UCSF IT Technology

Threat Alert: What to Watch For Cybercriminals have launched a series of phishing attacks using the threat of employee transfers and terminations as a lure.

Threat Alert: What to Watch For Cybercriminals have launched series of phishing attacks claiming to be from the recipient’s HR department. The lures use a variety of sender names like HR Alerts or HR Department; however, the actual sending address is not associated with a recipient’s company or HR department.

Threat Alert: What to Watch For Cybercriminals have launched phishing attacks abusing legitimate tools that are used to direct web traffic.  Phishing lures contain an embedded URL that leads to a lookalike Google Chrome update site.  Downloading the fake Google Chrome update installs a legitimate tool used for remotely monitoring and supporting computers.

Threat Alert: What to Watch For

Threat Alert: What to Watch For Cybercriminals have launched phishing attacks using apparently compromised SAP Concur and DocuSign accounts to distribute malicious emails.  The phishing lures use financial themes, such as an expense report on SAP Concur or a financial settlement document on DocuSign. The lures include malicious links.

Threat Alert: What to Watch For Following the collapse of Silicon Valley Bank (SVB), cybercriminals have launched phishing attacks to take advantage of the high-profile event.  One widespread lure impersonates Circle, the peer-to-peer payments company that manages the cryptocurrency USDC. The lure encourages recipients to click an offer link to redeem a one-to-one exchange between the cryptocurrency USDC and the U.S.

Threat Alert: What to Watch For Cybercriminals have launched a series of phishing attacks using timely tax-themed lures.  While the email from field says “Irs notice” and then the name of the organization, the sending address is a Madwire account. The phishing emails contain an HTML attachment allegedly containing delivery details about a tax related USPS letter.

Threat Alert: What to Watch For Cybercriminals are increasingly using phishing-as-a-service kits to build and distribute lookalike Microsoft Office 365 landing pages via phishing lures.  The phishing lures can be customized to have a variety of different appearances or themes.