As offices start to slowly open back up, the theoretically post-pandemic world is changing its threat landscape once again, and that includes the likely inclusion of coronavirus phishing attempts. With the move to remote work, attackers switched up their tactics. Personal devices and home networks became hot targets. Organizations struggled with securing dev

Royal Mail phish scams are still in circulation, slowly upgrading their capabilities with evasion tools deployed in far more sophisticated malware attacks. Often, the quality of sites we see varies greatly. Many fake Royal Mail pages are cookie-cutter efforts existing on borrowed time. The operators know their scam is a case of here today, gone tomorrow.

Smishing is a valuable tool in the scammer’s armoury. You’ve likely run into it, even if you didn’t know that is its name. It doesn’t arrive by email or social media direct message, instead choosing a route directly aimed at what may be your most personal device: the mobile phone. So, what is Smishing? We’re glad you asked. D

We’re no strangers to the Twitter customer support DM slide scam. This is where someone watches an organisation perform customer support on Twitter, and injects themselves into the conversation at opportune moments hoping potential victims don’t notice. This is aided by imitation accounts modelled to look like the genuine organisation’s account.

Last week, we looked at a Royal Mail themed scam which has very quickly become the weapon of choice for phishers. It’s pretty much everywhere at this point. Even one of my relatives with a semi-mystical ability to never experience a scam ever, received a fake SMS at the weekend. The problem with common attacks is we grow complacent, or assume it isn’t rea

There’s been a number of scams targeting fans of major upcoming video game releases over the last week or two. Why is this happening, and what can you do to ensure both you and your children avoid such fakeouts? Preview power: the 80s and 90s Back in the 80s, games reviews were only really found in dedicated gaming magazines like ZZap!64 or Amstrad Act

Expecting a delivery? Watch out for phishing attempts warning of held packages and bogus shipping fees. This Royal Mail delivery scam begins with a text message out of the blue, claiming: Your Royal Mail parcel is waiting for delivery. Please confirm the settlement amount of 2.99 GBP via:Uk(dot)royalmail-bill(dot)com Lots of folks may assume this text

This week on Lock and Code, we discuss the top security headlines generated right here on Labs. In addition, we talk to Eva Galperin, director of cybersecurity for Electronic Frontier Foundation, about the importance of protecting online anonymity and speech. In January, the New York Times exposed a public harassment campaign likely waged by one woman ag

Google and researchers at Stanford University have released an in-depth study analysing 5 months of phishing / malware mails sent globally. “Who is targeted by email-based phishing and malware? Measuring factors that differentiate risk” looked at more than a billion mails. The results were then fed into a presentation at the Internet Measurement

byPaul DucklinIf you’ve ever wondered why cybercriminals are interested in your IM passwords……well, it’s not just so they can sneak into your account and snoop through your personal data with a view to abusing it themselves or selling it on to someone else who will.Access to your account also gives crooks a level of trusted access to

It may not be tax season in your part of the world right now but you’ll no doubt be pleased to know a prolific tax scammer is on their way to jail for 20 years. If you’re annoyed by tax scam missives, or had the misfortune to hand money over, this is probably satisfying news. Between 2013 and 2016, Hitesh Patel ran a particularly sophisticated operation.

Today we’re rounding up some of the interesting pieces of spam currently in circulation, taking in everything from housing deals to mysteriously free slices of cash. You may have seen some of these already. Hopefully we can help make up your mind about whatever’s lurking in your mailbox. A full house of spam Whether by accident or design, y

This post was authored by Jérôme Segura with contributions from Hossein Jazi, Hasherezade and Marcelo Rivero. In recent weeks, we’ve observed a number of phishing attacks against universities worldwide which we attributed to the Silent Librarian APT group. On October 19, we identified a new phishing document targeting staff at the University of Brit

A ransomware gang has made headlines for donating a big chunk of stolen funds to two charities. Two separate donations given to Children International and The Water Project rang tills to the tune of $10,000 each. Their reason was that they’re targeting “only large profitable corporations, we think it’s fair that some of the money they’ve paid will go to char

A threat actor known as Silent Librarian/TA407/COBALT DICKENS has been actively targeting universities via spear phishing campaigns since schools and universities went back. We were initially tipped off by one of our customers, and were able to identify a new active campaign from this APT group. Based off a number of intended victims, we can tell that Sil