On January 7, 2025, CrowdStrike identified a phishing campaign exploiting its recruitment branding to deliver malware disguised as an "employee CRM application." The attack begins with a phishing email impersonating CrowdStrike recruitment, directing recipients to a malicious website. Victims are prompted to download and run a fake application, which serves as a downloader for the cryptominer XMRig.

A phishing campaign is targeting users with phony offers to beta test new video games, according to researchers at Malwarebytes. The phishing messages are sent via Discord, email, or text message. The messages purport to come from a game developer, and include a link to download an archive supposedly containing the game’s installer.

Spam isn’t just an annoyance to your email inbox; it's also becoming a problem for our phones. Last year, the average American received 9 monthly spam calls, totaling 3 billion spam and unwanted calls nationwide, costing $25.4 billion. Spam risk encounters people will likely receive are through: Out of people who fell for these kinds of scams, the most common amount people lost was between $100 - $249, and a smaller group said they lost over $1,000.

Credential phishing attacks surged by 703% in the second half of 2024, according to a report by SlashNext. Phishing attacks overall saw a 202% increase during the same period. “Since June, the number of attacks per 1,000 mailboxes each week has increased linearly,” the researchers write. “Currently, we are capturing close to one advanced attack per mailbox each week. As we reach the 1,000 threshold, this translates to nearly one advanced attack for every single mailbox each month.

Securonix warns that tax-themed phishing emails are attempting to deliver malware via Microsoft Management Console (MSC) files. “The attack likely starts with either a phishing email link or attachment,” the researchers explain.

Trend Micro warns that the Russian state-sponsored threat actor Earth Koshchei (also known as “APT29” or “Cozy Bear”) is using spear phishing emails to trick victims into connecting to rogue Remote Desktop Protocol (RDP) relays. “Earth Koshchei’s rogue RDP campaign reached its peak on October 22, when spear-phishing emails were sent to governments and armed forces, think tanks, academic researchers, and Ukrainian targets,” Trend Micro explains.

Employees often need to access various online services for work and personal purposes. Whether signing up for industry newsletters, registering for webinars, or using online tools, a corporate email address is a convenient way to manage professional communication. However, this seemingly harmless habit can expose employees and their organizations to significant risks.

Welcome to the most prestigious event in the world of cyber trickery: the annual Avast Phishing Awards! Join us as we unveil the most noteworthy, side-eye-inducing, and downright dubious email headlines that made this such a year to remember.

The holidays are a hectic time. It’s often the busiest sales period of the year, generating the lion’s share of revenue for many organizations. At the same time, employees are wrapping up their big projects before the office closes for the winter break. Meanwhile, everyone’s trying to work around increasingly packed schedules while caring for their personal and family needs.