UCSF IT Technology

Cybercriminals have launched series of phishing attacks claiming to be from the recipient’s HR department. The lures use a variety of sender names like HR Alerts or HR Department; however, the actual sending address is not associated with a recipient’s company or HR department.

Cybercriminals have launched Okta-branded phishing attacks encouraging recipients to follow a link to resynchronize their Okta and Microsoft accounts.   Clicking on the link leads to a credential phishing kit that redirects the user to a lookalike Microsoft login page.

Threat Alert: Invoice-Themed Phishing Lures 

Cybercriminals have launched phishing attacks abusing legitimate tools that are used to direct web traffic.  Phishing lures contain an embedded URL that leads to a lookalike Google Chrome update site.  Downloading the fake Google Chrome update installs a legitimate tool used for remotely monitoring and supporting computers.

Cybercriminals have launched a series of phishing attacks impersonating the legitimate law firm, including Latham & Watkins.

Threat Alert: OSHA-Themed Phishing Lures Deliver Malware

Threat Alert: Company Policy Phishing Lures Bypass MFA 

Every year, as the holiday shopping season approaches, holiday-themed phishing attacks rise. Attackers know the season brings a high volume of ecommerce activity—and related notifications.

Numerous phishing attacks leveraging variations on winter and end-of-year seasonal themes.These lures, by and large, focus on financial or retail themes.Common elements include alleged holiday gifts from organizational management, Black Friday or winter holiday sales deals, shipping or package lures, and changes in end-of-year benefits.These lures have targeted recipients globally.