UCSF IT Technology

Cybercriminals have started using the URL shortening service clck[.]ru in widespread phishing attacks in April.  The nature of these attacks and the lures used vary greatly.

Threat Alert: Company Policy Phishing Lures Bypass MFA 

Following the collapse of Silicon Valley Bank (SVB), cybercriminals have launched phishing attacks to take advantage of the high-profile event.  One widespread lure impersonates Circle, the peer-to-peer payments company that manages the cryptocurrency USDC. The lure encourages recipients to click an offer link to redeem a one-to-one exchange between the cryptocurrency USDC and the U.S.

Cybercriminals have launched numerous, different phishing attacks using timely tax-themed lures.  As multiple attacks are leveraging this topic, the lures will appear different.

Threat Alert: OSHA-Themed Phishing Lures Deliver Malware

Cybercriminals have launched series of phishing attacks claiming to be from the recipient’s HR department. The lures use a variety of sender names like HR Alerts or HR Department; however, the actual sending address is not associated with a recipient’s company or HR department.

Cybercriminals have launched Okta-branded phishing attacks encouraging recipients to follow a link to resynchronize their Okta and Microsoft accounts.   Clicking on the link leads to a credential phishing kit that redirects the user to a lookalike Microsoft login page.

Cybercriminals have launched phishing attacks abusing legitimate tools that are used to direct web traffic.  Phishing lures contain an embedded URL that leads to a lookalike Google Chrome update site.  Downloading the fake Google Chrome update installs a legitimate tool used for remotely monitoring and supporting computers.