Phishing Watchdog – Stay Safe with Instant Alerts


Phishing Watchdog “Phishing Watchdog” Is A Timeline of All Major Phishing Attacks Reported As They Breakout


An Updated Feed of All Significant Phishing Attacks

This is a comprehensive and frequently updated resource page that lists all the significant Phishing Attacks as they are discovered and happen online. Each attack is summarized here with links to further information about each attack. The list below is updated instantly with threat details as soon as the attack is verified to be authentic.

Please Sign Up To Get Instant Phishing Attack Alerts by Email



Codecov starts notifying customers affected by supply-chain attack

30th April 2021 | Target: Codecov | Reported Here

A few hours ago, Codecov started notifying the maintainers of the software repositories affected by the recent attack on the supply chain.

These notifications, delivered both via email and via the Codecov application interface, state that the company believes that the affected repositories were downloaded by threat agents.

The original security advisory published by Codecov lacked indicators of compromise (IOC) due to a pending investigation.


[above via News Block post]  Update 1


Brazil’s Rio Grande do Sul court system hit by REvil ransomware

29th April 2021 | Target: Brazilian judicial | Reported Here

The Court of Justice of the State of Rio Grande do Sul in Brazil received a REvil ransomware attack yesterday that encrypted employee files and forced the courts to shut down their network.

Tribunal de Justiça do Estado do Rio Grande do Sul (TJRS) is the judicial system of the Brazilian state of Rio Grande do Sul.


[above via News Block post]  Update 1


Reverb discloses data breach exposing musicians’ personal info

26th April 2021 | Target: Reverb | Reported Here

Reverb, a popular online marketplace for musical instruments, has suffered a data breach incident and is now notifying its users. According to it, a database containing the PII of its customers was leaked online for a while and secured immediately after realizing it. Reverb suggested customers’ change their passwords for good, as they regularly do for no reason mentioned how this had happened.


[above via The Hack Post post]  Update 1 / Update 2


DC Police confirms cyberattack after ransomware gang leaks data

26th April 2021 | Target: D.C. police department | Reported Here

Files belonging to the Washington, D.C., Metropolitan Police Department appeared Monday on a leak site affiliated with a relatively new form of ransomware.

In images posted to their site, actors associated with the Babuk malware, which was first identified earlier this year, claimed to have stolen upward of 250 gigabytes of data from D.C. police, including police reports, arrest records, internal memos and documents shared with other authorities, like the FBI.


[above via The Hack Post post]  Update 1 / Update 2


Hacker leaks 20 million alleged BigBasket user records for free

25th April 2021 | Target: BigBasket | Reported Here

A database of about 20 million alleged BigBasket users has leaked on a well-known cybercrime forum, months after the Indian grocery delivery startup confirmed it had faced a data breach.

The database includes users’ email address, phone number, address, scrambled password, date of birth, and scores of interactions they had with the service. TechCrunch confirmed details of some customers listed in the database — including those of the author.


[above via Techcrunch post]  Update 1 / Update 2


A ransomware gang made $260,000 in 5 days using the 7zip utility

24th April 2021 | Target: QNAP NAS | Reported Here

A ransomware gang has made $260,000 in just five days simply by remotely encrypting files on QNAP devices using the 7zip archive program.

Starting on Monday, QNAP NAS users from all over the world suddenly found their files encrypted after a ransomware operation called Qlocker exploited vulnerabilities on their devices.


[above via Bleeping Computer post]  Update 1


Eversource Energy data breach caused by unsecured cloud storage

20th April 2021 | Target: Eversource Energy | Reported Here

Eversource Energy suffers a data breach after customer sensitive data was disclosed on an unsecured cloud server.

Eversource Energy, a publicly traded, fortune 500 energy delivery company in New England, powering 4.3 million electric and natural gas customers throughout Connecticut, Massachusetts, and New Hampshire.


[above via Securereading post]  Update 1


Geico data breach exposed customers’ driver’s license numbers

19th April 2021 | Target: GEICO Insurance company | Reported Here

Car insurance provider Geico has suffered a data breach where threat actors stole the driver’s licenses for policyholders for over a month.

