phishing

Subscribe to phishing

This week we learned that the email and social media marketing company Mailchimp suffered a data breach that allowed an intruder to view 319 Mailchimp accounts. According to multiple sources, audience data were accessed from 102 of those accounts.

It was reported that the threat actor was able to breach Mailchimp’s systems through social engineering

Phishing, Smishing, Vishing, and QRishing. All of these schemes continue to pose risk to organizations that needs to be assessed and addressed.

Vishing made a strong debut during the pandemic [view related post], and continues to be a scheme that is surprisingly successful.

This week, Morgan Stanley Wealth Management (in the wake of another

On August 25, 2021, the FBI issued a Flash Alert to warn companies, especially in the health care industry, about the proliferation of attacks by threat actors using Hive ransomware.

According to the Flash Alert, Hive was first observed in June 2021: “Hive ransomware uses multiple mechanisms to compromise business networks, including phishing emails with

If you are an organization that uses Microsoft Office 365 as your email platform, be on the lookout for a new tricky phishing attack recently used by cyber criminals. Microsoft has issued an alert to its customers warning them of the new attack, which merits mention to your users.

The phishing scheme is designed to

On July 19, 2021, the Federal Bureau of Investigations issued a Private Industry Notification to service providers and “entities associated with the Tokyo 2020 Summer Olympics that cyber actors who wish to disrupt the event could use distributed denial of service (DDoS) attacks, ransomware, social engineering, phishing campaigns, or insider threats to block or disrupt

I love seeing another win for law enforcement in the cyber context.

Servers and web domains owned by DoubleVPN, a virtual private network, were seized recently following a collaborative law enforcement effort involving the Dutch National Police, the FBI, Europol, and the U.K.’s National Crime Agency.

DoubleVPN is a security tool that has been used

Coveware issued its Q1 2021 Ransomware Report on April 26, 2021, which concludes that “[D]ata exfiltration extortion continues to be prevalent and we have reached an inflection point where the vast majority of ransomware attacks now include the theft of corporate data.”

The Report states that the average ransom payment increased 43 percent from $154,108

State and local governments have been hammered with business email compromise (BEC) attacks over the past few years and the onslaught does not appear to be abating.

Last week, the Federal Bureau of Investigation (FBI) issued a Private Industry Notification to state, local, tribal, and territorial governments that they are being targeted by BEC attackers.