Customers of the bankrupt cryptocurrency exchange FTX are already receiving phishing emails following a breach of personal data held by several crypto companies, CoinDesk reports. The customer data was leaked after a T-Mobile employee fell for a SIM swapping attack and granted a threat actor access to an account belonging to an employee of financial advisory firm Kroll.
A recent survey by Lookout, Inc. warns for a specific attack vector as Labor Day approaches. The study shows that 85% of enterprise employees capable of remote work plan to do so on Friday, September 1, primarily using mobile devices. This creates an ideal environment for hackers to launch targeted phishing attacks. The risk is exacerbated by the fact that 80% of respondents admit to being more relaxed and distracted when working remotely on Fridays during the summer.
Researchers at Trustwave are tracking an increase in the use of QR codes to spread phishing links. “Being open-source, QR code generators have become accessible to anyone with access to the internet,” the researchers write.
No surprise: phishing attacks are on the rise, and a new technique is becoming increasingly popular: open redirect flaws. These flaws allow attackers to redirect victims to malicious websites, even if the link in the phishing email appears to be legitimate.
Researchers at Trustwave have published a report outlining trends in business email compromise (BEC) attacks, finding that these attacks spiked in February of 2023. “For the first quarter of the year, we saw a 25% increase in unique attacks compared to the last quarter of 2022,” the researchers write. “February accounted for the highest volume of BEC emails in the first half of the year. January is the second most active month for BEC.
Callback phishing isn't your typical email scam. Instead of the usual suspects with bad grammar and obvious malicious links, these attacks play mind games. They set up a multi-layered trap using some smooth-talking tactics to get you to dial a fake number and spill your sensitive info.
Users of the language learning app Duolingo should be wary of targeted phishing attacks following a recent data leak, according to Anthony Spadafora at Tom’s Guide. Criminals scraped the names and email addresses of 2.6 million Duolingo users earlier this year, and are now selling the entire dataset on underground forums for approximately $2.13.
Monitoring of traffic to phishing pages hosted on the free hosting service Cloudflare R2 show an unheard of spike of 6100%, many going undetected by many security solutions due to the evasive techniques used. I can’t remember a time when I’ve covered a story and the reported increases were as large as the recent spike in malicious network traffic observed by Netskope.
Continuing coverage of IBM’s recently-released Cost of a Data Breach report, we focus on the impact attacks involving social engineering have on data breach costs. There are two reports every year that we cover on this blog that you should be reading – Verizon’s Data Breach Investigations Report and IBM’s Cost of a Data Breach report. Each of these reports has been published for years, providing insight into how the state of data breaches are changing.
In last few years, cyber espionage has taken a new form. A recent investigation by The Times has unveiled a Chinese intelligence officer's extensive use of LinkedIn to target UK officials. Operating under the alias "Robin Zhang," this spy has been luring thousands of officials, scientists, and academics to hand over state secrets and sensitive technology information.
