Big Brand Jobs Scam Targets Marketing Pros' Google Accounts
The phishing campaign uses several tactics, including nested redirects, to evade detection and steal credentials from unsuspecting targets.
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
The phishing campaign uses several tactics, including nested redirects, to evade detection and steal credentials from unsuspecting targets.
A phishing campaign is impersonating more than 30 well-known brands, including Adobe, Netflix, Coca-Cola, and OpenAI, in fake job interviews to steal Google account credentials from marketing professionals. [...]
Complaint Says Service Generated More Than 1.5 Million Malicious URLsGoogle has sued a Chinese phishing-as-a-service provider accused of teaching customers to use Gemini to generate and customize scam websites, a campaign linked to more than 1.59 million phishing URLs, over 100,000 victims, and widespread credential and financial theft.
A phishing campaign delivered through Google sponsored search results is targeting credentials for ManageWP, GoDaddy's platform for managing fleets of WordPress websites. [...]
A phishing campaign is using a fake Google Account security page to deliver a web-based app capable of stealing one-time passcodes, harvesting cryptocurrency wallet addresses, and proxying attacker traffic through victims' browsers. [...]
Google-owned Mandiant on Friday said it identified an "expansion in threat activity" that uses tradecraft consistent with extortion-themed attacks orchestrated by a financially motivated hacking group known as ShinyHunters
An ongoing phishing campaign impersonates popular brands, such as Unilever, Disney, MasterCard, LVMH, and Uber, in Calendly-themed lures to steal Google Workspace and Facebook business account credentials. [...]
More Than 1M Victims Affected GloballyTech giant Google sued the Chinese-speaking operators of a phishing-as-a-service operation in what it hopes will be a first step to deterring the prolific service behind hundreds of thousands of fraudulent websites used to steal credentials from millions of victims.
Okta uncovers new phishing-as-a-service operation with 'multiple entities' falling victim Multiple attackers using a new phishing service dubbed VoidProxy to target organizations' Microsoft and Google accounts have successfully stolen users' credentials, multi-factor authentication codes, and session tokens in real time, according to security researchers.…
Phishing has evolved—and trust is the new attack vector. ChainLink Phishing uses real platforms like Google Drive & Dropbox to sneak past filters and steal credentials in the browser. Watch Keep Aware's on-demand webinar to see how these attacks work—and how to stop them. [...]
In what has been described as an "extremely sophisticated phishing attack," threat actors have leveraged an uncommon approach that allowed bogus emails to be sent via Google's infrastructure and redirect message recipients to fraudulent sites that harvest their credentials
A new phishing campaign is targeting SEO professionals with malicious Semrush Google Ads that aim to steal their Google account credentials. [...]
Cybersecurity researchers have warned about a large-scale ad fraud campaign that has leveraged hundreds of malicious apps published on the Google Play Store to serve full-screen ads and conduct phishing attacks
Cybersecurity researchers have discovered a malvertising campaign that's targeting Microsoft advertisers with bogus Google ads that aim to take them to phishing pages that are capable of harvesting their credentials
Ironically, cybercriminals now use Google search advertisements to promote phishing sites that steal advertisers' credentials for the Google Ads platform. [...]
Cybersecurity researchers have alerted to a new malvertising campaign that's targeting individuals and businesses advertising via Google Ads by attempting to phish for their credentials via fraudulent ads on Google
An ongoing phishing scam is abusing Google Calendar invites and Google Drawings pages to steal credentials while bypassing spam filters. [...]
A Latin America (LATAM)-based financially motivated actor codenamed FLUXROOT has been observed leveraging Google Cloud serverless projects to orchestrate credential phishing activity, highlighting the abuse of the cloud computing model for malicious purposes
The Russia-linked threat actor known as COLDRIVER has been observed evolving its tradecraft to go beyond credential harvesting to deliver its first-ever custom malware written in the Rust programming language
'Coldriver' Has Been Sending Backdoors Embedded in PDFs Since November 2022A Russian domestic intelligence agency hacking group known for long-lasting logon credential phishing campaigns against Western targets is now deploying malware embedded into PDFs, say security researchers from Google. "Coldriver" is using a family of backdoors Google dubs Spica.