REDMOND, WA - Cybersecurity experts have noted a large increase in the number of phishing attacks recently as hackers have been altering their attack avenues in order to work their way around increasingly complex email security systems designed to circumvent their efforts. Both the volume and complexity of malicious emails have been on the rise and are proving to be increasingly able to bypass Secure Email Gateways (SEGs) such as Microsoft and Proofpoint, according … [Read more...]
Search Results for: phishing
Investigation Uncovers 40,000 Phishing Domains Linked To LabHost Scam Operation
UNITED KINGDOM - The LabHost phishing-as-a-service (PhaaS) platform, which had tens of thousands of phishing domains linked to it and thousands of users worldwide, has had its infrastructure completely disrupted and 37 suspects have been arrested – including the original developer – following a year-long global law enforcement operation. Originally launched in 2021, LabHost was a resource for cybercriminals that – for a monthly subscription fee – provided them … [Read more...]
Threat Intelligence Firm Recommends Blocking All .ZIP Domains Due to Phishing
SUNNYVALE, CA - FortiGuard Labs reports that they have discovered many .ZIP domains are responsible for phishing attacks on users by automatically downloading a malicious executable titled “file.exe” to their computers. Phishing attacks have been a thorn in the side of computer users for years due to the fact that they often are able to camouflage themselves as innocuous programs or prompts that seemingly pose no threat, but in reality can cause a great deal of … [Read more...]
Amazingly Convincing Facebook Phishing Scam Takes Place on Facebook.com Itself
PALM BEACH, FL – I have been reviewing and writing about email phishing scams for years and I have seen a ton of them, from outright laughable in their easy discoverability to incredibly convincing, but this latest one I must write about because its one of the most convincing I have ever seen, and it has been happening for over a year now. I know it well as I once fell for it. The reason this is one of the most convincing I’ve ever seen is because unlike most phishing … [Read more...]
This AMEX Email Phishing Scam Wants You Homeless & Poor, With A Zero FICO Score
PALM BEACH, FL - Nothing could better destroy your holiday spirit than a compromise of your most secure personal information in the form of a phishing expedition. Here is one of the latest email scams circulating what is probably hundreds of thousands of inboxes, just in time for Christmas. Here is how it all plays out: You receive an email which appears to be from American Express, but it isn't, it's from some scrupulous hacker hiding somewhere behind a computer who is … [Read more...]
Email Phishing Campaign Using Legitimate Top-Level Domain to Evade Spam Filters
PALM BEACH, FL – A sophisticated email phishing campaign is making the rounds while evading email filters by using a Google domain redirect. According to ThreatPost.com, a leading source of information about IT and business security, the campaign uses percentage-based URL encoding to deceive users. The campaign makes use of what’s called percentage-based URL encoding – a basic URL-encoding technique in which normal ASCII characters (i.e., “abc” and “123”) are converted … [Read more...]
FedEx Email Phishing Scam Attempt: Not That Clear What Actual Motive Is
NEW YORK, NY – From time to time I like to point out some phishing scams that are out there in hopes to help some people not fall for these email-traps; today is one of those day. This email stuck out not for its sophistication but for more of its non-sophistication, and recurring delivery. For instance, I’ve received these at least 4 times in the last couple of days. This scam pictured below is trying to capture FedEx users regarding the non-delivery of their package; a … [Read more...]
Phishing: Watch-out for New Dangerous Godaddy Email Phishing Attempt
NEW YORK, NY - This is just a quick reminder to remain vigilant of all sorts of threats from hackers, email-spoofers, phishers and scammers; you can never let your guard down these days when it comes to your accounts, financial information and especially your domain accounts, because loss of your domain name can be loss of your business and will likely be permanent. Just this week news broke about an Equifax hack that hit credit histories of up to 143 million … [Read more...]
Weak Attempt at Phishing Network Solutions Account Holders
LONG ISLAND, NY - Network Solutions is a popular provider of domain names and web hosting accounts in addition to other tools used for Internet services. They're a common target due to the ability to hijack web sites and steal domain names when and if someone gains access to the account. Damages can be horrific as it is possible to permanently shut down and steal your asset or online business. Below is a weak attempt at gaining access to my Network Solutions account through … [Read more...]
Verizon Wireless Phishing Email: Scams & How to Avoid Them (Part 2)
Back in May 17th 2012 I wrote a very detailed post about a fake Verizon Wireless phishing email I received. I decided to write the post because I know there are a lot of people who receive these types of emails and I wanted to help educate people about this sort of thing. I’m sometimes taken back by how ramped this problem is and how many people are likely taken advantage of by just not knowing what to look for to keep them and their privacy safe. I also wrote it because … [Read more...]
Record-Breaking Data Leak Exposes 16 Billion Credentials Including Session Tokens
WEST PALM BEACH, FL - A massive trove of approximately 16 billion username-password combinations—along with session tokens and cookies - has surfaced on unsecured servers, cybersecurity researchers confirmed. The cache appears to be an aggregate of around 30 previously known data sets, sourced from malware-based credential thefts and older breaches, rather than a fresh, single-source attack. Security analysts emphasize the sheer volume of data makes it impossible to … [Read more...]
Records From 2024 AT&T Data Breach Are Once Again For Sale On The Dark Web
PALM BEACH, FL - A massive trove of nearly 90 million AT&T customer records, including Social Security numbers and other sensitive information, has resurfaced for sale on the dark web, reigniting concerns over personal data security. The data were first posted to a Russian-language cybercrime forum on May 15 and reappeared on June 3, with cybersecurity researchers confirming these are decrypted records - mostly repackaged from previous breaches. AT&T indicates … [Read more...]
Expired Domains Used by Security Experts to Neutralize Abandoned Web Backdoors
BATH, UK - More than 4,000 web backdoors that had been abandoned but were still active with live malware were hijacked and their communication infrastructure sinkholed – a term used to describe the process of redirecting malicious traffic to a DNS sinkhole – after web security researchers registered numerous expired domains, preventing them from being used by hackers and cybercriminals. A backdoor is a covert method of bypassing normal authentication or encryption in a … [Read more...]
Amazon Seizes Domains Used by Russian Hackers Targeting Windows Users
SEATTLE, WA - Online shopping retail giant Amazon this week seized multiple internet domains that have been utilized by Russian hackers to launch phishing attacks that targeted users of Microsoft’s Windows operating system. Chief Information Security Officer at Amazon, CJ Moses, announced in a blog post that Midnight Blizzard, otherwise known as APT29 – a threat actor directly sponsored by the Russian government – had been targeting government agencies, empires, … [Read more...]
Thousands of “Sitting Duck” Domain Names Highjacked by Russian Cybercriminals
PALM BEACH, FL - A critical vulnerability within the Domain Name System (DNS) has been unearthed and exploited by dozens of cybercriminals and hackers originating from Russia to take over thousands of domain names, according to cybersecurity researchers from Infoblox and Eclypsium. An estimated 30,000 legitimate domains have been hijacked by the digital thieves since 2019, experts say, utilizing a technique known as “Sitting Ducks” that exploits weak DNS services. The … [Read more...]