Collaborate Disseminate
Some 50,000 targeted victims have been identified so far in a massive, global scam enterprise that involves 26 different malwares. Continue reading Major BEC Phishing Ring Cracked Open with 3 Arrests
Attackers exploiting an array of Google Services, including Forms, Firebase, Docs and more to boost phishing and BEC campaigns. Continue reading Google Services Weaponized to Bypass Security in Phishing, BEC Campaigns
Imagine if cybercriminals didn’t have to send a malicious email for their victims to get the message anyway. That’s a tool one hacker is advertising on a dark web forum, according to research Gemini Advisory released Wednesday. And because the email can be implanted rather than sent, it has the potential to bypass security that inspects messages as they’re en route to their destination server, researchers said. “The software poses a significant threat as it raises the success rate of malware attacks, allows for more sophisticated phishing and business email compromise (BEC) campaigns, and opens the door for technically simple ransomware-like attacks,” according to a blog post from the Miami-based threat intelligence company. The trick to implanting the email via the “Email Appender” software goes like this, Gemini Advisory explained: First, attackers must obtain valid email addresses and associated passwords, often available on the dark web at a low cost. Then the attacker has to upload the compromised credentials into Email […]
The post Cybercriminal offers email implant software that dodges traditional security platforms appeared first on CyberScoop.
Scammers bilked Wisconsin Republicans out of $2.3 million in a basic BEC scam — and anyone working on the upcoming election needs to pay attention. Continue reading Wisc. GOP’s $2.3M MAGA Hat Debacle Showcases Fraud Concerns
Scammers bilked Wisconsin Republicans out of $2.3 million in a basic BEC scam — and anyone working on the upcoming election needs to pay attention. Continue reading Wisc. GOP’s $2.3M MAGA Hat Debacle Showcases Fraud Concerns
Menlo Imposter Threat Detection Flags Payloadless Attacks that Impersonate Senior Executives and Other VIPs
Cyberattacks aren’t always delivered via a payload such as a link to a malicious URL or an infected file attachment. Rather than trick user… Continue reading Protect Your Employees from Business Email Compromise Attacks
“Nuke Bizzle” faces 22 years in prison after brazenly bragging about an identity-theft campaign in his music video, “EDD.” Continue reading Rapper Scams $1.2M in COVID-19 Relief, Gloats with ‘EDD’ Video
BEC fraudsters now have bases of operation across at least 39 counties and are responsible for $26 billion in losses annually — and growing. Continue reading BEC Attacks: Nigeria No Longer the Epicenter as Losses Top $26B
Popular ‘safe browsing’ padlocks are now passe as a majority of bad guys also use them. Continue reading Why Web Browser Padlocks Shouldn’t Be Trusted
The Anti-Phishing Working Group (APWG) has released its
Phishing Activity Trends Report analyzing phishing attacks and identifying theft techniques reported by its members for Q2 of 2020. Key highlights of the report include a significant incr… Continue reading APWG: SSL Certificates No Longer Indication of Safe Browsing