UCSF IT Technology

Cybercriminals have launched phishing attacks using apparently compromised SAP Concur and DocuSign accounts to distribute malicious emails.  The phishing lures use financial themes, such as an expense report on SAP Concur or a financial settlement document on DocuSign. The lures include malicious links.

Following the collapse of Silicon Valley Bank (SVB), cybercriminals have launched phishing attacks to take advantage of the high-profile event.  One widespread lure impersonates Circle, the peer-to-peer payments company that manages the cryptocurrency USDC. The lure encourages recipients to click an offer link to redeem a one-to-one exchange between the cryptocurrency USDC and the U.S.

Cybercriminals have launched a series of phishing attacks using timely tax-themed lures.  While the email from field says “Irs notice” and then the name of the organization, the sending address is a Madwire account. The phishing emails contain an HTML attachment allegedly containing delivery details about a tax related USPS letter.

Cybercriminals are increasingly using phishing-as-a-service kits to build and distribute lookalike Microsoft Office 365 landing pages via phishing lures.  The phishing lures can be customized to have a variety of different appearances or themes.

Cybercriminals have launched phishing attacks using malicious invoice-themed attachments to spread malicious software (malware).  The phishing attacks hijack legitimate email threads to deliver the phishing lures to further increase the believability of the attacks.

Cybercriminals have launched multiple phishing attacks attempting to take advantage of the humanitarian crisis in Turkey and Syria following the earthquake. These attacks are intended to steal recipient’s funds or to lead to the installation of malicious software (malware).  As multiple attacks are exploiting this crisis, lures will appear different.

Cybercriminals have launched a series of phishing attacks impersonating the legitimate law firm, including Latham & Watkins.

Cybercriminals have launched phishing attacks impersonating Twitter Services. The emails include links to lookalike landing pages that are designed to steal Twitter credentials and phone numbers. While the email display names make it appear the messages come from “Twitter Services,” the actual sending address is a Gmail account. The emails use the proposed change at Twitter of charging verified users a monthly fee to maintain their verification status.

Cybercriminals have launched numerous, different phishing attacks using timely tax-themed lures.  As multiple attacks are leveraging this topic, the lures will appear different.