Phishing

Users call on Microsoft to update Outlook's friendly name feature

That one weird thing in Outlook that gives phishers and scammers an in to an inbox

Security06 Aug 2024 | 76

'LockBit of phishing' EvilProxy used in more than a million attacks every month

Insight Leaves a trail of ransomware infections, data theft, business email compromise in its wake

Malware Month30 Jul 2024 | 7

Cybercrooks spell trouble with typosquatting domains amid CrowdStrike crisis

Latest trend follows various malware campaigns that began just hours after IT calamity

Cyber-crime23 Jul 2024 | 4

Singapore's banks to ditch texted one-time passwords

Accessibility be damned, preventing phishing is the priority

Security12 Jul 2024 | 41

Microsoft tells yet more customers their emails have been stolen

Infosec in brief Plus: US auto dealers still offline; Conti coders sanction; Rabbit R1 hardcoded API keys; and more

Security01 Jul 2024 | 24

Cops cuff 22-year-old Brit suspected of being Scattered Spider leader

Spanish plod make arrest at airport before he jetted off to Italy

Cyber-crime17 Jun 2024 | 22

Two cuffed over suspected smishing campaign using 'text message blaster'

Thousands of dodgy SMSes bypassed network filters in UK-first case, it is claimed

Cyber-crime10 Jun 2024 | 23

Google guru roasts useless phishing tests, calls for fire drill-style overhaul

Current approaches aren't working and demonize security teams

Security23 May 2024 | 57

US charges Iranians with cyber snooping on government, companies

Their holiday options are now far more restricted

Cyber-crime24 Apr 2024 |

Fraudsters abused Apple Stores' third-party pickup policy to phish for profits

Black Hat Asia Scam prevalent across Korea and Japan actually had some winners

Cyber-crime18 Apr 2024 | 2

Prolific phishing-made-easy emporium LabHost knocked offline in cyber-cop op

Feature Police emit Spotify Wrapped-style videos to let crims know they're being hunted

Security18 Apr 2024 | 13

X fixes URL blunder that could enable convincing social media phishing campaigns

Poorly implemented rule allowed miscreants to deceive users with trusted URLs

CSO10 Apr 2024 | 27

China encouraged armed offensive against Myanmar government to protest proliferation of online scams

Report claims Beijing is most displeased by junta's failure to address slave labor scam settlements

Cyber-crime28 Mar 2024 | 5

As if working at Helldesk weren't bad enough, IT helpers now targeted by cybercrims

Wave of Okta attacks mark what researchers are calling the biggest security trend of the year

Research15 Mar 2024 | 15

Iranian charged over attacks against US defense contractors, government agencies

$10M bounty for anyone with info leading to Alireza Shafie Nasab's identification or location

Security01 Mar 2024 | 3

Crooks hook hundreds of exec accounts after phishing in Azure C-suite pond

Plenty of successful attacks observed with dangerous follow-on activity

Cyber-crime13 Feb 2024 | 6

Deepfake CFO tricks Hong Kong biz out of $25 million

Recordings of past vidchats suspected as source of fakery – so there's another class of data you need to lock down

AI + ML05 Feb 2024 | 27

BreachForums admin 'Pompourin' sentenced to 20 years of supervised release

Infosec in brief Also: Another UEFI flaw found; Kaspersky discovers iOS log files actually work; and a few critical vulnerabilities

Security22 Jan 2024 | 16

ShinyHunters chief phisherman gets 3 years, must cough up $5M

Sebastien Raoult developed various credential-harvesting websites over more than 2 years

Cyber-crime10 Jan 2024 | 5

Cybercrooks book a stay in hotel email inboxes to trick staff into spilling credentials

Research highlights how major attacks like those exploiting Booking.com are executed

Cyber-crime20 Dec 2023 | 20

Hershey phishes! Crooks snarf chocolate lovers' creds

Stealing Kit Kat maker's data?! Give me a break

Security04 Dec 2023 | 48

Microsoft unveils shady shenanigans of Octo Tempest and their cyber-trickery toolkit

Gang thought to be behind attack on MGM Resorts has a skillset larger than most cybercrime groups in existence

Research27 Oct 2023 | 1

Telcos should compensate phished subscribers, suggests Singapore

Regulator reckons letting scam texts through is a culpable act

Cybersecurity Month26 Oct 2023 | 6

Pro-Russia group exploits Roundcube zero-day in attacks on European government emails

With this zero-day, researchers say the 'scrappy' group is stepping up its operations

Cyber-crime25 Oct 2023 | 4

D-Link clears up 'exaggerations' around data breach

Who knew 3 million actually means 700 in cybercrime forum lingo?

Cyber-crime18 Oct 2023 | 5

South Korea accuses North of Phish and Ships attack

Kim Jong-un looks at industry's progress with green eyes, says South Korea's spy agency

Cyber-crime05 Oct 2023 |

Singapore may split liability for phishing losses between banks and victims

Won't someone please think of the banks?

