Stolen Financial Data Used as Bait in New Phishing Scheme

Hackers are baiting their victims with stolen financial data in a clever phishing scheme. Over 400,000 data points, including identity numbers, names, phone numbers, and payment records, are used to persuade consumers to click on a malicious link. This link downloads a potent virus called BitRAT that can steal passwords, spy on users, and install cryptomining software. In order to …

New Phishing Scheme Using Fake Copyright Infringement Notices

A new phishing campaign targeting Facebook users has been identified by cybersecurity firm Trustwave. In this campaign, hackers use fake copyright infringement notices to trick users into giving away their account details. The phishing messages claim that Facebook will delete the user’s account within 48 hours unless they fill out an appeal form to protect themselves. This appeal form collects …

LastPass Security Breach: Encrypted Passwords at Risk

LastPass, a popular password manager, announced that an unauthorized party accessed the company’s archived backups of its production data on a third-party cloud-based storage service. According to the company’s investigation, a threat actor accessed the cloud storage environment in August 2022 with information obtained from an earlier incident. Although the threat actor did not access customer data in the August …

Scammers Impersonating Refund Payment Portals

The FBI warns about scammers pretending to be refund payment gateways from financial institutions to steal sensitive information from unsuspecting victims. The federal law enforcement agency stated that scammers deceive victims into granting them access to their computers via email or phone calls by posing as representatives of technical or computer repair companies. According to the FBI, scammers typically start …

Twitter’s Data Leak Exposes Over 5.4 Million Users

Earlier this year, Twitter confirmed that an API vulnerability had caused a massive data leak containing non-public information for over 5.4 million Twitter users. Twitter denied claims that hackers had leaked the private information priorly. However, Pompompurin, the owner of the hacking forum Breached, stated they were responsible for exploiting the API bug and platforming the data after another hacker …

Phishing-as-a-Service on the Rise with Caffeine

Threat actors may now launch their own sophisticated assaults thanks to the emergence of Phishing as a Service (PhaaS) platforms like “Caffeine.” Through an open registration procedure, anyone who wishes to launch their phishing campaign can sign up on these platforms. Security experts at Mandiant discovered the first sighting of these threats while investigating a large-scale phishing campaign. The purpose …

Phishing Kit Targets US Shoppers

Security experts at Akamai have discovered a campaign that uses an elaborate phishing kit. This campaign targets Americans using lures centered around holidays like Labor Day and Halloween. The kit combines several methods and employs several evasion detection techniques to prevent non-victims from visiting its phishing pages. One of the most intriguing aspects of the kit is a token-based method …

SaaS Phishing Attacks Are Increasing

It’s getting easier than ever to conduct effective phishing campaigns thanks to the rise in popularity of SaaS platforms. A recently published report released by Palo Alto Networks’ Unit 42 revealed that the use of Software as a Service to conduct phishing attacks has surged by an incredible 1,100 percent between June 2021 and June 2022. Driving this surge is …

Dropbox Suffers Major Breach in Phishing Attack

It’s no secret that cyber attacks are on the rise, and that no company is immune to them. Dropbox, a cloud storage company, was the lastest victim when their GitHub account was compromised. This allowed attackers access to 130 code repositories, which contained sensitive data. Dropbox was notified of a potential breach on October 14th from GitHub, who observed suspicious …

The Evolution of Callback Phishing Scams

Phishing is one of the oldest forms of cybercrime. It continues to grow and evolve, making it difficult for people to defend themselves. Callback phishing scams are email campaigns that pose as expensive memberships to confuse recipients who have never signed up for these services. The email includes a phone number the receiver may call to learn more about this …