20 matches found
TLS Certificate and Domain Feature Analysis of Phishing Domains in the Danish .Dk Namespace
Phishing attacks remain a persistent cybersecurity threat, and the widespread adoption of TLS certificates has unintentionally enabled malicious websites to appear trustworthy to users. This study examines whether certificate metadata and domain characteristics can help distinguish phishing domai...
SMS Phishers Pivot to Points, Taxes, Fake Retailers
China-based phishing groups blamed for non-stop scam SMS messages about a supposed wayward package or unpaid toll fee are promoting a new offering, just in time for the holiday shopping season: Phishing kits for mass-creating fake but convincing e-commerce websites that convert customer payment...
INFERMAL: Inferential Analysis of Maliciously Registered Domains
Cybercriminals have long depended on domain names for phishing, spam, malware distribution, and botnet operation. To facilitate the malicious activities, they continually register new domain names for exploitation. Previous work revealed an abnormally high concentration of malicious registrations...
1 million victims, 17,500 fake sites: Google takes on toll-fee scammers
A Phishing-as-a-Service PhaaS platform based in China, known as “Lighthouse,” is the subject of a new Google lawsuit. Lighthouse enables smishing SMS phishing campaigns, and if you’re in the US there is a good chance you've seen their texts about a small amount you supposedly owe in toll fees...
17,500 Phishing Domains Target 316 Brands Across 74 Countries in Global PhaaS Surge
The phishing-as-a-service PhaaS offerings known as Lighthouse and Lucid has been linked to more than 17,500 phishing domains targeting 316 brands from 74 countries. "Phishing-as-a-Service PhaaS deployments have risen significantly recently," Netcraft said in a new report. "The PhaaS operators...
Cybercriminals Can Now Clone Any Brand's Site in Minutes Using Darcula PhaaS v3
The threat actors behind the Darcula phishing-as-a-service PhaaS platform appear to be readying a new version that allows prospective customers and cyber crooks to clone any brand's legitimate website and create a phishing version, further bringing down the technical expertise required to pull of...
Remote Monitoring & Management software used in phishing attacks
Remote Monitoring & Management RMM software, including popular tools like AnyDesk, Atera, and Splashtop, are invaluable for IT administrators today, streamlining tasks and ensuring network integrity from afar. However, these same tools have caught the eye of cybercriminals, who exploit them to...
Antisquat - Leverages AI Techniques Such As NLP, ChatGPT And More To Empower Detection Of Typosquatting And Phishing Domains
AntiSquat leverages AI techniques such as natural language processing NLP, large language models ChatGPT and more to empower detection of typosquatting and phishing domains. How to use Clone the project via git clone https://github.com/redhuntlabs/antisquat. Install all dependencies by typing pip...
.US Harbors Prolific Malicious Link Shortening Service
The top-level domain for the United States -- .US -- is home to thousands of newly-registered domains tied to a malicious link shortening service that facilitates malware and phishing scams, new research suggests. The findings come close on the heels of a report that identified .US domains as amo...
‘Snatch’ Ransom Group Exposes Visitor IP Addresses
The victim shaming site operated by the Snatch ransomware group is leaking data about its true online location and internal operations, as well as the Internet addresses of its visitors, KrebsOnSecurity has found. The leaked data suggest that Snatch is one of several ransomware groups using paid...
Why is .US Being Used to Phish So Many of Us?
Domain names ending in ".US" -- the top-level domain for the United States -- are among the most prevalent in phishing scams, new research shows. This is noteworthy because .US is overseen by the U.S. government, which is frequently the target of phishing domains ending in .US. Also, .US domains...
State-Sponsored Sidewinder Hacker Group's Covert Attack Infrastructure Uncovered
Cybersecurity researchers have unearthed previously undocumented attack infrastructure used by the prolific state-sponsored group SideWinder to strike entities located in Pakistan and China. This comprises a network of 55 domains and IP addresses used by the threat actor, cybersecurity companies...
Disneyland Malware Team: It’s a Puny World After All
A financial cybercrime group calling itself the Disneyland Team has been making liberal use of visually confusing phishing domains that spoof popular bank brands using Punycode, an Internet standard that allows web browsers to render domain names with non-Latin alphabets like Cyrillic. The...
Okta Hackers Behind Twilio and Cloudflare Attacks Hit Over 130 Organizations
The threat actor behind the attacks on Twilio and Cloudflare earlier this month has been linked to a broader phishing campaign aimed at 136 organizations that resulted in a cumulative compromise of 9,931 accounts. The activity has been condemned 0ktapus by Group-IB because the initial goal of the...
openSquat - Detection Of Phishing Domains And Domain Squatting. Supports Permutations Such As Homograph Attack, Typosquatting And Bitsquatting
What is openSquat openSquat is an opensource Intelligence OSINT security tool to identify cyber squatting threats to specific companies or domains, such as: Phishing campaigns Domain squatting Typo squatting Bitsquatting IDN homograph attacks Doppenganger domains Other brand/domain related scams ...
WARNING – New Phishing Attack That Even Most Vigilant Users Could Fall For
How do you check if a website asking for your credentials is fake or legit to log in? By checking if the URL is correct? By checking if the website address is not a homograph? By checking if the site is using HTTPS? Or using software or browser extensions that detect phishing domains? Well, if yo...
ThreatList: $1.1M is Lost to Cybercrime Every Minute of Every Day
Every 60 seconds, $1.1 million is lost to cyberattacks. That staggering stat comes to us by way of RiskIQ, which compiled proprietary and third-party research to crunch numbers around malicious activity. The resulting report, the appropriately named “Evil Internet Minute,” paints a stark picture ...
Rotten Apples: Apple-like Malicious Phishing Domains
At FireEye Labs we have an automated system designed to proactively detect newly registered malicious domains. This system observed some phishing domains registered in the first quarter of 2016 that were designed to appear as legitimate Apple domains. These phony Apple domains were involved in...
Report: Phishing Domain Registrations Way Down
Online criminals registered far fewer Web domains for use in phishing attacks in the first half of 2011, in what may signal a decrease in phishing scams, according to a global phishing survey released this month by the Anti-Phishing Working Group APWG. In all, the group observed phishing attacks...
Faster Actions Needed Against Phishing Domains
From Netcraft Criminals often register their own domain name to perform phishing attacks. Unlike the other common phishing site scenarios including hacked servers, open redirects, and abuse of free webhosting, phishing sites that have their own domain name can be harder to remove, because the...