Phishing attacks have become a constant threat in the digital landscape, constantly evolving to become more sophisticated and harder to detect. Cybercriminals have become increasingly adept at designing new tactics and attack vectors to bypass security measures and gain access to sensitive information, posing a serious risk to both individuals and organizations. Here’s a round-up of the latest phishing attacks observed lately.

Phishing scam abuses Microsoft Teams

  • The scam involves a fake login page that looks identical to the legitimate Microsoft Teams login, with the goal of tricking users into entering their login credentials. 
  • This tactic is particularly worrisome because it grants scammers access to valuable and confidential data. 

Phishing attacks and tax season

Microsoft has warned of a phishing campaign targeting accounting firms and tax preparers with remote access malware.
  • Threat actors are taking advantage of the busy tax season to trick tax professionals into opening malicious files.
  • Remcos RAT is being used in this campaign, which is specifically targeting tax preparation firms and individuals.
  • Earlier this month, the TACTICAL#OCTOPUS hacker group was found using valid employee tax documents to trick users.
  • TACTICAL#OCTOPUS used valid employee W-2 tax documents, I-9 forms, and real estate purchase contracts to trick users into downloading malware onto their systems.

Some stats your way

  • A new report by Zscaler revealed that phishing campaigns increased by nearly 50% in 2022, driven by new AI tools and phishing kits accessible to threat actors, with the U.S. being the most targeted country (65%).
  • The education sector witnessed a surge of 576%, followed by finance and government sectors at 273%. 

The bottom line

The threat of phishing scams is on the rise, with cybercriminals continuously refining their methods to make them more sophisticated and difficult to identify or prevent. It's crucial that individuals and organizations remain vigilant when it comes to unsolicited messages, especially those requesting sensitive information such as login details. By taking steps to protect against phishing attacks, users can safeguard their personal and professional data.
Cyware Publisher

Publisher

Cyware