All news with #phishing tag

🛡️ Google Threat Intelligence Group analyzed a growing Chinese‑language phishing‑as‑a‑service (PhaaS) ecosystem, finding mature, professional offerings that facilitate real‑time credential and OTP interception and the tokenization of payment data. These services use encrypted channels like RCS and iMessage, provide extensive localization tools and ancillary criminal services, and often operate openly on Telegram. GTIG highlights the shift from simple password harvesting to financial account takeover and recommends stronger technical defenses such as FIDO2/WebAuthn and risk‑based verification.

🔒 The FBI warns about the Kali365 phishing-as-a-service platform that abuses OAuth device code authentication to hijack Microsoft 365 and Microsoft Entra accounts. Distributed via Telegram since April 2026, Kali365 enables low-skilled attackers to bypass MFA by tricking victims into authorizing device codes, then capturing OAuth tokens to access mailboxes and cloud apps. Researchers observed campaigns using phishing emails, AI-generated lures, and real-time dashboards, while the FBI advises blocking device code flows and preserving forensic evidence.

🛡️ The FBI has identified a new phishing-as-a-service platform called Kali365, first seen in April 2026, that is being distributed primarily via Telegram. The service furnishes AI-generated lures, automated templates and real-time tracking dashboards to enable attackers — including low-skill actors — to capture OAuth tokens and bypass MFA for Microsoft 365 accounts. Victims are tricked into pasting device codes into the legitimate Microsoft verification page, unintentionally authorizing attacker devices and granting persistent access to services such as Outlook, Teams and OneDrive. The FBI recommends restricting or blocking device code flow, implementing conditional access policies, blocking authentication transfer and protecting emergency access accounts.

🚨 A Bitdefender report warns that cybercriminals have built extensive ecosystems to scam Formula 1 fans, exploiting the sport’s fast-moving digital culture. Scams include counterfeit merchandise, fake grand prix tickets, illegal streaming apps and boxes, social media fraud and distribution of infostealer malware. Fans may also be coerced into botnets for DDoS attacks. Bitdefender urges vigilance and recommends anti-phishing and antivirus tools to reduce risk.

🔒 The FBI warns of phishing campaigns using Kali365 to harvest Microsoft 365 OAuth access tokens and bypass multi-factor authentication. Attackers trick users into entering a code on a legitimate Microsoft page, which instead authorizes the attacker’s device to access the victim’s account. The FBI advises IT teams to deploy conditional access policies and block authentication transfer to reduce exposure.

📄 The Belarus-aligned threat actor Ghostwriter (aka UAC-0057/UNC1151) is using Prometheus e-learning themed phishing lures targeting Ukrainian government entities. CERT-UA reports the campaign, active since spring 2026, uses PDF links to deliver a ZIP with JavaScript that stages multiple payloads: OYSTERFRESH, OYSTERBLUES, and OYSTERSHUCK. The operation harvests system data and ultimately deploys Cobalt Strike, with advice to restrict wscript.exe for standard users to reduce risk.

⚠️ ESET researchers in Latin America discovered multiple fraudulent websites impersonating FIFA and the World Cup ticketing portal to dupe fans into registering and submitting payment details. These sites use typosquatting, copied visuals, and convincing checkout flows to harvest money and personal data. Victims arrive via ads, sponsored search results, social posts or forwarded links. FIFA confirms tickets are only sold through a few official channels; users should verify domains, avoid pressure tactics, and enable unique passwords and two-factor authentication.

🛡️ Attackers have started embedding QR codes as ASCII art in phishing emails to bypass image and link scanners. The lure often impersonates services like DocuSign, instructing victims to scan and enter corporate credentials on mobile devices. Deploying secure email gateways with ASCII-decoding and endpoint protections helps detect and block these campaigns and reduce risk.

🔒 Security researchers warn of a new scareware strain, CypherLoc, used in around 2.8 million attacks since early 2026. The campaign starts with phishing that directs victims to a malicious page which only activates when specific URL fragments and cryptographic checks pass. Once triggered, the code forces full-screen browser lockdowns, disables controls, displays fake security warnings and a fraudulent support number, with operators posing as Microsoft support. Barracuda urges anti-phishing, browser and endpoint protections and user education to mitigate the threat.

🔐 In February 2026 the EvilTokens PhaaS campaign abused the OAuth consent flow to harvest long‑lived refresh tokens, compromising over 340 Microsoft 365 organizations across five countries. Victims completed legitimate sign‑ins and MFA at microsoft.com/devicelogin, then clicked consent and unknowingly granted broad scopes for mail, drive, calendar, and contacts. Because the attacker received signed, refreshable tokens rather than credentials, MFA and typical SIEM correlation did not detect the intrusion. The incident demonstrates how normalized consent clicks have become a critical security gap.