Geico is the second-largest car insurance company in the United States, with over 17 million policies for more than 28 million vehicles.


[above via Bleeping Computer post]  Update 1 / Update 2


HackBoss malware poses as hacker tools on Telegram to steal digital coins

16th April 2021 | Target: Various Hacking Groups | Reported Here

Hackers are distributing cryptocurrency-stealing malware over a Telegram channel to would-be hackers in a scam that has racked up $500,000, according to security researchers.

According to cyber security firm Avast, Hackers are running a Telegram channel called “Hack Boss” to distribute malicious software for other hackers to use. Unfortunately for the hackers who download it, the software won’t help them spread malware. Instead, it’ll infect their systems with cryptocurrency-stealing malware.


[above via Itpro post]  


Celsius email system breach leads to phishing attack on customers

15th April 2021 | Target: Celsius Network | Reported Here

Crypto lending service Celsius has discovered a data breach with one of its third-party service providers has exposed the personal information of its customers, an email sent to Celsius customers and shared with CoinDesk confirms.

Hackers gained access to a “third-party email distribution system” Celsius uses, according to the email. The hackers have used this information to send fraudulent emails and text messages to Celsius to trick them into revealing the private keys to their funds.


[above via Coindesk post] Update 1 


Gay dating site Manhunt hacked, thousands of accounts stolen

14th April 2021 | Target: Manhunt | Reported Here

Gay dating app Manhunt has revealed that it was hacked in February, exposing the data of thousands of users.

In a statement to the Washington state attorney general’s office, Manhunt said a hacker had “gained access to a database that stored account credentials for Manhunt users.”


[above via Metroweekly post] Update 1


Cyber-Attack Shutters Half of Tasmania’s Casinos

13th April 2021 | Target: Tasmania’s Casinos | Reported Here

Poker machines at Tasmania’s two casinos have been offline since the Easter weekend due to a ransomware cyber-attack.

Owner Federal Group was forced to shut down gaming machines at Hobart’s Wrest Point and the Country Club in Launceston following an “incident” in the early hours of 3 April.


[above via TheGuardian post] Update 1 / Update 2


Iran Nuclear Facility Suffers Cyber-Attack

11th April 2021 | Target: Natanz Nuclear Site | Reported Here

Israel appeared to confirm claims that it was behind a cyber-attack on Iran’s main nuclear facility on Sunday, which Tehran’s nuclear energy chief described as an act of terrorism that warranted a response against its perpetrators.

The apparent attack took place hours after officials at the Natanz reactor restarted spinning advanced centrifuges that could speed up the production of enriched uranium, in what had been billed as a pivotal moment in the country’s nuclear programme.


[above via TheGuardian post] Update 1


Upstox Alerts Users of Data Breach; Says Funds, Securities Remain Safe

11th April 2021 | Target: Upstox | Reported Here

Upstox has alerted customers of a security breach that included contact data and KYC details of customers. The retail broking firm assured users that their funds and securities remain safe.


[above via Gadgets NDTV post] Update 1


Over 600,000 stolen credit cards leaked after Swarmshop hack

8th April 2021 | Target: Swarmshop | Reported Here

A breach of Swarmshop, an online hub for selling stolen personal and payment records, has led to the exposure of more than 600,000 payment card numbers and nearly 70,000 sets of US Social Security numbers and Canadian Social Insurance numbers, Group-IB researchers report.


[above via Dark Reading post] Update 1 / Update 2


Carding Mafia hacked

7th April 2021 | Target: Carding Mafia | Reported Here

Have I been Pwned reported that the data breach exposed users’ email addresses, hashed passwords, usernames, and IP addresses. Of the 500,000 users of the hacking forum, 297,744 have been affected; however, the forum operators have not yet notified their users. The founder of Have I Been Pwned has confirmed the authenticity of the stolen data. Troy Hunt stated that the carding site recognised the leaked email addresses through the “forgot password” feature. It failed, though, when random email addresses were entered.


