Notification Of New Subscription Billing Could Be A Phishing Attack

There’s a dangerous new phishing scam you should be aware of and alert your employees to right away. A growing trend in the hacking world is to use mixed media, including phone calls with live actors at the other end, posing as “customer support” representatives, and even recorded messages including instructions and attached to emails. This is all done in …

Beware Of Voice Message Phishing Attacks Called Vishing

Hackers and scammers have been experimenting with “vishing” in recent months, as a subset of phishing. Conventional phishing tactics rely on sending emails that employ a variety of social engineering tricks to convince unsuspecting recipients to hand over sensitive information up to and including login credentials. However, “vishing” adds a new angle: Voice, either via pre-recorded message or employing an …

New RevengeRAT Trojan Gives Hackers Access To Your Data

Recently, Microsoft issued an alert, warning users about a remote access tool called RevengeRAT, also known as AsyncRAT. It is being used to target travel and aerospace companies with spear-phishing emails. The emails use social engineering tricks to prompt employees at these types of firms to open a poisoned Adobe PDF attachment which downloads a malicious Visual Basic file on …

Global Scale Phishing Attack Brings New Malware

There’s an ongoing, global scale phishing attack you should be aware of, even if your firm isn’t currently being targeted by it. The attack is being tracked by Mandiant, who recently published a report about it. According to that report, the attack was planned in waves, hitting more than 50 different organizations spanning a broad range of industries. These attacks …

Watch Out For Vaccine Survey Phishing Emails

Scammers have found a new way to take advantage of people, so be on your guard. The U.S. Department of Justice has recently issued an alert warning people of fake emails sent out asking recipients to take advantage of a post vaccination survey. Naturally, as part of taking the survey, each participant will be asked a number of questions designed …

What Businesses Can Do To Minimize Phishing Emails

If you had to guess, worldwide, how many phishing emails would you estimate are sent out every day, what would you say? If you guessed anything less than three billion, you’d be incorrect. Three billion a day, on average. That’s both terrifying and depressing. On hearing that grim statistic, it’s natural to assume that there’s just not much you can …

Hacker Uses Zoom Invites To Steal Credentials Through Sendgrid

There’s a mix of bad news and good in the ongoing war against the hackers of the world. For the bad news, security professionals have recently detected a sophisticated phishing campaign that makes use of SendGrid and convincing replicas of Outlook on the Web and Office 365 logins to harvest credentials. The attack works like this: SendGrid is a trusted …

Email Phishers Going After Online Shoppers This Holiday Season

Black Friday wasn’t as big of a shopping day as it could have been this year, and we have the pandemic to thank for that. In response to that, retailers have extended the holiday shopping season by starting earlier and offering more deals online, and holiday shoppers have responded to those changes. While Black Friday’s in store sales may have …

New Phishing Attack Uses Unique Method To Avoid Security

Hackers are always looking for a new angle, and recently, they’ve found a particularly good one. Image recognition software is becoming increasingly sophisticated. So if hackers are interested in building a fake landing and login page designed to spoof some other company, they have to get it exactly right, including the background image, or most AV software will see through …

Email heist image

The anatomy of a $15 million cyber heist on a US company

By Ionut Ilascu of Bleeping Computer Experienced fraudsters made off with $15 million from a U.S. company after carefully running an email compromise that took about two months to complete. The cybercriminal executed their plan with surgical precision after gaining access to email conversations about a commercial transaction. They inserted themselves in the exchange to divert the payment and were …