dcsimg

Microsoft is the most frequently impersonated brand in phishing scams

With hundreds of millions of phishing emails sent each day, we are all familiar with dodgy messages supposedly from a service we use telling us that we need to urgently address some “suspicious activity”.  In fact, we probably receive more phony security alerts than real ones. It’s getting to the point where many of us see an email from our most trusted brands and assume that it’s a scam.  This is … [Read more...]

Recent Business Email Compromise (BEC) Scams are Reminder to Educate Users

Online scams are nothing new. But as email has evolved and improved, so have scammers and the messages they send. Nefarious emails, attachments and links now appear sophisticated and look legitimate, sometimes tricking even the most meticulous user. Billions Lost to Business Email Compromise Over the last three years, organizations all over the world have lost a collective $26B to a very specific … [Read more...]

Europol: Ransomware remains top threat in IOCTA report

The European Union Agency for Law Enforcement Cooperation, or Europol, just released its annual Internet Organized Crime Threat Assessment (IOCTA) report for the year. And we weren’t surprised to find that ransomware, despite its palpable decline in volume these past few months—a trend we’ve also seen and documented—remains the most prominent threat in terms of prevalence and financial … [Read more...]

Emotet is back: botnet springs back to life with new spam campaign

After a fairly long hiatus that lasted nearly four months, Emotet is back with an active spam distribution campaign. For a few weeks, there were signs that the botnet was setting its gears in motion again, as we observed command and control (C2) server activity. But this morning, the Trojan started pumping out spam, a clear indication it’s ready to jump back into action. The malicious … [Read more...]

A week in security (September 2 – 8)

Last week on Malwarebytes Labs, we looked at a smart social engineering toolkit, delved into TrickBot tampering with trusted texts, and explained five ways to help keep remote workers safe. Other cybersecurity news A new Chinese Deepfake app is under fire for privacy concerns related to the use of uploaded images. (Source: CNN)Bucking the current trend for city councils and organizations … [Read more...]

Phishing Email Uses Google Drive to Get Past Microsoft Security

This week, Threatpost reported on a new spear-phishing attack that uses email sent via Google Drive claiming to be the CEO of the targeted company sharing important information with the recipients.  The email came from Google Drive, but the sender address didn’t match the company’s standard naming convention for email addresses. Because the message was sent by a legitimate email … [Read more...]

The 5 most common types of phishing attack

Phishing is one of the most frustrating threats we face. Most of know what it is and how it works, but we still get caught out.  The scam, which involves criminals sending messages that masquerade as legitimate organisations, targets hundreds of millions of organisations every day. The messages direct recipients to a bogus website that captures their personal information or contain a malicious … [Read more...]

Ransomware isn’t just a big city problem

This month, one ransomware story has been making a lot of waves: the attack on Baltimore city networks. This attack has been receiving more press than normal, which could be due to the actions taken (or not taken) by the city government, as well as rumors about the ransomware infection mechanism. Regardless, the Baltimore story inspired us to investigate other cities in the United States, … [Read more...]

Seedworm Operation Spreads Malware via Phishing Attacks

2018 has been a busy year for new threats spread via email, with spear-phishing and Business-Email-Compromise (CEO fraud) the rising star for cyber-criminals intent on draining your bank account. Recent victims include Google and Facebook ($100 million lost), McEwan University (almost $12 million lost), a New York judge ($1 million), and a Dutch cinema chain (over $21.5 million). These threats … [Read more...]

Humble Bundle alerts customers to subscription reveal bug

You’ll want to check your mailbox if you have a Humble Bundle account, as they’re notifying some customers of a bug used to gather subscriber information. Click to enlarge The mail reads as follows: Hello, Last week, we discovered someone using a bug in our code to access limited non-personal information about Humble Bundle accounts. The bug did not expose email addresses, but the person … [Read more...]