Category: Phishing Attacks
-
A recent cyber incident highlights the growing danger of social engineering attacks inside workplace communication platforms. The Microsoft Teams vishing attack shows how easily threat actors can exploit employee trust. Attackers used a voice-phishing tactic combined with Microsoft Teams to impersonate internal IT staff. The attackers contacted employees and convinced them they were assisting with…
-
A new Microsoft Teams phishing campaign targets employees by impersonating internal IT support staff and convincing victims to grant remote access to their systems. Attackers contact workers through Microsoft Teams and claim they need to resolve technical issues affecting the employee’s account. Once victims allow the remote session, the attackers deploy malware that gives them…
-
The FBI has warned about a zoning permit phishing scam that targets property owners, contractors, and businesses involved in building or zoning applications. Criminals impersonate city or county planning officials and send emails that demand payment for fake permit fees. These messages attempt to convince victims that they must pay outstanding charges before authorities approve…
-
Phishing victim refunds could soon become a legal requirement across the European Union. A senior legal adviser to the Court of Justice of the European Union has stated that banks must reimburse customers immediately after unauthorized transactions caused by phishing attacks. The opinion strengthens consumer protections under EU payment rules. It argues that victims should…
-
Security researchers have uncovered a new phishing technique that exploits overlooked parts of the internet’s infrastructure. The .arpa phishing attack abuses reverse DNS records and IPv6 addressing to bypass traditional phishing detection systems. By manipulating infrastructure domains normally used for network operations, attackers can hide malicious links inside emails and evade common security filters. The…
-
Researchers have uncovered a phishing operation that exploits a politically sensitive topic to steal login credentials. The ICE cover phishing campaign sends deceptive emails claiming that automated marketing messages will soon include a donation button supporting US Immigration and Customs Enforcement. The emails instruct recipients to log in to their accounts to disable the supposed…
-
Malicious purchase order attachment emails are driving a new wave of phishing attacks against businesses. Cybercriminals are sending fake procurement messages that appear routine and urgent. The attached document, presented as a purchase order, contains hidden malware designed to compromise corporate systems. Security researchers warn that this tactic exploits everyday business workflows. Finance, procurement, and…
-
A coordinated freight phishing campaign is targeting logistics and transportation organizations across the United States and Europe. Security researchers report that attackers are using shipment-themed emails to trick freight companies into downloading malicious files or revealing credentials. The campaign focuses on businesses involved in shipping, freight forwarding, and supply chain management. By impersonating legitimate partners…
-
Cybercriminals are expanding phishing beyond inboxes. The hardware wallet phishing letters campaign targets cryptocurrency holders using printed mail that appears official and urgent. Instead of malicious links in emails, victims receive physical documents claiming a critical security update is required. The realistic presentation lowers suspicion and encourages immediate action. How the scam reaches victims Recipients…
-
Signal account targeting has escalated as state-linked cyber actors focus on high-profile users of the encrypted messaging platform. Security agencies warn that attackers rely on social engineering rather than technical flaws to gain access to private communications. The campaign shows how manipulation can bypass strong encryption without exploiting software vulnerabilities. How attackers access Signal accounts…