Waiting for Your Pay Raise? Cofense Warns Against HR-Related Scams
Email security provider Cofense outlined some of the most common HR-related scams and phishing campaigns it has observed
Phishing uses deceptive messages to steal credentials or deliver malware, while user verification, MFA, and email filtering reduce the risk.
Search across headline titles and summaries.
Background for this topic.
Phishing is deceptive communication—by email, text, phone, or a fake website—that impersonates a trusted person or service to make someone disclose credentials, approve a transaction, reveal sensitive information, or run harmful software. Attackers use it to bypass technical controls by persuading a legitimate user to perform an action, and may target employees, customers, administrators, or suppliers.
Its impact can include account takeover, unauthorized payments, exposure of personal or business data, and access to internal systems. The most effective control for stolen-password phishing is phishing-resistant multi-factor authentication, such as hardware-backed passkeys or security keys, which binds authentication to the legitimate site. Organizations should also filter and authenticate messaging where possible, use password managers, restrict risky actions, train users to verify unusual requests through a separate channel, and provide rapid reporting so suspected credentials or sessions can be revoked.
Email security provider Cofense outlined some of the most common HR-related scams and phishing campaigns it has observed
Framework Computer disclosed a data breach exposing the personal information of an undisclosed number of customers after Keating Consulting Group, its accounting service provider, fell victim to a phishing attack. [...]
Dubai Police are issuing warnings about highly indexed websites that mimic popular online destinations, like the city's travel card top-up site.
Also: Bitcoin ETP, Gamma and dYdX Attacks, 2023 Hack StatsThis week, hackers ran crypto phishing scams on X accounts, the SEC approved bitcoin ETP, hackers stole $3.4 million from Gamma, dYdX detailed post-hack steps, CertiK published 2023 hack stats, TRM Labs discussed North Korean hacking and Apple India blocked users from offshore crypto exchanges.
All Organizations That Use X Should Review Their Two-Factor Authentication SettingsGoogle Cloud's Mandiant says its account at X, formerly Twitter, was hijacked and used to link to cryptocurrency phishing pages after an attacker guessed the account password, apparently after Twitter last year deactivated the account's SMS-based two-factor authentication, leaving it unprotected.
Generative AI will enable anyone to launch sophisticated phishing attacks that only Next-generation MFA devices can stop The least surprising headline from 2023 is that ransomware again set new records for a number of incidents and the damage inflicted. We saw new headlines every week, which included a who’s-who of big-name organizations. If MGM, Johnson Controls, Chlorox, Hanes Brands, Caesars
An emerging threat actor, Water Curupira, is wielding a new, sophisticated loader in a series of thread-jacking phishing campaigns that precede ransomware.
The Arctic Wolf report found that 14.3% of officials believe their state is not prepared at all to deal with election-targeted cyber incidents, including phishing and disinformation campaigns
A threat actor called Water Curupira has been observed actively distributing the PikaBot loader malware as part of spam campaigns in 2023