Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Phishing emails are a serious problem for both businesses and consumers. Phishers use phishing emails to steal users’ personal information, like usernames, passwords, credit card numbers, social security numbers and other sensitive data.

Recently, we observed a malware spam campaign leveraging the current COVID-19 situation. The emails were sent from a compromised mailbox using a mailer script. The message contains a link leading to a Word document. The email takes advantage of a COVID-19 test mandate as a pretext to lure the unsuspecting user into clicking the link and downloading the document. Figure 1. COVID-19 themed malspam with link to the malicious document.

Gmail is an immensely popular service, with nearly 2 billion active accounts. And as the service has grown, businesses have turned to it for all kinds of things it was never meant to do: user authentication, password recovery, and perhaps most problematic, the passing of sensitive or regulated data between parties.

Here at Lookout, our Threat Intelligence Services teams work with a massive data set that enables them to proactively hunt for threats and conduct forensic investigations. While our findings are used to protect Lookout customers, we also pride ourselves in contributing to the cybersecurity community ensuring that everyone’s security and privacy are safeguarded.

True Login phishing kits are continuously being developed by threat actors to improve their TTPs in luring victims. By using true login kits, the phishing operators have a higher chance of making potential victims believe they are logging into the real website. True login kit developers are abusing publicly available APIs of the banking company to be able to query login information to be shown to potential victims, in turn luring the victim even further into the operations.

While remote work has many benefits, it can increase the risk of employees suffering from directed attention fatigue (DAF), where they find themselves unable to focus due to constant distractions. This is due primarily to isolation and the constant bombardment of emails and instant messages. In fact, one of the most worrying types of DAF for security professionals is email fatigue.

'Email is dead. It's a thing of the past.' In the IT industry, this statement, or something like it, is said regularly — usually corresponding with the rise of a new communication or collaboration platform. Each time this happens, it's prudent to remember a general rule around tools: as long as they retain specific advantages for the human beings using them, they generally endure.

In recent years the outbreak and spread of COVID-19 have left many people with fears and questions. With various medical opinions, news outlets spreading varied statistics, case number and death reports, and safety recommendations that varied between countries, states, cities, and individual businesses, people often felt desperate for information.