🔒 INTERPOL's Operation Ramz led to more than 200 arrests and the seizure of 53 servers used for phishing, malware, and online fraud, affecting at least 3,867 confirmed victims from nearly 8,000 intelligence packages. Authorities identified another 382 suspects across 13 MENA countries. INTERPOL partnered with private firms including Kaspersky, Group-IB, The Shadowserver Foundation, Team Cymru, and TrendAI to track malicious infrastructure. The operation disrupted phishing-as-a-service platforms, dismantled investment scam rings, and disabled malware-infected servers.

🔒 AI is reshaping work and accelerating threats, with AI-automated phishing reported to be 4.5× more effective than traditional attacks. Growing businesses must balance speed, stability, and risk while often lacking dedicated security teams. Microsoft Security promotes simple, integrated protections for devices, identities, email, and cloud apps. Microsoft 365 Business Premium provides centralized, automated defenses so operations stay resilient and customer trust is preserved.

🔎 Interpol coordinated a first-of-its-kind campaign, Operation Ramz, across 13 MENA countries from October 2025 to February 2026 to disrupt phishing, malware and scam networks. The campaign resulted in 201 arrests, identification of 382 additional suspects and 3,867 victims, and led to the seizure of 53 servers. Authorities also disseminated almost 8,000 pieces of data and intelligence to support follow-up investigations. Private-sector partners including Group-IB, Kaspersky, Team Cymru, Shadowserver and TrendAI supported operational visibility and takedown efforts.

🔐 The Tycoon2FA phishing kit now exploits OAuth device-code flows and misuses Trustifi click-tracking URLs to hijack Microsoft 365 accounts. eSentire found the kit rebuilt after a March takedown, adding obfuscation layers, a 230-vendor blocklist, and extensive anti-analysis checks to evade detection. Attackers trick victims into pasting device codes at microsoft.com/devicelogin, granting OAuth tokens and full access to email, calendar and cloud storage.

🔒 Subscription services are widespread and often contain personal data, making them attractive targets for attackers. The article outlines common attack vectors — phishing, credential reuse, infostealers, and bulk-resale of hacked family slots — and explains practical defenses: use password managers, enable two-factor authentication or passkeys, and monitor active sessions. It also advises how to spot phishing and track hidden recurring charges through bank statements and app-store settings.

⚠ Geopolitical tensions have created a fertile environment for opportunistic scammers who exploit fear and sympathy to harvest credentials, personal data, or direct payments. Common ploys include fake charities, romance and travel scams, fraudulent charges, investment schemes, sensational fake news and classic advance-fee cons. Scammers increasingly use convincing content produced with generative AI and impersonation tactics to bypass trust; verify independently, avoid unsolicited links or calls, and protect devices with reputable anti-malware.

🔒 Researchers at Sublime Security reported that the FlowerStorm phishing-as-a-service campaign has begun using KrakVM, an open-source browser-based JavaScript virtual machine, to conceal credential-stealing code inside HTML attachments. When victims open the attachments in a browser, encrypted bytecode is executed by the VM and launches a dynamic credential- and MFA-harvesting workflow. The kit supports real-time AiTM interception and adapts phishing pages to the victim’s provider and branding, complicating static analysis and many email defenses.

⚠️Cyber criminals are exploiting World Cup 2026 excitement with fake merchandise stores, fraudulent betting platforms, and phishing domains designed to steal money and personal data. Domain registrations containing 'FIFA' or 'World Cup' surged to 9,741 in April 2026, and host countries recorded higher weekly attack averages in April versus March and the prior year. Check Point Research identified multiple impersonation and betting sites and advises fans to watch for steep discounts, suspicious domains, and 'vote‑to‑earn' schemes that solicit deposits.

🔒 Tomorrow at 2:00 PM ET, BleepingComputer will host a live webinar titled "From phishing to fallout: Why MSPs must rethink both security and recovery," with Austin O'Saben and Adam Marget of Kaseya. The session explains why prevention alone is insufficient as AI-driven phishing, ransomware, SaaS abuse and BEC evolve faster than many defenses. It will show how attackers exploit trusted infrastructure and why organizations must combine security, backups and rapid recovery. Attendees will learn practical steps to reduce downtime and disruption.

🔒 Google describes five coordinated approaches to reduce scams and fraud, presented at the EMEA Anti-Scams and Fraud Summit hosted by the Google Safety Engineering Center in Zurich. The company highlights AI-powered defenses that block spam, malware and policy-violating ads, plus on-device scam detection in Phone by Google. It also emphasizes user tools, education through Be Scam Ready, cross-platform threat-data sharing via the Global Signal Exchange, and partnerships with law enforcement to disrupt criminal networks.