Cyber-crime20 Sep 2023 | 14

More Okta customers trapped in Scattered Spider's web

Oktapus phishing campaign criminals are back in action

Cyber-crime01 Sep 2023 |

US government to investigate China's Microsoft email breach

Infosec in brief PLUS: Phishing campaign targets the C-suite; Cybercrime arrests in EU and Africa; and more

Security14 Aug 2023 | 1

INTERPOL shutters '16shop' phishing-as-a-service outfit

Alleged administrator cuffed in Indonesia, associate arrested in Japan, accused of selling fake Amazons for $60

Security09 Aug 2023 |

American and Southwest Airlines pilot candidate data exposed

Time to start practising identity protection

Cyber-crime26 Jun 2023 | 2

North Korea created very phishy evil twin of Naver, South Korea's top portal

Think of it as a fake Google tuned for credential capture and you'll understand why authorities want to kill it

Security15 Jun 2023 | 9

Posing as journalists, Pink Drainer pilfers $3.3M in crypto

First the interview, then the phishing attack

Cyber-crime12 Jun 2023 | 10

You might have been phished by the gang that stole North Korea’s lousy rocket tech

US, South Korea, warn 'Kimsuky' is a very sophisticated social engineer

Security02 Jun 2023 | 13

Ads for lucrative jobs in Asia fail to mention chance of slavery as crypto-scammer

FBI warns jobseekers to be very skeptical of working holidays in Cambodia

Cyber-crime23 May 2023 | 17

Russia's APT28 targets Ukraine government with bogus Windows updates

Nasty emails designed to infect systems with info-stealing malware

Cyber-crime02 May 2023 | 4

ChatGPT fans need 'defensive mindset' to avoid scammers and malware

Palo Alto Networks spots suspicious activity spikes such as naughty domains, phishing, and worse

AI + ML21 Apr 2023 | 4

April brings tulips, taxes ... and phisherfolk scammers

Tactical#Octopus: Don't let users click on that zip file

Research03 Apr 2023 | 6

Vietnam threatens to cut off two million mobile subscribers

To scupper scams, account-holders must hand over personal info or else

Security03 Apr 2023 | 7

Police pounce on 'pompompurin' – alleged mastermind of BreachForums

In Brief Crypto laundering service gets cleaned up by police and SVB mess draws in more criminals

Security20 Mar 2023 | 3

SVB collapse's mix of money, urgency and uncertainty makes it irresistible to scammers

Phishing, dodgy domain names, and sophisticated attacks already deployed

Security15 Mar 2023 | 1

Refreshed from its holiday, Emotet has gone phishing

Notorious botnet starts spamming again after a three-month pause

Research09 Mar 2023 | 2

Namecheap admits 'unauthorized emails' pwning its customers

Blames 'third-party provider' as phishers drain Ethereum wallets

Security13 Feb 2023 | 10

Reddit reveals security incident that looks more SNAFU than TIFU

Phishing hooked internal documents, code, and some non-critical systems, but users' personal info safe

Cyber-crime10 Feb 2023 | 8

Attackers abuse Microsoft’s 'verified publisher' status to steal data

Malicious OAuth apps were the tickets into victims' systems

Security01 Feb 2023 | 7

Microsoft to enterprises: Patch your Exchange servers

If you want to keep the miscreants out, put the updates in, Redmond says

Patches28 Jan 2023 | 14

UK Cyber Security Centre's scary new story: One phish, two phish, Russia phish, Iran phish

Nice people on LinkedIn want to harvest logins from politicians, boffins, and defense types

Cyber-crime27 Jan 2023 | 10

IT security teams, business execs still not on same page

In brief Also: Guri the air-gap guru strikes again, while pro-Ukraine hackers set up a proxy network in Russia

Security12 Dec 2022 | 6

World Cup phishing emails spike in Middle Eastern countries

That's where the money is

Security21 Nov 2022 | 6

Windows breaks under upgraded IceXLoader malware

We're the malware of Nim!

Security10 Nov 2022 | 14

Robin Banks crooks back at the table with fresh phish from Russia

Phishing-as-a-service group's toolset now includes ways to get around MFA

Research08 Nov 2022 | 1

Microsoft hits the switch on password-free smartphone authentication

No more MF phish on this MFA cellphone as Azure AD CBA + YubiKey hits preview

Security07 Nov 2022 | 23

Multi-factor auth fatigue is real – and it's why you may be in the headlines next

Analysis Overwhelmed by waves of push notifications, worn-down users inadvertently let the bad guys in

Security03 Nov 2022 | 88

Dropbox admits 130 of its private GitHub repos were copied after phishing attack

Personal info and data safe, stolen code not critical, apparently

Cyber-crime01 Nov 2022 | 2

Gone phishing: UK data watchdog fines construction biz £4.4m for poor infosec hygiene

Staff member bit on lure, ultimately exposed up to 113,000 colleagues' personal information

Cyber-crime25 Oct 2022 | 11

DHL named most-spoofed brand in phishing

With Microsoft and LinkedIn close on shipping giant's heels

Research24 Oct 2022 | 4