Nearly one-third of all data breaches involved phishing in one way or another, according to a 2019 Verizon report. After passwords breach, phishing is the most preferred way for cybercriminals to infiltrate into target systems. Lately, researchers reported several phishing scams that may knock at your door anytime now.

Fake update on Coronavirus vaccine

Researchers at Check Point uncovered a phishing campaign exploiting users’ interest in the coronavirus vaccine.
  • Hackers manipulate users into downloading malicious Windows, Word, and Excel files related to an update on the Coronavirus vaccine, to steal credentials.
  • It was also revealed that one out of every 25 malicious coronavirus-related websites’ landing pages is vaccine-related.

Internal emails could be malicious too

Abnormal Security researchers exposed a phishing campaign that compromises internal accounts within an organization to defraud employees.
  • Criminals are targeting Office 365 clients impersonating someone from within the company and sending an encrypted message notification related to OneDrive for Business file.
  • Besides making it look like an authentic request, a compromised internal account helps attackers bypass external email security incorporated by a company.

It’s a fake email scanner

Kaspersky researchers discovered a phishing campaign tricking users into visiting malicious websites to scan their emails for security reasons.
  • The emails claim to originate from an organization’s email security team, while it had origins of a Hotmail account.
  • To intimidate the recipient, adversaries would send a “Virus Alert!!!” email containing a link to a website masquerading as an email scanner. Users submitting account details on the website will result in leaking the account credentials.

Excuse the “Urgent Update Request”

Researchers are warning against a phishing scam after cPanel users reported a suspicious email sent to them.
  • According to sources, cybercriminals were spotted masquerading as a security advisory alert to swindle credentials of cPanel and WebHost Manager (WHM) users.
  • The fake advisory requests users of cPanel and WHM software versions 88.0.3+, 86.0.21+, and 78.0.49+ to install new updates by redirecting them to phishing pages.

On your toes, executives!

Trend Micro also recently shed light on an ongoing Business Email Compromise (BEC) campaign by Water Nue, a hacker gang, targeting senior executives.
  • Hackers are making spear-phishing attempts on Office 365 accounts of senior leaders from both the U.S. and Canada. 
  • Researchers found over 1,000 companies affected in a series of attacks around the globe since March 2020.

Safety tips

Charity begins at home i.e. mitigation for phishing usually starts with employee training. As per security experts, employers should often ask their staff to be extra careful of any message, especially from inside the company, and to be wary of critical information requests. Any doubts or unclarified query should be escalated to the IT department;, it’s the best way to prevent any security mishap.

Cyware Publisher