Published on: 2025-04-23 10:01:11
CTM360 has observed a notable surge in two SMS-based phishing campaigns: PointyPhish (reward scams) and TollShark (toll payment scams). PointyPhish is linked to over 3,000 domains and phishing sites, preying on urgency by claiming expiring reward points to trick customers into fraudulent sites that steal payment details Similarly, TollShark involves over 2,000 domains and phishing sites, exploiting fears of unpaid tolls to capture sensitive information from unsuspecting individuals. CTM360
Keywords: campaigns ctm360 data phishing sites
Find related items on AmazonPublished on: 2025-04-24 03:40:55
Edgar Cervantes / Android Authority TL;DR A new phishing email doing the rounds is actually signed by Google. The email also directs users to a Google Sites page in order to capture a victim’s account credentials. Google is reportedly addressing this authentication flaw. Phishing has been a cat-and-mouse game for years now, as tech companies thwart various types of scams only for more to pop up. However, a new phishing email doing the rounds somehow appears to pass Google and Gmail checks.
Keywords: com email google johnson phishing
Find related items on AmazonPublished on: 2025-04-30 08:16:27
Phishing-as-a-service (PhaaS) platform Tycoon2FA, known for bypassing multi-factor authentication on Microsoft 365 and Gmail accounts, has received updates that improve its stealth and evasion capabilities. Tycoon2FA was discovered in October 2023 by Sekoia researchers, who later reported significant updates on the phishing kit that increased its sophistication and effectiveness. Trustwave now reports that the Tycoon 2FA threat actors have added several improvements that bolster the kit's abil
Keywords: javascript phishing source svg trustwave
Find related items on AmazonPublished on: 2025-05-04 14:31:58
China-based purveyors of SMS phishing kits are enjoying remarkable success converting phished payment card data into mobile wallets from Apple and Google. Until recently, the so-called “Smishing Triad” mainly impersonated toll road operators and shipping companies. But experts say these groups are now directly targeting customers of international financial institutions, while dramatically expanding their cybercrime infrastructure and support staff. If you own a mobile device, the chances are ex
Keywords: card mobile phishing smishing triad
Find related items on AmazonPublished on: 2025-05-12 05:36:00
rob dobi/Getty Images When you think of phishing emails, you probably think of the crude, grammatically flawed, easy-to-spot samples that go straight to your junk folder. I regret to inform you that those weak "spray and pray" campaigns are yesterday's news. The crooks haven't gotten smarter, but their tools have. Also: I clicked on four sneaky online scams on purpose - to show you how they work With the help of generative AI, online scammers have become dramatically better at crafting and d
Keywords: device information just online phishing
Find related items on AmazonPublished on: 2025-05-12 01:20:31
An ongoing phishing campaign impersonating E-ZPass and other toll agencies has surged recently, with recipients receiving multiple iMessage and SMS texts to steal personal and credit card information. The messages embed links that, if clicked, take the victim to a phishing site impersonating E-ZPass, The Toll Roads, FasTrak, Florida Turnpike, or another toll authority that attempts to steal their personal information including names, email addresses, physical addresses, and credit card informat
Keywords: bleepingcomputer messages phishing toll zpass
Find related items on AmazonPublished on: 2025-05-18 18:21:16
iPhone farms – banks of phones equipped with rotating temporary Apple IDs – are being used to send more 100,000 scam iMessages per day, found security researchers. By using iMessages rather than texts, scammers can bypass spam and scam filters implemented by mobile carriers. Fraudsters don’t even need any technical skills to carry out their attacks, as there are companies offering phishing-as-a-service (PhAAS) … Unpaid toll fees, shipping fees, and more scams Common scams doing the rounds at
Keywords: farms fees iphone phaas phishing
Find related items on AmazonPublished on: 2025-05-18 17:54:00
ZDNET When you think of phishing emails, you probably think of the crude, grammatically flawed, easy-to-spot samples that go straight to your junk folder. I regret to inform you that those weak "spray and pray" campaigns are yesterday's news. The crooks haven't gotten smarter, but their tools have. Also: I clicked on four sneaky online scams on purpose - to show you how they work With the help of generative AI, online scammers have become dramatically better at crafting and delivering phishi
Keywords: device information just online phishing
Find related items on AmazonPublished on: 2025-05-21 09:10:19
