to Hackers

2nd March 2020 | Target: Cartersville, Georgia | Reported Here

Almost one year after a ransomware attack struck the city of Cartersville, Ga., municipal officials revealed that they paid a ransom of $380,000 to regain access to their files.

The news was made known after the local Daily Tribune News filed a Freedom of Information Act request, which disclosed the payment to mitigate the May 4, 2019 attack. The Daily Tribune found that the initial ransom demand was for $2.8 million, payable in bitcoin, and that the city’s insurance paid the majority of the cost.


[above via Sc-Magazine post] Update 1


Desjardins Group Breach Cost $38m Higher Than Expected

27th February 2020 | Target: Desjardins Group | Reported Here

Last year, the Quebec based financial institution Desjardins Group suffered from a data breach carried out intentionally by a malicious employee who had access to baking details. As a result of this individual’s actions, the data of 4.2 million Desjardins customers was exposed and 1.8 million credit cardholders who were not Desjardins members were affected as well. Original reparation estimates were around $70 million, but earlier this week the company has stated that the breach is likely to cost them roughly $108 million.


[above via Oodaloop post] 


Shark Tank Star Corcoran Loses $400K in Email Scam

26th February 2020 | Target: Barbara Corcoran | Reported Here

“Shark Tank” judge Barbara Corcoran lost nearly $400,000 in an elaborate email scam that tricked her staff.

Corcoran said someone acting as her assistant sent an invoice to her bookkeeper earlier this week for a renovation payment. She told People that she had “no reason to be suspicious” about the email because she invests in real estate, so the bookkeeper wired $388,700 to the email address.


[above via Cnn post] Update 1 / Update 2 / Update 3


Ransomware-hit US gas pipeline shut for two days

18th February 2020 | Target: US Natural Gas Pipeline  | Reported Here

A ransomware attack on a US natural gas facility meant a pipeline had to be shut down for two days, the US Department of Homeland Security (DHS) has said.

However, it did not name the facility or say when the attack happened.

A malicious link sent to staff at the facility eventually caused the shutdown “of the entire pipeline asset”.


[above via Bank Info Security post] – Update 1


Official: Puerto Rico Govt Loses $2.6M in Phishing Scam

12th February 2020 | Target: Puerto Rico | Reported Here

Puerto Rico (AP) — Puerto Rico’s government has lost more than $2.6 million after falling for an email phishing scam, according to a senior official.

The finance director of the island’s Industrial Development Company, Rubén Rivera, said in a complaint filed to police Wednesday that the agency sent the money to a fraudulent account.


[above via Ap News post] – Update 1 / Update 2


A tail of two ransomware attacks

7th February 2020 | Target: Two schools | Reported Here

Two schools, two ransomware attack and two different outcomes.

The Allegheny Intermediate Unit school system was able to fend off a recent ransomware attack using back up files, meanwhile the University of Maastricht just disclosed it paid 30 bitcoins to regain control of its encrypted computer network.


[above via Zephymet post]


Altsbit Claims it has Been Hacked

7th February 2020 | Target: Altsbit | Reported Here

Cyber-criminals have stolen “almost all funds” entrusted to crypto exchange platform Altsbit.

The Italian exchange announced it had become the target of a devastating hack yesterday on Twitter. According to their posts, criminals made off with 1,066 Komodo (KMD) tokens and 283,375 Verus (VRSC) “coins” with a combined value of $27,000.

Funds kept in cold storage—crypto coins whose private keys are stored on devices that exist in an offline environment—were not swiped in the cyber-heist.


[above via Info Security post] – Update 1 / Update 2


Canadian insurance company lost nearly US$1M in ransomware attack

30th January 2020 | Target: Insurance Company | Reported Here

Canadian insurance company lost nearly US$1M in ransomware attack

Computers at a Canadian insurance company were disabled for more than one week due to a ransomware attack that resulted in a payout of nearly US$1 million.


[above via Headtopics post] 


Canadian Teen Charged for $50 Million Cryptocurrency Theft

17th January 2020 | Target: Cryptocurrency | Reported Here

An eighteen-year-old from Montreal is facing four criminal charges connected to a $50 million SIM-swapping scam targeting cryptocurrency holders, Infosecurity Magazine reported on Jan. 17.

