AiTM Phishing Attacks: Keeping Up with Attacker TTPs
Attackers are turning up the heat with advanced TTPs like Adversary-in-the-Middle (AiTM) phishing attacks to steal session cookies and bypass MFA security.
Phishing websites are spoofed sites which often appear as exact replicas of legitimate sites, but they are actually a front used to trick users into providing password credentials or other sensitive information to a malicious cyber actor.
Smishing: A Growing Phishing Threat
Communication via SMS is globally ubiquitous and attackers increasingly leverage Smishing to distribute phishing links to bait their victims.
Phishing Attack Topologies
Phishing threats are not homogeneous in nature. Malicious actors use several different phishing attack topologies to execute their campaigns – each of which require a different approach to detect and mitigate the threat.
The Rise of Single-Use Phishing URLs and the Need for Zero-Second Detection
The adoption of single-use phishing URLs is driving new demand for zero-second detections to keep up with the dwindling lifespan of phishing sites.
2018 Phishing Campaign Against Stripe Payment Processing Users
Over the years, cybercriminals have deployed increasingly sophisticated scams to deceive users of payment processing systems—particularly small and medium sized business owners—into compromising their accounts by unknowingly divulging account credentials. Here’s an example of a recent phishing campaign from Fall 2018 targeting Stripe users.
Phishing Websites Detected by zvelo
Prior to this blog post, zveloLABS published a phishing URL alert about fake Apple account verification websites. Now, zvelo’s team of engineers and researchers has unearthed a new phishing attack campaign using fraudulent Facebook log-in sites.
zvelo Newly Enhanced Phishing Website, Attack Detection System
With the increasing complexity of threats appearing on the Internet, coupled with the rapid development of security products designed to mitigate them, the number of phishing-based attacks have grown. In the first half of 2011 and compared to the second half of 2010, the Anti-Phishing Working Group (APWG) reported a 62% increase in unique phishing attacks worldwide in 200 top-level domains (TLDs).1 This trend warrants swift action to address the growing threat.
Fraudulent Websites: Spammers Shift Tactics
Viagra’s days may be numbered, at least when it comes to being the drug-of-choice on fraudulent pharmacy websites. Recently, zveloLABS™ noticed a strong shift to another lifestyle drug named Adipex–a brand name alternative to the weight-loss drug phentermine.
Pharma-Fraud Continues to Dominate Spam
Have you taken a look inside your Spam folder recently? Without a doubt you’ll find the folder full of pharmacy Spam, pitching everything from Cialis and Viagra to Vicodin and Hydrocodone. The problem is almost none of the linked web sites are legitimate certified pharmacies.