As more users adopt multi-factor authentication (MFA) for account security, threat actors increase efforts to bypass this security measure. They often use phishing emails to gather login details for online accounts and phishing kits to increase the effectiveness of these campaigns.
Search Generative Experience (SGE) is Google’s upcoming generative artificial intelligence (AI) search feature. Google first allowed users to opt into the Google SGE results in May 2023. Google began rolling out this feature to a small sample of random users who have not yet opted in.
Threat actors use SMS texts in phishing campaigns to steal users’ personal data, funds, etc. SMS-based phishing (SMiShing) may be more effective than email phishing as these messages are viewed on a mobile device, making it difficult to identify malicious texts.
With Tax Day quickly approaching, many taxpayers may feel stressed as they work to file their tax returns promptly and accurately. During this time, cybercriminals may exploit this human vulnerability and leverage the rapid advancement and increase in artificial intelligence and deepfakes.
A sophisticated phishing scheme of fraudulent URLs, login pages, a sense of urgency and legitimacy, and persistent communication through mobile devices was recently discovered. The phishing kit revealed the creation of replicas of login pages and impersonating organizations.
On February 22, a compromised email account sent phishing emails to several contacts at a New Jersey educational institution. The users who attempted to access the link in the email and submitted their credentials had their accounts compromised by the threat actor.
Subdomain hijacking occurs when threat actors gain control of a subdomain of a legitimate domain by taking over unused or abandoned subdomains to inject their IP address into the SPF record, and send emails on behalf of the primary domain name.
Recent trends reveal an alarming increase in cyberattacks targeting the financial sector. The critical nature of financial services and operations, coupled with the increased digitalization, make financial organizations targets for fraud, phishing and ransomware attacks.
Multiple vulnerabilities have been discovered in ConnectWise ScreenConnect, the most severe of which could allow for remote code execution. Successful exploitation of the most severe of these vulnerabilities could allow for remote code execution in the system.
Reports of QR Code phishing attacks recently increased. With the surge of QR code use in everyday life (check-in systems, and wireless payments, etc) attackers take advantage of the increased adoption of QR code scanning by potential victims. Read to learn how to protect against this.
