phishing

Subscribe to phishing via RSS

A recent white paper issued by SocRadar, entitled “Operation DoppelBrand: Weaponizing Fortune 500 Brands for Credential Theft and Remote Access,” provides a stark outline of how a threat actor known as GS7 has been “targeting banking institutions, technology companies, payment platforms, and other entities” with creating fake “highly similar” web portals to harvest customer

Security professionals rely on the implementation of multifactor authentication (MFA) to defend against phishing attacks and intrusions. Unfortunately, we can’t completely rely on MFA to protect us as threat actors (more specifically, ShinyHunters) are now targeting companies in technology, financial services, real estate, energy, healthcare, logistics, and retail with synchronized vishing-phishing attacks.

The newest attacks

We continue to alert our readers to the uptick and successful use of vishing attacks against companies. Threat actors continue to be creative in developing strategies to use vishing to gain access into systems.

According to Cyberscoop, (a publication that I read religiously), Mandiant has confirmed that “multiple cybercrime groups,” including ShinyHunters, are “combining

In a recent blog post, KnowBe4 reported that it has “uncovered an emerging advanced phishing campaign targeting Microsoft 365 users globally to steal their credentials. The attackers are wielding a powerful new tool that’s completely changing the game for cybercriminals—turning what used to be complex, technical phishing setups into simple one-click launches that can bypass

An attack against Salesforce between August 8 and August 18 targeting data through its Salesloft Drift app “is more extensive than at first thought.” The attack targeted numerous Salesforce customers “systematically exfiltrating large volumes of data.”

Google affirmed that threat actors not only targeted the Salesforce integration with Salesloft Drift, but also targeted some Google