November 28, 2024 at 02:38AM A phishing campaign targets individuals by falsely claiming their employment has been terminated, using a legal-sounding email to induce panic. The scam preys on economic fears, spreading malware disguised as legal documents. Attackers aim to steal sensitive information, using tactics that may evolve across different platforms. ### Meeting Takeaways 1. … Read more
November 7, 2024 at 05:26PM Organizations should be wary of phishing emails falsely claiming copyright infringement, which deploy the Rhadamanthys malware. The campaign uses AI for automation, targeting various countries. Attackers aim to steal sensitive data, including cryptocurrency wallet seed phrases, indicating a financially motivated effort by lower-level cybercriminals rather than state-sponsored groups. ### Meeting … Read more
November 5, 2024 at 01:43PM Business email compromise scammers are leveraging the DocuSign API to create seemingly legitimate e-signature requests, leading to fraud. These attackers use custom templates to send invoices, bypassing spam filters. In 2023, BEC scams have cost US businesses $2.9 billion, highlighting the need for vigilance and sender verification. **Meeting Takeaways:** 1. … Read more
October 31, 2024 at 05:17PM A phishing campaign targeting Facebook businesses in Taiwan uses deceptive emails impersonating legal teams and well-known companies to distribute malware. Threat actors demand immediate content removal under copyright claims, while employing techniques to bypass antivirus detection. Key malware includes Lumma Stealer and Rhadamanthys, which harvest sensitive information from victims. ### … Read more
September 8, 2024 at 01:10AM A new variant of sextortion email scams is targeting spouses, claiming their partner is cheating, and including links to alleged proof. This scheme aims to exploit fear and uncertainty in relationships. It’s important for individuals to be cautious and verify the authenticity of such claims before taking action. Based on … Read more
February 27, 2024 at 09:29AM The “SubdoMailing” ad fraud campaign utilizes over 8,000 legitimate domains and 13,000 subdomains to send up to five million fraudulent emails daily. Notable brands like MSN, VMware, and eBay have been unknowingly involved, aiding in bypassing spam filters. The threat actors profit from ad views and scams, with Guardio Labs … Read more
February 26, 2024 at 11:01AM A massive ad fraud campaign, “SubdoMailing,” utilizes over 8,000 legitimate internet domains and 13,000 subdomains to send up to 5 million scam and malvertising emails daily, bypassing spam filters and leveraging trusted company domains. Notable companies affected include MSN, VMware, and eBay. The campaign generates revenue through fraudulent ad views … Read more
December 20, 2023 at 04:33PM Cybercriminals are targeting hotel staff by sending emails that exploit their emotions and urgency to download password-stealing malware. Examples include false complaints, requests for assistance, and emotional scenarios. The ultimate goal is to steal hotel management credentials, which have been used in attacks against Booking.com customers. This has led to … Read more