A new phishing campaign has been uncovered targeting companies that may work with the US Department of Transportation. The campaign, discovered by security company INKY, found that phishers are impersonating the US Department of Transportation (DOT) in an effort to harvest Microsoft Office 365 credentials, INKY's Roger Kay wrote in a blog post.
Threat actors impersonated the U.S. Department of Transportation (USDOT) in a two-day phishing campaign that used a combination of tactics – including creating new domains that mimic federal sites so as to appear to be legitimate – to evade security detections. Between Aug. 16-18, researchers at e-mail security provider INKY detected 41 phishing emails dangling the lure of bidding for projects benefitting from a $1 trillion infrastructure package recently passed by Congress, according to a report written by INKY’s Roger Kay, vice president of security strategy, that was published on Wednesday.
A recently uncovered phishing campaign used fake COVID-19 vaccination forms - and took advantage of confusion over whether employees will return to their offices this fall - to harvest workers' email credentials, according to analysts with security firm INKY. See Also: Automating Security Operations During this phishing campaign, which was active earlier this month, the fraudsters appeared to have used compromised email accounts to send realistic-looking emails to employees that purported to come from the targeted company's human resources department, according to INKY researchers. These messages contained a malicious PDF link that would take victims to a phishing page to harvest their Microsoft Outlook credentials.
A trio of phishing reports is shedding light on the eclectic arsenal of techniques that cybercriminals have at their disposal, including using current events such as vaccine news to craft timely and urgent lures, as well as exploiting legitimate services and platforms, like Verizon’s multimedia messaging service and the UPS.com website. Scammers pose as HR deptment seeking vaccine documents Inky this week observed a spate of phishing activity this summer in which cyber criminals were pretending to be the HR department, asking email recipients to submit a COVID-19 vaccination form.
The rise in the value of cryptocurrencies has inevitably drawn the eye of criminals, and the concentration of crypto in the cryptocurrency exchanges has focused that attention. Coinbase is the largest exchange in the U.S., and researchers have detected numerous phishing campaigns against Coinbase users. The size/value of Coinbase is impressive. It claims to have more than 56 million verified users in more than 100 countries. Its traded volume is around $335 billion, and it has $223 billion in assets on the platform.
New Capability Provides Robust Detection and Remediation Capabilities for Email Security Threats Within the Organization. College Park, MD – July 12, 2021 – – INKY Technology Corporation, a pioneer in next-gen email phishing protection, announced that is now offering Internal Mail Protection to better protect customers from email and phishing attacks sent within the organization. This new capability augments INKY’s leading phishing prevention technology used on incoming external emails.
Authentico, The IT security company headquartered in Gothenburg, Sweden, today announced it has entered into a partnership with INKY Technology Corporation, a pioneer in next-gen email phishing protection.
According to the Japan Times, the organizing committee for the Tokyo Olympics has suffered a data breach as a consequence of Fujitsu's recent compromise. The Record reports that Cox Media livestreams were interrupted yesterday in what multiple sources tell the Record was a ransomware attack.
Experts insist that following the basic principles of cyber security will go a long way to lowering the odds of being victimized by an attacker. The latest proof is last month’s ransomware attack on Colonial Pipeline in the U.S. Hackers got in by exploiting a compromised username and password, according to an official of FireEye’s Mandiant threat intelligence service. Mandiant was called in to investigate the breach. The executive told Bloomberg News the password for a virtual private network account was no longer in use, but was still valid. That password was posted on the dark web, which raises the possibility a current or former Colonial employee used the same password on another account that had been hacked.
Researchers have discovered a new phishing campaign designed to spread ransomware and steal data by capitalizing on interest in the recent Colonial Pipeline outage. Security vendor Inky spotted the malicious emails, which said several Microsoft 365 customers were targeted.