Cyber criminals are using coronavirus-themed voicemail notifications in the latest efforts to act on pandemic fears and steal credentials. The example below shows how they are doing it. We are providing ongoing updates on coronavirus-themed attacks observed by the PhishLabs team. This post and others are meant to help the security community stay up-to-date on how threat actors are exploiting the...

In recent efforts to deliver attacks that abuse the novel coronavirus, threat actors are exploiting workplace concerns about outbreak prevention and shipment delays. Below are two examples sent with the intent of delivering malware. We are providing ongoing updates on coronavirus-themed attacks observed by the PhishLabs team. This post and others are meant to help the security community stay up-to...

In the past month, we have identified and documented the methods in which threat actors have exploited the novel coronavirus (COVID-19). As fear and uncertainty around the global pandemic continue to grow, threat actors are working in tandem to develop relevant malicious lures and cyber threats. In our continued effort to provide the most relevant cyber threat intelligence, today we are launching...

Cyber criminals are using the stimulus bill and relief payments to exploit growing concerns about financial security. The examples below are impersonating financial institutions. This post and others are meant to help the security community stay up-to-date on how threat actors are exploiting the pandemic. The first example spoofs the sender's address to target a medical center. The actual email...

Threat actors are repurposing Nigerian Prince or 419 lures with novel coronavirus messaging to capitalize on the current pandemic. Today's examples demonstrate how they are doing it. We are providing ongoing updates on coronavirus-themed attacks observed by the PhishLabs team. This post and others are meant to help the security community stay up-to-date on how threat actors are exploiting the...

Threat actors are exploiting employee concerns about infected colleagues. Our latest example targets Office 365 accounts at a large Canadian company by falsely claiming a colleague has died from the virus. We are providing ongoing updates on coronavirus-themed attacks observed by the PhishLabs team. This post and others are meant to help the security community stay up-to-date on how threat actors...

The novel coronavirus is giving opportunistic threat actors new means of deploying malicious lures on unsuspecting targets. Today's example shows the attacker leveraging the pandemic by offering guidance on how to avoid coronavirus scams. Unfortunately, it's also a scam. We are providing ongoing updates on coronavirus-themed attacks observed by the PhishLabs team. This post and others are meant to...

Threat actors continue using COVID-19 fears to exploit individuals on a variety of channels. Today we are taking a look at two new, related SMS lures. We are providing ongoing updates on coronavirus-themed attacks observed by the PhishLabs team. This post and others are meant to help the security community stay up-to-date on how threat actors are exploiting the pandemic. The first example is a...

As COVID-19 continues to spread, we are seeing an increase in threat actors impersonating public health organizations and luring victims in with fake links to government agencies. The four examples below impersonate the Center for Disease Control and Prevention (CDC) and the World Health Organization (WHO) using lures we have recently observed. We are providing ongoing updates on coronavirus...

We continue to see a wide range of lures exploiting coronavirus fears. In this post, we take a look at three recently observed lure samples that use the possibility of a cure to entice victims. We are providing ongoing updates on coronavirus-themed attacks observed by the PhishLabs team. This post and others are meant to help the security community stay up-to-date on how threat actors are...

As COVID-19 cases have further spread over the past few weeks, our team has come across new lures that target an individual's fear of coronavirus as it relates to their health insurance coverage. Both examples lead to malicious sites that attempt to steal Microsoft Office 365 login credentials. We are providing ongoing updates on coronavirus-themed attacks observed by the PhishLabs team. This post...

A few weeks ago we noted some early examples of Coronavirus phishing campaigns. Since then, the pandemic has spread and we've seen a dramatic uptick in COVID-19-themed malicious activity, with everything from domain registration to phishing emails and even malware campaigns. Going forward, we will be publishing more examples as we find additional methods cybercriminals are using to exploit the...

By this time, most everyone in the world has heard about COVID-19, a global outbreak that is commonly referred to as the Coronavirus. With growing fear and a lack of information, the stock markets have dropped to lows we haven't seen in years, and organizations everywhere are putting together contingency plans. Like most global events, this scenario creates a perfect opportunity for threat actors...

In order to increase the lifespan of their campaigns, most threat actors implement evasion techniques to keep their activity from being detected by defenders and their intelligence tools. In this blog post, we'll take a look at how geoblocking by IP is used. Geoblocking by IP takes advantage of the victim's location. It is often used on sites hosting malicious content to limit the exposure of the...

Social media account compromise is nothing new. If you haven't had an account hacked in the past, most of us know someone who has. According to a study by the University of Phoenix , almost two-thirds of US adults have had at least one social media account hacked. Another report found that 53% of social media logins are fraudulent. But what's the big deal? Your account gets hacked, you eventually...

On August 30, Twitter CEO Jack Dorsey became the most notable victim of one of the fastest-growing cyber threats: SIM Swapping. SIM Swap Attacks are increasing because they only require social engineering and access to a SIM card, which makes it another form of phishing. You can find our definition of phishing here . In a few words, it isn't that difficult. What is SIM Swapping? SIM swapping is a...

On a daily basis, most people will use some form of social media. From checking photos of your friends and pets, to communicating with coworkers and loved ones, social media is a large part of the connected world. Unfortunately, this also means that the more social media is used, the more likely that threat actors will try to exploit it. Join us on February 6, at 3 PM ET, as we discuss how social...

PhishLabs has detected attempts to compromise Microsoft Office 365 administrator accounts as part of a broad phishing campaign. In the campaign, the threat actor(s) delivered a phishing lure that impersonated Microsoft and their Office 365 brand but came from multiple validated domains - an educational institution for example - not belonging to Microsoft. If the victim clicked the link, they were...

This week, APWG released its findings from Q3 that compiles insights from their member companies and provides an analysis of how phishing is changing. The key findings from the latest report show that phishing attacks continued to rise throughout the year, 40% of BEC attacks involve domains registered by the threat actor, and now more than two-thirds of all phishing sites are using SSL certs or...

At the height of social media adoption, users willingly shared everything from the lunch they just ate to the exact places they visited throughout the day. While some of this has been reduced as consumers learned how sharing private information could impact their privacy, many people still hide these kinds of updates behind basic security controls. This is just one of the reasons that a flurry of...