UCSF IT Technology

Following the collapse of Silicon Valley Bank (SVB), cybercriminals have launched phishing attacks to take advantage of the high-profile event.  One widespread lure impersonates Circle, the peer-to-peer payments company that manages the cryptocurrency USDC. The lure encourages recipients to click an offer link to redeem a one-to-one exchange between the cryptocurrency USDC and the U.S.

Cybercriminals have launched numerous, different phishing attacks using timely tax-themed lures.  As multiple attacks are leveraging this topic, the lures will appear different.

Cybercriminals have launched series of phishing attacks claiming to be from the recipient’s HR department. The lures use a variety of sender names like HR Alerts or HR Department; however, the actual sending address is not associated with a recipient’s company or HR department.

Cybercriminals have launched phishing attacks abusing legitimate tools that are used to direct web traffic.  Phishing lures contain an embedded URL that leads to a lookalike Google Chrome update site.  Downloading the fake Google Chrome update installs a legitimate tool used for remotely monitoring and supporting computers.

Cybercriminals have launched Okta-branded phishing attacks encouraging recipients to follow a link to resynchronize their Okta and Microsoft accounts.   Clicking on the link leads to a credential phishing kit that redirects the user to a lookalike Microsoft login page.