Scammers using new enhanced phishing emails with malicious links, security experts warn

Catch Of The Week: Fake Google Security Alerts

By BECKY RUTHERFORD Los Alamos What’s the best way to spot a phishing email? Phishing emails spoof legitimate sites and services, but usually if you take the time to check the sender email and any links in the email, you’ll notice that they are not legitimate links or domains. In the latest phishing scam, reported by researcher Thread Reader, a phishing scam did an all too realistic imitation of a Google Security Alert, by exploiting a vulnerabi…

Scammers using new enhanced phishing emails with malicious links, security experts warn

New sophisticated phishing emails could look exactly like the login page of an email when the link is clicked. Security experts told the ABC7 I-Team they are so convincing that even well-trained users and experts can be vulnerable.

Darcula adds AI to its DIY phishing kits to help would-be vampires bleed victims dry

Because coding phishing sites from scratch is a real pain in the neck Darcula, a cybercrime outfit that offers a phishing-as-a-service kit to other criminals, this week added AI capabilities to its kit that help would-be vampires spin up phishing sites in multiple languages more efficiently. . . .

New SessionShark Phishing Kit Bypasses MFA To Steal Office 365 Logins - Cybernoz - Cybersecurity News

SessionShark phishing kit bypasses Office 365 MFA by stealing session tokens. Experts warn of real-time attacks via fake login pages and Telegram alerts. SlashNext security experts have discovered a new tool called “SessionShark” used by cyber criminals to steal login information for Microsoft Office 365. This tool can bypass multi-factor authentication (MFA), a security feature that requires a phone code in addition to a password to add another…

AI-Enabled Darcula-Suite Makes Phishing Kits More Accessible, Easier to Deploy

Darcula, a phishing-as-a-service platform, has updated its suite with AI capabilities, enabling faster creation of customized phishing kits with multi-language support and form generation, lowering the technical barrier for cybercriminals. This upgrade enhances its threat potential, allowing even less technical users to deploy targeted scams quickly.

Phishing Tests: Key Questions to Ask

Originally published by Schellman. Written by Austin Bentley.   It's no secret: many organizations view and treat phishing as a periodic checkbox assessment. It’s often a basic email template sent to an entire organization. If someone clicks the link, they are recorded and possibly enrolled in training. While this approach can certainly check the “quarterly phishing exercise” box, you should consider demanding even more from your phishing assess…