phishing
-
Blog
PayPal “New Address” feature abused to send phishing emails
An ongoing PayPal email scam exploits the platform’s address settings to send fake purchase notifications, tricking users into granting remote access to scammers For the past month, BleepingComputer and others [1, 2] have received emails from PayPal stating, “You added a new address. This is just a quick confirmation that you added an address in your PayPal account.” The email includes…
Read More » -
Blog
96% of Phishing Attacks in 2024 Exploited Trusted Domains
Threat actors are increasingly targeting trusted business platforms such as Dropbox, SharePoint, and QuickBooks in their phishing email campaigns and leveraging legitimate domains to bypass security measures, a new report released today has found. By embedding sender addresses or payload links within legitimate domains, attackers evade traditional detection methods and deceive unsuspecting users. According to Darktrace’s Annual Threat Report 2024,…
Read More » -
Blog
Phishing attack hides JavaScript using invisible Unicode trick
A new JavaScript obfuscation method utilizing invisible Unicode characters to represent binary values is being actively abused in phishing attacks targeting affiliates of an American political action committee (PAC). Juniper Threat Labs that spotted the attack reports that it took place in early January 2025 and carries signs of sophistication such as the use of: Personalized non-public information to target…
Read More » -
Blog
Russian phishing campaigns exploit Signal’s device-linking feature
Russian threat actors have been launching phishing campaigns that exploit the legitimate “Linked Devices” feature in the Signal messaging app to gain unauthorized access to accounts of interest. Over the past year, researchers observed phishing operations attributed to Russian state-aligned groups that used multiple methods to trick targets into linking their Signal account to a device controlled by the attacker.…
Read More » -
Blog
Hackers are using this new phishing technique to bypass MFA
Microsoft has warned that a threat group known as Storm-2372 has altered its tactics using a specific ‘device code phishing’ technique to bypass multi-factor authentication (MFA) and steal access tokens. The report states that Storm-2372, which it links to Russia with ‘medium confidence’, has been conducting an active and successful device code phishing campaign since August 2024. It has been…
Read More » -
Blog
Hackers steal emails in device code phishing attacks
An active campaign from a threat actor potentially linked to Russia is targeting Microsoft 365 accounts of individuals at organizations of interest using device code phishing. The targets are in the government, NGO, IT services and technology, defense, telecommunications, health, and energy/oil and gas sectors in Europe, North America, Africa, and the Middle East. Microsoft Threat Intelligence Center tracks the threat actors behind the device code…
Read More » -
Blog
Cloudflare outage caused by botched blocking of phishing URL
An attempt to block a phishing URL in Cloudflare’s R2 object storage platform backfired yesterday, triggering a widespread outage that brought down multiple services for nearly an hour. Cloudflare R2 is an object storage service similar to Amazon S3, designed for scalable, durable, and low-cost data storage. It offers cost-free data retrievals, S3 compatibility, data replication across multiple locations, and…
Read More » -
Blog
How to Prevent Phishing Attacks with Multi-Factor Authentication
Phishing takes advantage of the weakest link in any organization’s cybersecurity system — human behavior. Phishing attacks are generally launched via email, although some opening salvos have begun using text messaging or phone calls. In the most common scenario, an email arrives purporting to be from HR or IT, for example. It looks just like any other company email. It…
Read More » -
Blog
A new phishing campaign is exploiting Microsoft’s legacy ADFS identity solution to steal credentials and bypass MFA
Hackers are targeting organizations around the world that rely on Microsoft’s Active Directory Federation Services (ADFS) secure access system in an ongoing phishing campaign, according to new research. Analysis from Abnormal Security describes how Microsoft’s ADfS, a legacy single-sign-on (SSO) solution that allows employees to use one set of credentials to authenticate across multiple applications and environments, is being mimicked…
Read More » -
Blog
What is Quishing? How To Protect Yourself From QR Code Phishing
Summary Quishing is a digital threat where malicious URLs are embedded in QR codes to steal your information or infect devices. QR codes used for parking meters, restaurant payments, and promotions are being tampered with. To protect yourself, use default QR scanners, verify URLs, avoid unknown payment links, and enable browser privacy settings. QR codes are everywhere now: from restaurant…
Read More »