It seems this was the week for following up on Carnival Corporation breaches. Earlier this week, state attorneys general announced a $1.25 million multistate settlement with the cruise line over a 2019 data breach first disclosed in 2020. But there was other news concerning the cruise line this week, too. On Friday, the New York…
Category: Phishing
Phishing gang behind several million euros worth of losses busted in Belgium and the Netherlands
A cross-border operation, supported by Europol and involving the Belgian Police (Police Fédérale/Federale Politie) and the Dutch Police (Politie), resulted in the dismantling of an organised crime group involved in phishing, fraud, scams and money laundering. The action day on 21 June 2022 led to: 9 arrests in the Netherlands 24 house searches in the Netherlands…
Voicemail phishing emails steal Microsoft credentials
Jeff Burt reports: Someone is trying to steal people’s Microsoft 365 and Outlook credentials by sending them phishing emails disguised as voicemail notifications. This email campaign was detected in May and is ongoing, according to researchers at Zscaler’s ThreatLabz, and is similar to phishing messages sent a couple of years ago. This latest wave is…
Cybercriminals use reverse tunneling and URL shorteners to launch ‘virtually undetectable’ phishing campaigns
Stephen Pritchard reports: A new way of carrying out phishing attacks is being adopted by criminal groups – and it could make threat actors virtually undetectable, security researchers warn. The technique involves using ‘reverse tunnel’ services and URL shorteners to launch large-scale phishing attacks. What’s more, the groups using these techniques leave no trace. Instead, threat actors…
GA: Funds stolen from Floyd County Schools in cyberattack, police investigating
John Bailey and John Druckenmiller reported this on June 8: The Floyd County school system confirmed on Wednesday reports of a cyberattack, discovered Monday, that resulted in $194,672.76 being stolen from the school system. “Floyd County Schools has been made aware of a spear phishing incident, which is a targeted email attack pretending to be…
Data breach at Australian pension provider Spirit Super impacts 50k victims following phishing attack
Jessica Haworth reports: A phishing attack at Australian pension provider Spirit Super has resulted in “some personal details being compromised”. The ‘super fund’ confirmed that user data was breached on May 19, 2022 after an employee’s email account was accessed. An investigation into the incident found that there was “unauthorized access to a mailbox containing personal data”…