All news with #phishing link tag

📦 Group-IB reports a rapid global escalation of fake shipment tracking scams during 2025, jumping from almost no activity in 2024 to more than 100 unique campaigns per month and peaks of 218 and 208 in June and December. Attackers use disposable and lookalike domains, SMS sender spoofing, local-looking numbers and URL masking to trick recipients into providing credentials or paying bogus fees. Many phishing sites share infrastructure linked to the Darcula PhaaS, which offers thousands of counterfeit domains and templates. The report urges organisations to strengthen domain authentication and increase customer alerts.

🔒 Kaspersky's anti-phishing systems blocked more than 554 million phishing-link attempts in 2025, while Mail Anti-Virus intercepted nearly 145 million malicious attachments and almost 45% of all email traffic was identified as spam. Scammers refined tactics across ticketing and streaming fraud, messaging-app account takeovers, government impersonation, and KYC harvesting, often using AI-generated content and deepfakes. Messaging platforms such as Telegram and WhatsApp were heavily abused to hijack accounts via phishing and malicious Mini Apps. Users are advised to check URLs carefully, never share verification codes, enable two-factor authentication, and run robust protection like Kaspersky solutions.

🔒The FBI has issued an alert about ongoing North Korean QR code phishing campaigns conducted by the Kimsuky APT, which targeted think tanks, academic institutions and government entities in May–June 2025. Attackers embedded QR codes in spear-phishing emails to redirect victims to mobile-optimized credential-harvesting pages, evading typical email security controls. The FBI recommends heightened user training, deployment of mobile device management, phishing-resistant MFA, and enhanced logging and monitoring to detect and mitigate these quishing attacks.

🚨 The FBI warns that North Korean state-sponsored actors, tracked as Kimsuky, have embedded malicious QR codes in targeted spear-phishing (quishing) campaigns observed in May–June 2025. Attackers spoofed advisors, embassy staff, and think-tank employees to trick recipients into scanning QR codes that redirect mobile devices to attacker-controlled infrastructure or fake login pages. Because scans take victims off enterprise-managed machines to unmanaged phones outside EDR and network inspection, adversaries can harvest session tokens, replay credentials to bypass MFA, establish persistence, and launch secondary spear-phishing from compromised mailboxes.

🔒 The FBI warns that North Korean state-sponsored group Kimsuky is using malicious QR codes in spearphishing campaigns targeting U.S. organizations involved in North Korea policy, research, and analysis. These quishing campaigns route victims to attacker-controlled sites that fingerprint devices and serve fake Microsoft 365, Okta, Google, or VPN login pages to steal credentials and session tokens. Because they require mobile interaction and can originate from compromised inboxes, the attacks can bypass email security and enable MFA-resistant cloud account hijacking; the FBI urges training, QR verification, mobile device management, strong MFA, and immediate reporting.

⚠️ Blackpoint SOC observed a malvertising and SEO-poisoning campaign that directs searches for Teams downloads to a fake site at teams-install[.]top offering a malicious MSTeamsSetup.exe. The signed installer uses certificates from "4th State Oy" and "NRM NETWORK RISK MANAGEMENT INC" to appear legitimate, then drops CaptureService.dll into %APPDATA%\Roaming and creates a scheduled task CaptureService to run every 11 minutes. The payload installs the Oyster backdoor. Administrators should download software only from verified vendor domains and avoid clicking search ads.

🔐 Barracuda researchers have detailed new link-obfuscation capabilities in the Tycoon Phishing-as-a-Service kit that hide malicious destinations from scanners and recipients. Observed techniques include URL encoding with '%20' invisible spaces, deceptive Unicode characters, hidden codes appended to links, redundant protocol prefixes, and subdomain manipulation. Attacks also incorporate a fake CAPTCHA stage and tools aimed at bypassing multi-factor authentication, enabling more effective email-based social engineering and evasion of traditional filters.