#phishing

#phishing

If a person dies, their immediate family may not know how to get into the deceased's password manager, and may contact the vendor asking for access. Scammers suspected of being part of the CryptoChameleon cyber criminal group are trying to take advantage of that by sending oddly-worded phishing messages to LastPass customers. The goal, presumably, is not only to get LastPass login credentials, but also to access the user's cryptocurrency wallet and drain its contents.

"I would say [I get them] two or three times a week. Sometimes I get multiple texts in one day. A lot of it is almost catfish, where they tell you you can work from home for x amount of money per week," said Sheree Delice.

"I started to create videos about cryptocurrency and launch my own exchange on cryptocurrency," the Durham, North Carolina, resident said.

The threat actors behind a malware family known as Winos 4.0 (aka ValleyRAT) have expanded their targeting footprint from China and Taiwan to target Japan and Malaysia with another remote access trojan (RAT) tracked as HoldingHands RAT (aka Gh0stBins). "The campaign relied on phishing emails with PDFs that contained embedded malicious links," Pei Han Liao, researcher with Fortinet's FortiGuard Labs, said in a report shared with The Hacker News.

Members of Gen Z are often referred to as "digital natives." They were born and raised in the internet era and have been engaging with computers, tablets, smartphones, and other connected devices from an early age. In many ways, this gives Gen Z an advantage in today's increasingly digital working environments-but that isn't always the case. In fact, research has consistently shown that each generation has its own unique blind spots when it comes to safely navigating the digital realm.

"Instead of relying solely on traditional command-and-control (C2) servers that can be taken down, these attackers are leveraging GitHub repositories to host malware configurations," McAfee Labs researchers Harshil Patel and Prabudh Chakravorty said in a report. "When law enforcement or security researchers shut down their C2 infrastructure, Astaroth simply pulls fresh configurations from GitHub and keeps running."

A rapidly evolving Android spyware campaign called ClayRat has targeted users in Russia using a mix of Telegram channels and lookalike phishing websites by impersonating popular apps like WhatsApp, Google Photos, TikTok, and YouTube as lures to install them. "Once active, the spyware can exfiltrate SMS messages, call logs, notifications, and device information; taking photos with the front camera; and even send SMS messages or place calls directly from the victim's device," Zimperium researcher Vishnu Pratapagiri said in a report shared with The Hacker News.

The , conducted by UC San Diego Health and Censys researchers, found that phishing-related cybersecurity training programs had no effect on whether or not employees were duped by phishing emails. After analyzing the results of 10 different phishing email campaigns sent to over 19,500 employees at UC San Diego Health over eight months, the researchers found "no significant relationship between whether users had recently completed an annual, mandated cybersecurity training and the likelihood of falling for phishing emails."

Investigators from Microsoft's Digital Crimes Unit (DCU) have disrupted the network behind the dangerous RaccoonO365 infostealer malware that targeted the usernames and credentials of Office 365 users after being granted a court order in the Southern District of New York. The operation saw a total of 338 websites linked to the popular malware seized and its technical infrastructure disrupted, severing RaccoonO365 users' access to their victims.

As AI is increasingly helping hackers to launch mass-scale email attacks, former Google security leaders have joined forces to build autonomous AI agents that aim to stop phishing, malware, and business email compromise threats before they ever reach user inboxes. That is the mission behind AegisAI, a new email security startup that has just emerged from stealth with $13 million in seed funding co-led by Accel and Foundation Capital.

Purported Microsoft employees tried to get control of my computer by claiming it was about to self-destruct. (My husband almost fell for that one.) I got numerous realistic-sounding robocalls asking for donations to charities that probably don't exist. Women with lovely telephone voices claimed to have discovered my 2009 book of poems and told me their companies could make it a big commercial success.

Tax calculations can be, well, taxing, so a message from HMRC saying that there's been a mistake may not ring too many alarm bells. Some bring good news: you have overpaid and are owed a refund, but others claim you owe money. In both cases there's an imminent deadline to act sometimes with the threat of legal action, or penalties if you don't. Scammers are taking advantage of people's fears over bills to steal personal and banking information.

These forms can be created in minutes, with clean and clear formatting, official-looking images and video, and-most importantly of all-a genuine Google Docs URL that your web browser will see no problem with. Scammers can then use these authentic-looking forms to ask for payment details or login information. It's a type of scam that continues to spread, with Google itself issuing a warning about the issue in February.

"Usually, I am pretty onto it and I have helped other friends avoid scams," she said. "For it to happen to me ... this situation got me off guard."