ZDNET When you think of phishing emails, you probably think of the crude, grammatically flawed, easy-to-spot samples that go straight to your junk folder. I regret to inform you that those weak "spray and pray" campaigns are yesterday's news. The crooks haven't gotten smarter, but their tools have. Also: These phishing attacks are targeting Mac browsers - how to protect yourself With the help of generative AI, online scammers have become dramatically better at crafting and delivering phishin
Keywords: attacks device information just phishing
Find related items on AmazonPublished on: 2025-05-22 10:49:00
A phishing-as-a-service (PhaaS) platform named 'Lucid' has been targeting 169 entities in 88 countries using well-crafted messages sent on iMessage (iOS) and RCS (Android). Lucid, which has been operated by Chinese cybercriminals known as the 'XinXin group' since mid-2023, is sold to other threat actors via a subscription-based model that gives them access to over 1,000 phishing domains, tailored auto-generated phishing sites, and pro-grade spamming tools. Prodaft researchers note that XinXin
Keywords: lucid messages phishing prodaft threat
Find related items on AmazonPublished on: 2025-05-23 18:00:03
We've all seen those emails pushing amazing offers that seem too good to be true, dire warnings that your computer has been compromised, or even threats of jail time if you don't pay your back taxes right away. Those are all common pitches from online scammers trying to get you to panic and click on a link you shouldn't, hand over money or personal information, or download an attachment that turns out to be a computer virus. But new research shows that those common pitches may have just become
Keywords: cybercriminals email emails like phishing
Find related items on AmazonPublished on: 2025-05-24 18:33:17
A newly discovered phishing-as-a-service (PhaaS) operation that researchers call Morphing Meerkat, has been using the DNS over HTTPS (DoH) protocol to evade detection. The platform also leverages DNS email exchange (MX) records to identify victims’ email providers and to dynamically serve spoofed login pages for more than 114 brands. Morphing Meerkat has been active since at least 2020 and it was discovered by security researchers at Infoblox. Although the activity has been partially documente
Keywords: dns email mx phishing victim
Find related items on AmazonPublished on: 2025-05-27 02:39:49
Many successful phishing attacks result in a financial loss or malware infection. But falling for some phishing scams, like those currently targeting Russians searching online for organizations that are fighting the Kremlin war machine, can cost you your freedom or your life. Researchers at the security firm Silent Push mapped a network of several dozen phishing domains that spoof the recruitment websites of Ukrainian paramilitary groups, as well as Ukrainian government intelligence sites. The
Keywords: phishing russia russian sites tamoian
Find related items on AmazonPublished on: 2025-05-31 17:52:09
A new phishing campaign targets Counter-Strike 2 players utilizing Browser-in-the-Browser (BitB) attacks that display a realistic window that mimics Steam's login page. The attackers impersonate the Ukrainian e-sports team Navi to bait devoted fans and add legitimacy to the phishing page by using a recognizable brand. The campaign uses the Browser-in-the-Browser (BitB) phishing technique created by cybersecurity researcher mr. dox in March 2022. This phishing framework allows threat actors to
Keywords: browser com phishing steam window
Find related items on AmazonPublished on: 2025-06-04 09:12:04
Authorities in at least two U.S. states last week independently announced arrests of Chinese nationals accused of perpetrating a novel form of tap-to-pay fraud using mobile devices. Details released by authorities so far indicate the mobile wallets being used by the scammers were created through online phishing scams, and that the accused were relying on a custom Android app to relay tap-to-pay transactions from mobile devices located in China. Authorities in Knoxville, Tennessee last week said
Keywords: cards merrill mobile phishing said
Find related items on AmazonPublished on: 2025-06-04 12:58:00
Xuanyu Han/Getty Images A phishing attack that previously hit Windows users has now switched its target to the Mac. In a report published Wednesday, security provider LayerX Labs explains how and why the attackers are now eager to scam Mac users. Also: What is vishing? Voice phishing is surging - expert tips on how to spot it and stop it In the initial campaign launched against Windows users, the scammers set up websites to display fake security warnings claiming that the person's computer ha
Keywords: mac pages phishing security users
Find related items on AmazonPublished on: 2025-06-09 17:40:35
