New scam sends fake Microsoft 365 login pages

New phishing platform QRR targets Microsoft 365 users across 1,000 domains in 90 countries. Learn how to spot fake login ...
ZDNet

New cybercrime tool can build phishing pages in real-time

A cybercrime group has developed a novel phishing toolkit that changes logos and text on a phishing page in real-time to adapt to targeted victims. Named LogoKit, this phishing tool is already ...
Infosecurity-magazine.com

Microsoft Sway Pages Weaponized to Perform Phishing and Malware Delivery

Threat actors have recently conducted phishing campaigns using Microsoft Sway and used the platform to distribute malware within organizations. The findings come from cybersecurity experts at ...
Bleeping Computer

New Microsoft 365 sign-in pages already spoofed for phishing

Microsoft says that attackers have already adapted their phishing campaigns to use the newly updated design for Azure AD and Microsoft 365 sign-in pages. "Office 365 ATP data shows that attackers have ...
TechRadar

Attackers are hosting phishing landing pages on Box to bypass security controls

Cybercriminals are constantly devising new ways for their phishing pages and other online scams to avoid detection by cloud storage and email security products. As part of its ongoing Blox Tales ...
TechRadar

This devious phishing site repurposes legitimate web elements like CAPTCHA pages for malware distribution

Phishing campaign mimics CAPTCHA to deliver hidden malware commands PowerShell command hidden in verification leads to Lumma Stealer attack Educating users on phishing tactics is key to preventing ...
Bleeping Computer

Web browser app mode can be abused to make desktop phishing pages

A new phishing technique using Chrome's Application Mode feature allows threat actors to display local login forms that appear as desktop applications, making it easier to steal credentials. The ...
ZDNet

Google Chrome can now spot even brand new phishing pages

Google is stepping up defenses against phishing through a new predictive feature coming to Chrome and its Advanced Protection Program for high-risk Gmail users. Google has updated its Safe Browsing ...
Dark Reading

One-Third of Phishing Pages Active Less Than a Day

One-third of phishing pages are active less than a day, according to a new analysis that finds the first hours a phishing page is online are the most dangerous for users. In their investigation on the ...
The Hacker News

Matrix Push C2 Uses Browser Notifications for Fileless, Cross-Platform Phishing Attacks

Matrix Push C2 abuses browser notifications for fileless, cross-platform phishing, while Velociraptor misuse rises after a ...
The Star

SG police: Beware of phishing scam involving fake ‘WhatsApp Web’ pages

SINGAPORE: Pay close attention to what is in your Web browser’s address bar the next time you log in to WhatsApp Web as it could be a new variant of phishing scams instead. In a media statement on Oct ...
Krebs on Security

Phishers Are Upping Their Game. So Should You.

Not long ago, phishing attacks were fairly easy for the average Internet user to spot: Full of grammatical and spelling errors, and linking to phony bank or email ...