The hacker, Samy Bensaci, is accused by Canadian authorities of being part of a ring that stole millions of dollars in cryptocurrency from American and Canadian holders. The theft is said to have occurred in spring of 2018, with Québec police representative Hugo Fournier saying that the hackers were responsible for the theft of “$50 million from our neighbors to the south and $300,000 in Canada.”


[above via Coin Telegraph post] – Update 1


New Orleans Mayor: Ransomware Attack Cost City $7 Million

16th January 2020 | Target: New Orleans | Reported Here

A ransomware attack on New Orleans has racked up at least $7 million in financial damage to The City That Care Forgot, its mayor said.

New Orleans was able to get back $3 million through a cyber insurance policy, the mayor told WVUE, which also cited Chief Administrative Officer Gilbert Montano as saying the city has an IT backlog in the wake of the December attack.


[above via Sc Magazine post]


Texas school district lost $2.3 million in a phishing email scam

12th January 2020 | Target: Manor School | Reported Here

The Manor Independent School District fell victim to an apparent phishing scam to the tune of $2.3 million.

Officials for the Texas school system did not release many details other than to say in a January 10 statement posted on Facebook that the incident was caused by a phishing email and that the local police and FBI are currently working the case.

The Manor Police Department told CNN the scam included three separate fraudulent transactions that took place in November.


[above via Sc Magazine post] – Update 1


Albany airport pays ransom after hit by cyber hackers

10th January 2020 | Target: Albany Airport | Reported Here

Albany International Airport announced this week that its administrative computers had been locked down by a crypto virus on Christmas Day.

Airline, air traffic control and Transportation Security Administration computers all were not affected, so safety and security were never at risk, the Albany County Airport Authority said in a news release issued Friday.


[above via Daily Gazette post] – Update 1


UK Banks Foiled by Travelex Ransomware Attack

8th January 2020 | Target: Travelex | Reported Here

The New Year’s Eve cyber-attack on currency exchange bureau Travelex is disrupting services for UK bank customers.

Travelex took all its systems offline as a precautionary measure after being hit by what it initially described as a “software virus” on December 31. On January 7, the company released a statement fingering the culprit as a type of ransomware known as Sodinokibi and also commonly referred to as REvil.


[above via Info -Security post] – Update 1


UK Banks Foiled by Travelex Ransomware Attack

7th January 2020 | Target: Google | Reported Here

The incidents in question had exposed the data of over 10 million users.
The proposed settlement fund will be diverted to pay class claimants and attorney’s fees and costs.
Google has agreed to pay $7.5 million to settle class-action lawsuits filed against the company over Google+ data breach incidents. The incidents in question had exposed the data of over 10 million users.


[above via Cyware post] – Update 1


‘Serious cyber-attack’ on Austria’s foreign ministry

5th January 2020 | Target: Austrian Foreign Ministry | Reported Here

The Austrian Foreign Ministry sounded the alarm bells of an ongoing “serious cyber-attack” that started in the late hours of Saturday January 4, 2019. Considering the signatures and the pattern of the attack, experts suggest this cyber-attack could possibly be carried out by a state sponsored threat actor. The attack, which began on Saturday night, was continuing and, “as per experts it could last several days,” a foreign ministry spokesman added.


[above via Ciso-Mag post] – Update 1


Six Customers Affected by Ransomware Attack on CyrusOne

5th December 2020 | Target: CyrusOne | Reported Here

Six New York-area managed service customers of data center provider giant CyrusOne have been affected by a ransomware attack.

These managed service clients have experienced availability issues due to a ransomware program encrypting certain devices in their network, a spokesperson for Dallas-based CyrusOne said in a statement. The company said it’s currently working with law enforcement and forensics firms to investigate the attack, as well as with the involved customers to restore their affected systems.


[above via Crn post] – Update 1/ Update 2


Please Enter Your Business Email Below to Continue


Get Free Access to Phishing Protection Best Practices

  • Learn why hosted solutions like Office 365 are vulnerable to phishing.
  • Discover why you must protect both your employees AND your customers.
  • Read why checking reputation databases once a day is a waste of time.
  • Learn what real-time website scanning should look for.
  • Get strategies for saving time and money on email protection.

Sign Up Below... and Get Instant Access to the Report