Last week on Malwarebytes Labs, we took a look at a new version of the IcedID Trojan, described web skimmers up to no good, and took a deep dive into containerization. We also explored a report bringing bad news for organizations and insider threats, and threw a spotlight on a video game phish attack. Other cybersecurity news Delivery firm runs into trouble

A player of popular gaming title Elder Scrolls Online recently took to Reddit to warn users of a phish via Playstation messaging. This particular phishing attempt is notable for ramping up the pressure on recipients—a classic social engineering technique taken to the extreme. A terms of service violation? In MMORPG land, the scammers take a theoretically pla

It’s a sad day when we have to warn people about medical charity scams, or tax fakeouts, or even have a week dedicated to foiling charity fraud—but here we are. With so many natural disasters occurring, from wildfires in California to tornadoes in Dallas, disaster donation scams remain a top resource for scammers looking for free cash. Unfortunately, disaste

Last week on Malwarebytes Labs, we tried to unlock the future of the password (its vulnerabilities, current alternatives, and possible future disappearance), analyzed the lagging response by many businesses in adopting a patch for Pulse VPN vulnerability, looked at Instagram’s bulked-up security against phishing emails scams, and were reminded that ransomwar

<p>Since September 21, PhishLabs analysts have detected a number of phishing sites hosted on emoji domains. So far, all detected sites have a few things in common:</p> <ul> <li>They are hosted on the .WS Top Level Domain (TLD)</li> <li>They utilize domains with numerous subdomains (also emojis)</li> <li

Today’s phish blog breaks our format a bit so we can bring you lots of examples. Enjoy. And then get protected! Phishing is prevalent because it works. Even savvy users can be tricked into opening the wrong emails. I’ve seen a couple of clear examples of this recently. The first is one that quite convincingly mimics the invoice emails from a fairly sig

A Dutch website builder leveraged a secret script to steal 20,000 users’ login credentials, hack their accounts, and commit payment fraud.On 17 January, police in the northern Netherlands announced they’re contacting 20,000 users with the advice that they change their passwords as soon as possible. This move comes several months after the world f

Phishers are back to using an old tactic in a new fashion to get hold of their victims’ credentials. One of the first lessons you will learn during anti-phishing training is to hover over the links in a mail to see if they point to the site where you would expect them to point. Although good advice, this is NOT a guarantee that you are going to be safe. Alwa

We’re seeing multiple copies of the below spam dropping into mailboxes at the moment, all of which claim to be an automated tax refund of £796.86 for UK tax payers. The email reads as follows: Automated Tax Refund Notification After the last annual calculations of your fiscal activity , we determined that you are aligible to receive a tax refund o

Here’s a peculiar set of emails with an origin point tracing back at least 9 years. These missives claim to be from well known health organisations / services / global pharmaceutical companies, while trying to sign random recipients up to…something entirely unrelated to health or pharmaceuticals, as it turns out. Let’s take a look at a rece

We’re seeing a couple of different spam mails coming through which all loop back to Netflix in some way. Here’s an Apple ID phish from the last few days which uses Netflix payments via iTunes as bait: The email reads as follows: Order Receipt No. 493092733 This email confirms your purchase of the following subscription: Name of Subscriptio

Copyright warnings appearing out of the blue can be vaguely terrifying at the best of times, and we’ve spotted a phishing scam using them as a launchpad for data theft. The name of the game is worrying the potential victim into clicking on the supplied link, with a curious mix of copyright violations and account verification. Here’s an example:

Apple fans should steer clear of a convincing phishing mail doing the rounds, with the sender address popping up in a 419 scam not so long ago. Here’s the mail in question: It’s a fake tax receipt which states that a purchase has been made for “Rain Radar, Remove Ads”. If you didn’t make this purchase, you should visit the link

One can only assume the creators of this 419 scam attempt threw up their hands, cried YOLO and set about putting together the least visually convincing “This is a mail from a bank, honest” attempt I’ve seen in some time. I mean, you think banking fakeout, you think professional looking imagery. You think clean, sounds-like-a-bank wording. Y

If you go looking for Google Docs related URLs on your travels, you may run into the following site (registered through an “Offshore anonymous hosting company” in Panama): googledocs(dot)info Despite the name, you won’t find your documents sitting in a pile waiting to be edited. Indeed, you’ll currently see this: If we had a magical