Last week on Malwarebytes Labs, we looked at changes to WhatsApp’s privacy policy, we provided information about Malwarebytes being targeted by the same threat actor that was implicated in the SolarWinds breach, we told the story of ZeroLogon, looked at the pros and cons of Zoom watermarking, studied the vulnerabilities in dnsmasq called DNSpooq, asked if Ti
On January 13 the Cybersecurity and Infrastructure Security Agency (CISA) issued a warning about several recent successful cyberattacks on various organizations’ cloud services.
What methods did the attackers use?
In the initial phase, the victims were targeted by phishing emails trying to capture the credentials of a cloud service account. Once the at
Co-authored byJuan Badell and Russell PetrichAs two people for whom creating phishing emails constitutes legitimate employment (we are on the product team behind the Sophos Phish Threat phishing simulation service) we know we’re in the minority.Like our not-so-lawful counterparts, we spend our days using social engineering techniques to trick people into ope
Malicious actors used a Business Email Compromise (BEC) scam to prey upon a Philadelphia non-profit food bank.According to The Philadelphia Inquirer, the scam occurred back in July when the hunger relief organization Philabundance was nearing the completion of its $12 million Philabundance Community Kitchen.Nefarious individuals impersonated the construction
<div>
<img src="https://info.phishlabs.com/hs-fs/hubfs/APWG%20Q3%20Report-%20Four%20Out%20of%20Five%20Criminals%20Prefer%20HTTPS.jpg?width=1600&name=APWG%20Q3%20Report-%20Four%20Out%20of%20Five%20Criminals%20Prefer%20HTTPS.jpg" alt="APWG Q3 Report- Four Out of Five Criminals Prefer HTTPS" width="1600" style="width: 1600px; margin: 0px 0px
Group-IB supported an INTERPOL-led operation Falcon targeting business email compromise cybercrime gang from Nigeria, dubbed TMT.
Group-IB, a global threat hunting and intelligence company, supported an INTERPOL-led operation Falcon targeting business email compromise (BEC) cybercrime gang from Nigeria, dubbed TMT by Group-IB.
byPaul DucklinWe know what you’re thinking: “Another year; another vendor; another threat report……and when I open it, I’ll be stuck in a thinly disguised product brochure.”Well, not this one.We’ve combined research from a number of threat prevention groups inside Sophos, including SophosLabs, Sophos Managed Threat Re
<div>
</div>
<img src="https://info.phishlabs.com/hs-fs/hubfs/2.3M%20Stolen%20from%20Wisconsin%20GOP%20via%20BEC%20Attack.jpg?width=300&name=2.3M%20Stolen%20from%20Wisconsin%20GOP%20via%20BEC%20Attack.jpg" alt="2.3M Stolen from Wisconsin GOP via BEC Attack" width="300" style="width: 300px; float: right; margin: 0px 0px
byDavid MitchellDavid Mitchell, Senior Director of Email Product Management at Sophos, shares his top tips to optimize workplace email security.How many work emails have you sent and received today? Despite the rise of workplace chat and instant messaging apps, for many of us email continues to dominate business communications both internally and externally.
<div>
The Anti-Phishing Working Group (APWG) has released its
<a href="https://docs.apwg.org/reports/apwg_trends_report_q2_2020.pdf">Phishing Activity Trends Report</a> analyzing phishing attacks and identifying theft techniques reported by its members for Q2 of 2020. Key highlights of the report include a significant increase in wire
byPaul DucklinHere’s a phishing email we received recently that ticks all the cybercriminal trick-to-click boxes.From BEC, through cloud storage to an innocent-sounding One Note document, right into harm’s way.Instead of simply spamming out a clickable link to as many people as possible, the crooks used more labyrinthine techniques, presumably in
A report revealed that scammers requested funds in the form of gift cards in two-thirds of business email compromise (BEC) attacks.For a phishing trends report from the Anti-Phishing Working Group (APWG), APWG member Agari examined thousands of BEC attacks that occurred in the second half of 2020. It found that 66% of them involved gift cards. By contrast, d
Last week on Malwarebytes Labs, on our Lock and Code podcast, we talked about identity and access management technology. We also wrote about business email compromises to score big, discussed how the Data Accountability and Transparency Act of 2020 looks beyond consent, and we analyzed how the Inter skimming kit is used in homoglyph attacks.
Other cyberse
The evergreen peril of business email compromise (BEC) finds itself in the news once more. This time, major English Premier League football teams almost fell victim to their trickery, to the tune of £1 million.
First half: fraudsters on the offensive
Somebody compromised a Managing Director’s email after they logged into a phishing portal via bogus ema
byPaul DucklinIf you were about to spend more than a million dollars, how careful would you be about where you sent the money?More importantly, how would you check with the recipient of the money – and how would they check with you – that both ends of the transaction were lined up correctly, with no treachery in between?It’s quite likely yo