Log in to see all content. Some content is hidden to the public.
Can't find what you're looking for? Help us improve the search functionality by reporting the expected results.
139 Results
Jun 2023: Phishing Attacks Use Compromised Microsoft Office 365 Accounts
Cybercriminals have launched phishing attacks leveraging compromised Microsoft Office 365 accounts. The lures include .rpsmg file attachments, as well as embedded URLs hidden behind a “Read the Message” button. Clicking the malicious link leads to a credential phishing kit that redirects the user to a legitimate login page.
Jan 2024: Rewards-Themed Lures Harvesting Credit Card Data
Threat Alert: Phishing Lures Harvesting Credit Card Data
Feb 2024: Job Offer Message Lures
Threat Alert: Job Offer Message Lures
Mar 2024: Invoice-Themed Phishing Lures
Threat Alert: Invoice-Themed Phishing Lures
Mar 2023: Invoice-Themed Phishing Lures Spreading Malware
Cybercriminals have launched phishing attacks using malicious invoice-themed attachments to spread malicious software (malware). The phishing attacks hijack legitimate email threads to deliver the phishing lures to further increase the believability of the attacks.
Jan 2024: NHS-Themed Lures Steal Microsoft Credentials
Cybercriminals have launched a series of phishing attacks using spoofed or compromised email accounts belonging to the National Health Service (NHS). These emails, which appear to come from a NHS[.]net email address, use the subject line “YOU NEED TO SETTLE THIS.” A fully capitalized subject line like this is unlikely to come from an official government institution. The lures contain a prompt to review an alleged DocuSign document.
Feb 2023: Phishing Attacks Use Earthquake-Themed Lures
Cybercriminals have launched multiple phishing attacks attempting to take advantage of the humanitarian crisis in Turkey and Syria following the earthquake. These attacks are intended to steal recipient’s funds or to lead to the installation of malicious software (malware). As multiple attacks are exploiting this crisis, lures will appear different.
May 2023: Phishing Kit Uses Finance-Themed Lures
Cybercriminals are increasingly using phishing-as-a-service kits to build and distribute lookalike Microsoft Office 365 landing pages via phishing lures. The phishing lures can be customized to have a variety of different appearances or themes.
Feb 2023: Phishing Attacks Distribute IRS Notice-Themed Lures
Cybercriminals have launched a series of phishing attacks using timely tax-themed lures. While the email from field says “Irs notice” and then the name of the organization, the sending address is a Madwire account. The phishing emails contain an HTML attachment allegedly containing delivery details about a tax related USPS letter.
Apr 2023: Tax-Themed Lures Distribute Malware
Cybercriminals have launched a series of phishing attacks using a timely tax-themed lure. The lures imitate the sharing of 2022 tax documents via a Citrix ShareFile link. The lures note that the download expires on April 18, 2023, the tax-filing deadline in the United States.