A phishing campaign is impersonating cryptocurrency trading platform Coinbase, Tech.co reports. Crypto trader Jacob Canfield described the campaign in a Twitter thread, stating that the threat actors texted and then called him.

According to an internal email obtained by CNN, the CEO of SolarWinds informed employees on Friday that the company plans to vigorously defend itself against potential legal action from US regulators over its handling of the 2020 breach by alleged Russian hackers.

New data shows that even with the majority of organizations experiencing cyber attacks, three hours of security awareness training simply isn’t enough.

Using an external platform trusted by potential victims is proving to be a vital tool in the cybercriminal’s arsenal. New data shows the state of the threat and who’s at risk. The average business experienced around 81 social media attacks each month in Q1 of this year, according to new data from PhishLabs, increasing 12% over Q4, 2022 and 5% over Q1 of 2022.

Using credibility-building imagery and creating a need for the user to click what may or may not be perceived as an image is apparently all it takes to engage potential phishing victims. Phishing attacks only need two things: something to create a sense of urgency and something to establish a sense of credibility.

There are many ways to be socially engineered and phished, including email, websites, social media, SMS texts, chat services, phone calls and in-person. These days, it is hard to sell something online, date or rent a vacation home without being scammed. Scams are everywhere! If there is a way to communicate between two parties, some scammer will try to take advantage of it.

A threat actor tracked as “Muddled Libra” is using the 0ktapus phishing kit to gain initial access to organizations in the software automation, business process outsourcing, telecommunications, and technology industries, according to researchers at Palo Alto Networks’ Unit 42.

The U.S. Federal Trade Commission (FTC) has published a data spotlight outlining the most common text message scams in 2022. Below are the top five text scams reported by the FTC: Phony bank fraud prevention alerts were the most common type of text scam last year.

A researcher was alerted to a fake website containing fake quotes that appeared to be written by himself. The age of generative artificial intelligence (AI) toying with our public personas has truly arrived. As cybersecurity professionals we must ask, what are the implications of fake-news-at-scale-and-quality for individuals and organizations?

Legitimate services can be exploited in social engineering, including business email compromise (BEC) attacks. Researchers at Check Point describe one current BEC campaign that’s using Soda PDF to send messages encouraging the recipients to call a phone number. Should they make the call, the bad actor on the line seeks to winkle them out of their cash. Check Point calls these kinds of attempts, which “leverage legitimate services to send out malicious material,” BEC 3.0.