Since January 13th, 2024, our Threat Intelligence team has seen a steep rise in the number of fraudulent payment attacks using Venmo. By hacking existing or setting up new Venmo accounts, cybercriminals are using legitimate Venmo communications to trick users into approving fraudulent payments.

Criminal threat actors are increasingly utilizing generative AI tools like ChatGPT to launch social engineering attacks, according to researchers at Check Point. “Malicious spam is one of the oldest illicit services found on underground cybercrime forums,” the researchers write. “Spam is the most common initial vector for various attack scenario objectives such as phishing and credential harvesting, malware distribution, scams/fraud, etc.

A new scam relies on a victim's sense of curiosity, brand impersonation, and the hopes of a new login to compromise Facebook credentials. We’ve all seen one of those posts on social media about some actor, musician or famous person that has passed away. Feeling a sense of sadness and wanting to know more details, these posts garner a lot of attention.

A phishing-as-a-service platform called “Greatness” is facilitating phishing attacks against Microsoft 365 accounts, according to researchers at Sucuri. “Greatness operates as a Phishing as a Service (PhaaS) platform, providing a number of features and components for bad actors to conduct their phishing attacks against Microsoft 365 accounts,” the researchers write. “URLScan results show thousands of affected pages related to this kit.

Analysis of 2023 attacks shows how the financial services industry had a very bad year, with increases in both vendor email compromise (VEC) and business email compromise (BEC) attacks, targeting millions of dollars using very specific methods. There’s no industry that has more money than the one dealing in it. So, it shouldn’t come as a surprise that attacks on the financial services industry continue at an increasing rate.

Since the start of 2024, Egress’ threat intelligence team has seen a 109% increase in Salesforce phishing attacks using what appears to be a legitimate email domain linked to Salesforce that impersonates Meta. Leveraging obfuscation techniques to mask a malicious URL, attackers are attempting to drive users to a very convincing spoof of a Meta ‘Partner Portal’ to harvest their credentials.

Phishing attacks are increasingly using open redirects to evade detection by security filters, according to researchers at Trustwave. Open redirects are URLs hosted on trusted domains that take users to separate, potentially malicious domains. The researchers explain the process using the example URL “hxxps://goodsitecom.” Trustwave has observed a “significant rise” in phishing attacks using open redirects over the past several months.

Account takeover (ATO) is a form of identity theft in which cybercriminals can send emails from a legitimate business account. Threat actors who have control of a business leader's inbox can request payments and confidential information from employees, knowing that they're likely to be more successful than if they had simply made a spoof email account. Unfortunately, ATO is on the rise. Statistics show that ATO cases have skyrocketed since 2019.

In this ever-evolving landscape of cyberthreats, email has become a prime target for phishing attacks. Cybercriminals continue to adapt and employ more sophisticated methods to effectively deceive users and bypass detection measures. One of the most prevalent tactics nowadays involves exploiting legitimate platforms for redirection through deceptive links.

Researchers at Menlo Security observed a 198% increase in browser-based phishing attacks over the past six months. “Attackers have developed tools to craft high quality large scale attacks that target the browser,” the researchers write. “Cybercrime tools, such as phish kits (PhaaS) and ransomware-as-a-service kits (RaaS), have simplified the process of launching sophisticated attacks.