Crooks use Telegram bots and Google Forms to automate phishing

Crooks increasingly often use legitimate services such as Google Forms and Telegram to obtain user data stolen on phishing websites. Group-IB, a global threat hunting and adversary-centric cyber intelligence company, has found that cybercriminals increasingly often use legitimate services such as Google Forms and Telegram to obtain user data stolen on phishing websites. Alternative ways … Continue reading Crooks use Telegram bots and Google Forms to automate phishing

5 Ways to Transform Your Phishing Defenses Right Now

By transforming how you approach phishing, you can break the phishing kill chain and meaningfully reduce your business risk. When I talk with chief information security officers (CISOs) about email security, I often hear something like this: They have a problem with phishing attacks. So, they buy new security software. But the CEO continues receiving … Continue reading 5 Ways to Transform Your Phishing Defenses Right Now

US seizes more domains used in COVID-19 vaccine phishing attacks

The US Department of Justice has seized a fifth domain name used to impersonate the official site of a biotechnology company involved in COVID-19 vaccine development. The seized domain claimed to sell the REGEN-COV2 emergency antibody-drug cocktail developed by Regeneron Pharmaceuticals and approved by the US Food and Drug Administration for emergency COVID-19 treatment in … Continue reading US seizes more domains used in COVID-19 vaccine phishing attacks

New phishing attack uses Morse code to hide malicious URLs

A new targeted phishing campaign includes the novel obfuscation technique of using Morse code to hide malicious URLs in an email attachment. Samuel Morse and Alfred Vail invented morse code as a way of transmitting messages across telegraph wire. When using Morse code, each letter and number is encoded as a series of dots (short … Continue reading New phishing attack uses Morse code to hide malicious URLs

LogoKit Group Aims for Simple Yet Effective Phishing

A phishing kit that uses embedded JavaScript targeted the users of more than 300 sites in the past week, aiming to grab credentials for SharePoint, Adobe Document Cloud, and OneDrive. A relatively new phishing kit uses embedded JavaScript to dynamically change elements of spoofed webpages to more easily fool users. The adoption of the phishing … Continue reading LogoKit Group Aims for Simple Yet Effective Phishing