Over the past four years, the rock band Phish has generated over $120 million in ticket sales, handily surpassing more well known artists like Radiohead, The Black Keys, and One Direction. Since their start 30 years ago, Phish has consistently been one of the most popular and lucrative touring acts in America, generating well over a quarter billion dollars in ticket sales. Yet, by other measures, the band isn’t popular at all. Only one of their original albums has ever made the Billboard top 10
Keywords: band fans music phish time
Find related items on AmazonPublished on: 2025-06-09 21:03:51
Most organizations today have invested in an email security solution of some description. But even the most premium tools have significant limitations when it comes to modern phishing attacks. The data speaks for itself — phishing remains as big a problem as it ever was (if not bigger!) despite enormous investment in security products and training. In 2024, identity-based attack vectors involving a human element (phishing and stolen credentials) accounted for 80% of the initial access observed
Keywords: attacks page phishing push security
Find related items on AmazonPublished on: 2025-06-15 05:35:29
A large-scale Coinbase phishing attack poses as a mandatory wallet migration, tricking recipients into setting up a new wallet with a pre-generated recovery phrase controlled by attackers. The emails have a subject of "Migrate to Coinbase Wallet" and state that all customers must transition to self-custodial wallets. The email also provides instructions on how to download the legitimate Coinbase Wallet. "As of March 14th, Coinbase is transitioning to self-custodial wallets. Following a class a
Keywords: coinbase email phishing recovery wallet
Find related items on AmazonPublished on: 2025-06-26 04:20:31
US cities are warning of an ongoing mobile phishing campaign pretending to be texts from the city's parking violation departments about unpaid parking invoices, that if unpaid, will incur an additional $35 fine per day. While parking scams have been around for years, a massive wave of phishing text messages has caused numerous cities throughout the US to issue warnings, including from Annapolis, Boston, Greenwich, Denver, Detroit, Houston, Milwaukee, Salt Lake City, Charlotte, San Diego, San Fr
Keywords: city parking phishing text york
Find related items on AmazonPublished on: 2025-07-02 23:27:56
YouTube warns that scammers are using an AI-generated video featuring the company's CEO in phishing attacks to steal creators' credentials. The attackers are sharing it as a private video with targeted users via emails claiming YouTube is changing its monetization policy. "We're aware that phishers have been sharing private videos to send false videos, including an AI generated video of YouTube’s CEO Neal Mohan announcing changes in monetization," the online video sharing platform warned in a
Keywords: emails phishing video videos youtube
Find related items on AmazonPublished on: 2025-07-15 06:31:21
A threat actor tracked as 'EncryptHub,' aka Larva-208, has been targeting organizations worldwide with spear-phishing and social engineering attacks to gain access to corporate networks. According to a report by Prodaft, which was published internally last week and made public yesterday, since June 2024, when EncryptHub initiated operations, it has compromised at least 618 organizations. After gaining access, the threat actors install Remote Monitoring and Management (RMM) software, followed b
Keywords: data phishing prodaft threat wallet
Find related items on AmazonPublished on: 2025-07-12 20:00:00
The Darcula phishing-as-a-service (PhaaS) platform is preparing to release its third major version, with one of the highlighted features, the ability to create do-it-yourself phishing kits to target any brand. The upcoming release, currently available as a beta, will remove the targeting scope restrictions by offering a finite number of phishing kits and allowing anyone to create their own. In addition to this new feature, the upcoming release, named 'Darcula Suite,' also lifts technical skill
Keywords: card darcula netcraft new phishing
Find related items on AmazonGo K’awiil is a project by nerdhub.co that curates technology news from a variety of trusted sources. We built this site because, although news aggregation is incredibly useful, many platforms are cluttered with intrusive ads and heavy JavaScript that can make mobile browsing a hassle. By hand-selecting our favorite tech news outlets, we’ve created a cleaner, more mobile-friendly experience.
Your privacy is important to us. Go K’awiil does not use analytics tools such as Facebook Pixel or Google Analytics. The only tracking occurs through affiliate links to amazon.com, which are tagged with our Amazon affiliate code, helping us earn a small commission.
We are not currently offering ad space. However, if you’re interested in advertising with us, please get in touch at [email protected] and we’ll be happy to review your submission.