MFA Defenses Fall Victim to New Phishing-As-A-Service Offerings
ZeroFox warns that phishing-as-a-service (PhaaS) offerings are increasingly including features to bypass multi-factor authentication.
Cancel
Learn about current phishing techniques, notable campaigns and attacks, what to watch out for 'in the wild', and more.
ZeroFox warns that phishing-as-a-service (PhaaS) offerings are increasingly including features to bypass multi-factor authentication.
Researchers at Barracuda describe how attackers use legitimate email inbox rules to control compromised accounts and evade detection.
Now entering its third year in business, the phishing platform, Classicam, represents the highest evolution of an “as a service” cybercrime, aiding more than 1000 attack groups worldwide.
A new SMS-based phishing attack uses a smishing kit-as-a-service to impersonate the U.S. Postal Service.
The latest data from IBM shows that the average cost of a data breach has gone up by 2% to a whopping $4.45 million. You would think that in the cybersecurity industry, people would be ...
Scammers are using dating sites to lure victims into phony cryptocurrency investment schemes, according to Sean Gallagher at Sophos.
Dallas Mavericks owner and well-known investor Mark Cuban reportedly lost nearly $900,000 in a phishing attack targeting his MetaMask cryptocurrency wallet.
A malwareless and linkless phishing attack uses sextortion and the threat of legal action to get the attention of potential victims and get them to respond.
Establishing urgency through a false need to “upgrade” or lose services, this new attack takes advantage of the widespread use of the popular accounting app to attract victims.
Out of the over 350 brands regularly impersonated in phishing attacks, Microsoft continues to stand out because they provide attackers with one unique advantage over other brands.
A report from cybersecurity consultancy Savanti reveals that board members are facing challenges in understanding cyber risks, and this has important implications for businesses.
Researchers at Cyfirma outline trends in phishing campaigns around the world, finding that Singapore is disproportionately targeted by phishing attacks.
The Associated Press (AP) has disclosed a data breach affecting the legacy AP Stylebook website that led to phishing attacks against impacted customers, BleepingComputer reports.
Phishing attacks have always been detected through broken English, but now generative artificial intelligence (AI) tools are eliminating all those red flags. OpenAI ChatGPT, for instance, ...
In the movie, "Willy Wonka and the Chocolate Factory," kids unwrap chocolate bars in hopes of winning a golden ticket, giving the holder an inside tour of the sugar factory. The W3LL ...
Researchers at Truesec are tracking a phishing campaign that’s distributing the DarkGate Loader malware via external Microsoft Teams messages.
The Interisle Consulting Group has published a paper looking at the phishing landscape in 2023, KrebsOnSecurity reports. Notably, Interisle found that the .us top-level domain is being ...
The Telekopye toolkit allows scammers to create phishing websites, send fraudulent SMS messages and emails, and target popular Russian and non-Russian online marketplaces.
The use of lookalike domains has reached critical mass with not just one counterfeit website, but many.
The US Cybersecurity and Infrastructure Security Agency (CISA) has warned that scammers are exploiting the recent hurricanes that have hit the US. Criminals frequently impersonate ...
