More and more websites and services are making multi-factor-authentication (MFA) mandatory, which makes it much harder for cybercriminals to access your accounts. That’s a great thing. But as security evolves, so do cybercriminals who are always looking for new ways to scam us.
A type of phishing we’re calling authentication-in-the-middle is showing up in online media. While these techniques, named after man-in-the-middle (MitM) attacks, have existed for a while, they appear to be gaining traction now.
Read more…
Source: Malwarebytes labs
Related:
- Hackers are using this new attack method to target power companies
July 10, 2017
Phishing emails, used to steal credentials from critical infrastructure firms, can silently harvest data without even using macros, researchers have warned. Hackers are targeting energy companies, including those working in nuclear power and other critical infrastructures providers, with a technique that puts a new spin on a tried-and-tested form of cyberattack. Phishing has long been a successful ...
- MPs lose email access as Parliament targeted in ‘sustained’ cyberattack
June 25, 2017
A cyberattack on MPs and Peers’ emails has prompted Parliament’s security team to shut down external access to its systems. An email sent to parliamentarians on Friday and shown to Sky News said: “Earlier this morning we discovered unusual activity and evidence of an attempted cyberattack on our computer network.” It claimed that “hackers were carrying out ...
- FIN10 Extorting Canadian Mining Companies, Casinos
June 20, 2017
Cybercriminals targeting casinos and mining firms in North America have extorted as much as $620,000 per theft during a four-year run in which they threaten victims with the destruction or public release of stolen data. Between 2013 and 2016, mostly Canadian firms were hit with nearly a dozen seemingly unrelated hacks, but after an analysis of the ...
- FBI: Whaling now a US$ 5 billion business as execs targeted
May 9, 2017
The US Federal Bureau of Investigation (FBI) has reported the continuing explosion of Business Email Compromise (BEC) attacks as the practice becomes a US$ 5 billion (£3.86 billion) business. Between October 2013 and 2016 the total international reported loss from such scams is US$ 5,302,890,449 (£4,100 million), with US bodies taking up nearly US$ 1.6 billion ...
- Don’t click that Google Docs link! Gmail hijack mail spreads like wildfire
May 3, 2017
If you get an email today sharing a Google Docs file with you, don’t click it – you may accidentally hand over your Gmail inbox and your contacts to a mystery attacker. The phishing campaign really kicked off in a big way on Wednesday morning, US West Coast time. The malicious email contains what appears to ...
- Fake Delta Airline Receipts Spread Financial Malware
April 24, 2017
Spam emails posing as Delta Air payment confirmation emails are spreading financial and banking malware to computers. According to Heimdal Security firm, a new campaign trying to get access to your financial information was noticed in the wild. Users are receiving spam emails posing as payment confirmations from Delta Air. As the researchers point out, this is ...