Log in to see all content. Some content is hidden to the public.
Can't find what you're looking for? Help us improve the search functionality by reporting the expected results.
130 Results
Nov 2023: HSBC Brand Abuse Lures Distribute Malware
Threat Alert: HSBC Brand Abuse Lures Distribute Malware
Mar 2023: Attacks Spread Microsoft Teams-Themed Lures
Threat Alert: What to Watch For Cybercriminals have launched phishing attacks using lures that impersonate Microsoft Teams meeting invites. The lures include a malicious link. Clicking the malicious link leads to a credential phishing kit that redirects the user to a legitimate login page.
Dec 2022: Microsoft OneDrive and QR Codes Used in Phishing Campaign
Threat Alert: What to Watch For Recent email-based attacks have used compromised Microsoft OneDrive accounts to send phishing emails. These emails encourage recipients to click a link to view a shared document. The OneDrive links lead targets to shared PDF documents containing quick response (QR) codes.
Dec 2022: Phish Alarm-Themed Lures Used in Credential Phishing Attacks
Threat Alert: What to Watch For Cybercriminals have launched phishing attacks claiming to originate from a company help desk team.
Apr 2023: Phishing Lures Abuse SAP Concur and DocuSign
Threat Alert: What to Watch For Cybercriminals have launched phishing attacks using apparently compromised SAP Concur and DocuSign accounts to distribute malicious emails. The phishing lures use financial themes, such as an expense report on SAP Concur or a financial settlement document on DocuSign. The lures include malicious links.
May 2023: Phishing Kit Uses Finance-Themed Lures
Threat Alert: What to Watch For Cybercriminals are increasingly using phishing-as-a-service kits to build and distribute lookalike Microsoft Office 365 landing pages via phishing lures. The phishing lures can be customized to have a variety of different appearances or themes.
Nov 2022: Amazon-Themed Lures Distributed Via Zoom
Threat Alert: What to Watch For Cybercriminals have launched a series of malicious email attacks impersonating an Amazon package order confirmation. The attack uses Amazon-branded emails delivered from a Zoom sending address, as threat actors are abusing Zoom’s infrastructure. The emails prompt recipients to click a link to download an invoice for order details.
Feb 2024: Deepfake Scam Imitating CFO
Threat Alert: Deepfake Scam Targeting Financial Transactions An employee attended a video conference call with seemingly authentic colleagues, all of whom were later revealed to be deepfake representations. The worker, initially suspicious of a phishing email, was convinced by the realistic appearance and voices of the deepfake participants during the video call. Subsequently, the employee authorized a large financial transaction, thinking it was a legitimate request initiated by the CFO. Key Actions (at Wo
Dec 2022: Phishing Campaign Distributing Christmas Bonus-Themed Lure
Threat Alert: What to Watch For Cybercriminals have launched a series of phishing attacks using the promise of a paid Christmas bonus as a lure.
Nov 2022: Twitter-Themed Lures Used in Credential Phishing Attacks
Threat Alert: What to Watch For Cybercriminals have launched phishing attacks impersonating Twitter Services. The emails include links to lookalike landing pages that are designed to steal Twitter credentials and phone numbers. While the email display names make it appear the messages come from “Twitter Services,” the actual sending address is a Gmail account. The emails use the proposed change at Twitter of charging verified users a monthly fee to maintain their verification status.