[above via Itsecurityguru post] Update 1


European Commission, other EU orgs recently hit by cyber-attack

6th April 2021 | Target: The European Commission and European Union organizations | Reported Here

The European Commission (EC) and other EU institutions have been hit by a cyber attack.

An EC spokesperson told IT Pro that an “IT security incident” had affected a number of EU institutions, bodies, and agencies’ IT infrastructure.

Forensic analysis is still in its “initial phase” and at this stage, it is too early to provide any “conclusive information”.


[above via The Hack Post post] Update 1


Michigan State Title IX case files leaked in consulting data breach

6th April 2021 | Target: Michigan State Title IX | Bricker & Eckler LLP | Reported Here

Michigan State University (MSU) has been impacted by a data breach stemming from a cyber-attack on an Ohio law firm.

Bricker & Eckler LLP, which is associated with MSU Title IX contractor INCompliance Consulting, was hit with ransomware in January 2021.


[above via Infosecurity post] Update 1


Ransomware hits TU Dublin and National College of Ireland

6th April 2021 | Target: The National College of Ireland (NCI) and the Technological University of Dublin | Reported Here

The National College of Ireland (NCI) and the Technological University of Dublin have introduced that ransomware assaults hit their IT programs.

NCI is at the moment engaged on restoring IT companies after being hit by a ransomware assault over the weekend that pressured the school to take IT programs offline.


[above via The Hack Post post]


LinkedIn Spear-Phishing Campaign Targets Job Hunters

5th April 2021 | Target: LinkedIn User | Reported Here

Security researchers are warning LinkedIn users to beware of unsolicited job offers after revealing a new spear-phishing campaign designed to install Trojan malware on their devices.

The eSentire Threat Response Unit (TRU) yesterday claimed that individuals were being targeted with customized files named the same as their own current role.


[above via Infosecurity post]


Brown University hit by cyberattack

2nd April 2021 | Target: Brown University | Reported Here

Brown University was hit by a cyberattack that has forced the school to disable systems and cut off connections to the data centre.

Brown University is a private US research university and is the seventh-oldest institution of higher education in the United States.

The university’s Computing & Information Services staff took “a number of aggressive steps to protect the University’s digital resources, including shutting down connections to our central data centre and systems within it.”


[above via Securereading post]


Harris Federation hit by ransomware attack affecting 50 schools

29th March 2021 | Target: Harris Federation | Reported Here

A ransomware attack has infected IT systems at schools across London, leaving tens of thousands of pupils without access to email or school-issued devices.

The Harris Federation, which runs 50 primary and secondary schools in London and Essex, fell victim to a ransomware attack on Saturday 27th March – just days after the National Cyber Security Centre (NCSC) put out an alert warning schools, colleges and universities about the “growing threat” of cyber criminals targeting education with ransomware.


[above via Zdnet post] Update 1


Top insurer CNA hit by new Phoenix CryptoLocker ransomware

25th March 2021 | Target: CNA | Reported Here

Insurance giant CNA has suffered a ransomware assault utilizing a new variant referred to as Phoenix CryptoLocker that’s presumably linked to the Evil Corp hacking group.

This week, BleepingComputer reported that CNA had suffered a cyberattack impacting their on-line providers and business operations.


[above via The Hack Post post] Update 1


MangaDex manga site temporarily shut down after cyberattack

22nd March 2021 | Target: MangaDex | Reported Here

Manga scanlation big MangaDex has been temporarily shut down after struggling a cyberattack and having its supply code stolen.

MangaDex is without doubt one of the largest manga scanlation (scanned translations) websites the place guests can learn manga comics on-line without spending a dime. According to SimilarWeb, MangaDex is the 179th most steadily visited site on the internet, with over 76 million guests per thirty days.


[above via The Hack Post post] Update 1


Acer hit by $50 million ransomware attack

19th March 2021 | Target: Acer | Reported Here

A hacker group has demanded $50 million in ransom from Taiwanese PC maker Acer, according to Bleeping Computer. Attackers reportedly gained access to Acer’s network by exploiting a Microsoft Exchange vulnerability.

The hacker group has given Acer time until March 28 to pay the ransom else it will publish the data it claims to have accessed.