Since the World Health Organization (WHO) declared the COVID-19 outbreak a pandemic on March 11, IBM X-Force has observed a more than 6,000 percent increase in COVID-19-related spam, with lures ranging the full gamut of challenges and concerns facing individuals — from phishing emails impersonating the Small Business Administration (SBA) and the WHO to U.S.

Between late March and mid-April 2020, IBM X-Force Incident Response and Intelligence Services (IRIS) uncovered a phishing campaign targeting small businesses that appears to originate from the U.S. Government Small Business Administration (SBA.gov). The emails, which contain subjects and attachments related to the need for small businesses to apply for disa

Digital fraudsters have seized upon coronavirus 2019 (COVID-19) as a lure for their new scams and attack campaigns. Together, these malicious operations constitute nothing short of a deluge. Barracuda revealed that it spotted 9,116 coronavirus-themed spear-phishing emails between March 1 and March 23, 2020—a 667% increase over the 1,188 attacks detected a mo

Many in the digital security community are coming together to combat malicious actors during the coronavirus disease 2019 (COVID-19) global outbreak. One of the most visible of these new efforts is the COVID-19 CTI League. Made up of approximately 400 volunteers living in approximately 40 countries, the COVID-19 CTI League is working to block attackers from

In the last week, we’ve seen multiple coronavirus scams pushed by bad actors, including RAT attacks via fake health advisories, bogus e-books working in tandem with Trojans, and lots of other phishing shenanigans. Now we have another one to add to the ever-growing list: dubious coronavirus Bitcoin missives landing in your inbox. Reworking a classic spam tact

Malicious actors are increasingly leveraging COVID-19 as a theme for new digital fraud attacks. In February 2020, for instance, Action Fraud received 21 reports of fraud relating to the coronavirus. This number of reports more than doubled to 46 between March 1 and March 13, 2020. Between March 14 and March 18, 2020, the United Kingdom’s national fraud

This year, March 19 ushered in spring in the Northern Hemisphere — the first time since 1896 that the season has started so early. So why not take advantage of the season’s early arrival to do some spring cleaning, not only of your physical space, but of your data and systems, too? Digital spring cleaning can make your life easier and dramatically impr

The tax season deadline in the U.S. is April 15, 2020, and that means scammers are officially on the prowl for unsuspecting tax fraud victims. Attackers are utilizing both time-tested and new techniques to collect tax information and personal data from victims and target individual and corporate accounts. No one is immune from tax season risks, and most of u

Mobile telecommunications company T-Mobile disclosed a data security incident that might have exposed the account information of some of its customers.T-Mobile’s Cybersecurity team learned of the incident when it discovered an attack against its email vendor. The team responded by shutting down the attack and launching an investigation into what happen

A San Diego-based provider of affordable preschool disclosed that a data privacy incident might have affected some customers’ personal information.In a notice of data breach published on February 5, Educational Enrichment Systems, Inc. (EES) announced that it had suffered a security incident involving an employee’s email account:On August 30, 201

Security researchers observed email attackers abusing the coronavirus outbreak to infect concerned users with the Emotet trojan.IBM X-Force found that the attack emails appeared to originate from a Japanese disability welfare service provider. Those emails informed recipients that officials had learned of a developing coronavirus outbreak in Japan’s Gi

I published the following diary on isc.sans.edu: “Generating PCAP Files from YAML“: BEC or “Business Email Compromize” is a trending thread for a while. The idea is simple: a corporate mailbox (usually from a C-level member) is compromized to send legitimate emails to other employees or partners. That’s the very first st

Phishing has been around since email has existed. It is an ever-present cyberthreat, and one of the most dangerous. It is estimated that one in every 99 emails is a phishing attack, and that 30% of phishing emails manage to get around default protections. What’s more, over 92% of the malware in the world arrives via email. Apart from malware, phishing emails

Instagram announced the release of a new feature that’s designed to help its users identify phishing emails impersonating the social media platform.On October 7, Instagram tweeted out about the new capability and said that users can leverage it to verify whether an email claiming to originate from the social network is legitimate.Heads up: Today, we’re

The Methodist Hospitals, Inc. revealed that a phishing attack potentially affected the information of approximately 68,000 patients.According to its Notice of Data Incident, the non-profit healthcare system located in Gary, Indiana detected unusual activity involving an employee’s email account back in June 2019. The Methodist Hospitals (‘Methodi