Nearly one-third of all data breaches involved phishing in one way or another, according to a 2019 Verizon report. After passwords breach, phishing is the most preferred way for cybercriminals to infiltrate into target systems. Lately, researchers reported several phishing scams that may knock at your door anytime now.

Fake update on Coronavirus vaccine

Researchers at Check Point uncovered a phishing campaign exploiting users’ interest in the coronavirus vaccine.
  • Hackers manipulate users into downloading malicious Windows, Word, and Excel files related to an update on the Coronavirus vaccine, to steal credentials.
  • It was also revealed that one out of every 25 malicious coronavirus-related websites’ landing pages is vaccine-related.

Internal emails could be malicious too

Abnormal Security researchers exposed a phishing campaign that compromises internal accounts within an organization to defraud employees.
  • Criminals are targeting Office 365 clients impersonating someone from within the company and sending an encrypted message notification related to OneDrive for Business file.
  • Besides making it look like an authentic request, a compromised internal account helps attackers bypass external email security incorporated by a company.

It’s a fake email scanner

Kaspersky researchers discovered a phishing campaign tricking users into visiting malicious websites to scan their emails for security reasons.
  • The emails claim to originate from an organization’s email security team, while it had origins of a Hotmail account.
  • To intimidate the recipient, adversaries would send a “Virus Alert!!!” email containing a link to a website masquerading as an email scanner. Users submitting account details on the website will result in leaking the account credentials.

Excuse the “Urgent Update Request”

Researchers are warning against a phishing scam after cPanel users reported a suspicious email sent to them.

360 Mobile Vision - 360mobilevision.com North & South Carolina Security products and Systems Installations for Commercial and Residential - $55 Hourly Rate. ACCESS CONTROL, INTRUSION ALARM, ACCESS CONTROLLED GATES, INTERCOMS AND CCTV INSTALL OR REPAIR 360 Mobile Vision - 360mobilevision.com is committed to excellence in every aspect of our business. We uphold a standard of integrity bound by fairness, honesty and personal responsibility. Our distinction is the quality of service we bring to our customers. Accurate knowledge of our trade combined with ability is what makes us true professionals. Above all, we are watchful of our customers interests, and make their concerns the basis of our business.
  • According to sources, cybercriminals were spotted masquerading as a security advisory alert to swindle credentials of cPanel and WebHost Manager (WHM) users.
  • The fake advisory requests users of cPanel and WHM software versions 88.0.3+, 86.0.21+, and 78.0.49+ to install new updates by redirecting them to phishing pages.

On your toes, executives!

Trend Micro also recently shed light on an ongoing Business Email Compromise (BEC) campaign by Water Nue, a hacker gang, targeting senior executives.
  • Hackers are making spear-phishing attempts on Office 365 accounts of senior leaders from both the U.S. and Canada. 
  • Researchers found over 1,000 companies affected in a series of attacks around the globe since March 2020.

Safety tips

Charity begins at home i.e. mitigation for phishing usually starts with employee training. As per security experts, employers should often ask their staff to be extra careful of any message, especially from inside the company, and to be wary of critical information requests. Any doubts or unclarified query should be escalated to the IT department;, it’s the best way to prevent any security mishap.

By admin