Security news aggregator

Latest coverage for Phishing

Phishing uses deceptive messages to steal credentials or deliver malware, while user verification, MFA, and email filtering reduce the risk.

16 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

Phishing is deceptive communication—by email, text, phone, or a fake website—that impersonates a trusted person or service to make someone disclose credentials, approve a transaction, reveal sensitive information, or run harmful software. Attackers use it to bypass technical controls by persuading a legitimate user to perform an action, and may target employees, customers, administrators, or suppliers.

Its impact can include account takeover, unauthorized payments, exposure of personal or business data, and access to internal systems. The most effective control for stolen-password phishing is phishing-resistant multi-factor authentication, such as hardware-backed passkeys or security keys, which binds authentication to the legitimate site. Organizations should also filter and authenticate messaging where possible, use password managers, restrict risky actions, train users to verify unusual requests through a separate channel, and provide rapid reporting so suspected credentials or sessions can be revoked.

Showing 16 most recent headlines Filtered view
Bank Info Security 2 years, 2 months ago

FIN7 Targeted US Automotive Giant In Failed Attack

Spear Phishing Messages Sent to Emplpyees With Admin RightsA Russia-based cybercriminal group targeted a large American auto manufacturer, more evidence of its shift to deep-pocketed victims the gang hopes will deliver a major payday. FIN7 - also known as Carbon Spider and Sangria Tempest - targeted employees with “high levels of administrative rights."

Bank Info Security 2 years, 2 months ago

Breach Roundup: LabHost Phishing-as-a-Service Site Goes Down

Also: Omni Hack Exposed Customer Data; More Ivanti Vulnerabilities Come to LightThis week, police disrupted the LabHost phishing-as-a-service site, customer data compromised in Omni Hotels hack, more Ivanti vulnerabilities found, Moldovan botnet operator faces U.S. charges, Cisco warned of a data breach in Duo and a Spanish Guardia Civil contractor suffered a ransomware attack.

Bank Info Security 2 years, 2 months ago

Breach Roundup: LabHost Goes Down

Also: Omni Hack Exposed Customer Data and More Ivanti VulnerabilitiesThis week, police took down the LabHost phishing-as-a-service site, customer data compromised in Omni Hotels hack, more Ivanti vulnerabilities, a Moldovan botnet operators faces U.S. charges, Cisco warned of data breach in Duo and a Spanish Guardia Civil contractor suffered a ransomware attack.

Criminals make lucrative use of stolen credit cards Speaking at Black Hat Asia on Thursday, a Korean researcher revealed how the discovery of one phishing website led to uncovering an operation whose activities leveraged second-hand shops and included using Apple’s "someone-else pickup" method to cash in.…