The Browser-in-the-Browser (BitB) attack technique makes it easier for attackers to mount social engineering campaigns for credential harvesting.
Phishing attacks are typically initiated via email, text/SMS messages, or instant messages which drive unsuspecting victims to phishing websites designed to deceive them into thinking they are visiting a legitimate site and allows the malicious cyber actors to steal user data, including login credentials and credit card numbers.
zvelo takes you behind the scenes of a phishing attack to show you the TTPs attackers use to gain network access and establish persistence. There is far more than meets the eye.
This is the first article of a three-part series where we examine phishing attacks that faded from popularity but are now resurging — in particular, malicious Office documents.
The adoption of single-use phishing URLs is driving new demand for zero-second detections to keep up with the dwindling lifespan of phishing sites.
Ransomware is so 2017. Today, targeted phishing poses the most significant risk. But how did we get here and what’s next for AI-based Phishing Detection.
Over the past several years, there’s been a significant increase in mobile phishing attacks—particularly targeting enterprises. In this blog, we cover 9 tips and strategies to improve your security against mobile phishing attacks.
Over the years, cybercriminals have deployed increasingly sophisticated scams to deceive users of payment processing systems—particularly small and medium sized business owners—into compromising their accounts by unknowingly divulging account credentials. Here’s an example of a recent phishing campaign from Fall 2018 targeting Stripe users.
A trend forming among newly identified phishing URLs shows bad actors sending fraudulent emails informing Apple ID users of outdated Apple ID information or problems with billing. The emails and internal links attempt to deceive Apple ID users into “verifying” account information. When the user proceeds to log in, the form handing over access credentials to their accounts.
Prior to this blog post, zveloLABS published a phishing URL alert about fake Apple account verification websites. Now, zvelo’s team of engineers and researchers has unearthed a new phishing attack campaign using fraudulent Facebook log-in sites.
zveloLABS discovered a phishing website masquerading as an account verification page for Apple IDs, as depicted in the following screenshot and explained in this blog post.