Spotify Phishing Scam Detected: User Accounts Breached
Researchers at AppRiver have detected a Spotify phishing scam that attempts to get users to reveal their Spotify credentials. The emails use brand imaging that make the emails appear to have been sent by the music streaming service. The messages are realistic, although there are signs that the messages are not genuine. The email template used in the Spotify phishing scam claims the user needs to confirm their account details to remove...
Marriott Announces 500 Million-Record Breach of Starwood Hotel Guests’ Data
The Marriott hotel chain has announced it has suffered a massive data breach that has resulted in the theft of the personal information of up to 500 million guests of the Starwood Hotels and Resorts group. Marriott discovered the data breach on September 8, 2018 after an alert was generated by its internal security system following an attempt by an unauthorized individual to access the Starwood guest reservation database. Third-party...
49% of All Phishing Sites Have SSL Certificates and Display Green Padlock
Almost half of phishing sites now have SSL certificates, start with HTTPS, and display the green padlock to show the sites are secure, according to new research by PhishLabs. The number of phishing websites that have SSL certificates has been increasing steadily since Q3, 2016, when around 5% of phishing websites were displaying the green padlock to indicate a secure connection. The percentage increased to approximately 25% of all...
Major Malvertising Campaign Detected: 300 Million Browser Sessions Hijacked in 48 Hours
A major malvertising campaign is being conducted that is redirecting web users to phishing and scam websites. While malvertising campaigns are nothing new, this one stands out due to the scale of the campaign. In 48 hours, more than 300 million users have had their browsers redirected to malicious web pages. The campaign was uncovered by researchers at cybersecurity firm Confiant on November 12. The researchers note that the actor...
California Wildfire-Themed BEC Attack Identified
It is common for phishers to use natural disasters as a lure to obtain ‘donations’ to line their pockets rather than help the victims and the California wildfires are no exception. Many people have lost their lives in the fires and the death toll is likely to rise further as hundreds of people are still unaccounted for. Whole towns such as Paradise have been totally destroyed by the wildfires and hundreds of people have lost their...