Multiple sophisticated phishing kits are now focusing on harvesting device codes to breach accounts without a password, according to researchers at LevelBlue.
Multiple sophisticated phishing kits are now focusing on harvesting device codes to breach accounts without a password, according to researchers at LevelBlue.
New research by McAfee has found that many consumers tend to ignore red flags associated with scams when searching online for a good deal. The research identified the following consumer habits, all of which make users more likely to fall for online scams:
If you’re around my age, then you know the joy of using an old paper map. Not real joy, obviously. More the sort of joy normally associated with trying to keep track of 3 pages, getting told off for not holding it the right way up, or for giving instructions too late, and discovering that the road you were confidently following was replaced by a retail park sometime during the Blair years.
Account takeover is one of the most common ways organizations get breached and one of the hardest to train users on. Not because users don’t care, but because usually training happens in unrealistic scenarios, long before or long after the moment it would actually matter.
An extortion gang tracked as “Silent Ransom Group” is targeting US law firms with voice phishing and in-person social engineering attacks, according to researchers at Mandiant and Google’s Threat Intelligence Group (GTIG).
Cloud email security has become pretty good. Not perfect, obviously, because the attack landscape is forever changing. But good enough that the old tactics do not land with the same success rate they once did. Filters are sharper. Detection is better. Users are smarter.
A newly surfaced extortion brand called “Pink” is using voice phishing and fake IT support calls to breach organizations, the Register reports. The threat actor may be a rebrand of prior extortion groups, including BlackFile and Redact, though its tactics remain the same.
Threat actors are increasingly abusing workplace collaboration tools like Microsoft Teams to launch social engineering attacks, according to researchers at Palo Alto Networks’s Unit 42. Attackers are sending Teams messages that impersonate IT personnel, asking users to approve a multifactor authentication prompt. Both criminal and nation-state threat actors are using this social engineering technique to compromise organizations’ environments. While Microsoft Teams has measures to warn users about potential attacks, the user can still be tricked into accepting the message.
