Threat Category: Spam and Phishing

Kaspersky research on ChatGPT capabilities to tell a phishing link from a legitimate one by analyzing the URL, as well as extract target organization name.

Phishing bots and services on Telegram: how malicious actors use the messaging app to automate the process of generating phishing pages, and sell phishing kits and data.

This report shines a spotlight on the financial cyberthreat landscape in 2022. We look at phishing threats commonly encountered by users and companies, as well as the dynamics of various Windows and Android-based financial malware.

Attackers put phishing HTML files in IPFS thus cutting back on web hosting costs. IPFS is used in both mass phishing and targeted (spearphishing) campaigns.

Statistics on spam and phishing with the key trends in 2022: two-stage spear phishing, hijacking of social network and instant messaging accounts, import substitution, and survey phishing.

Phishing in social networks and messengers, marketplace fraud, exploitation of Google Forms and other services: we uncover what’s trending among attackers in 2022

We invited notable experts to share their insights and unbiased opinions on what we should expect from cybersecurity in the following year.

Mass spam mailing posing as customer email delivers the Agent Tesla stealer disguised as a document to corporate users.

Text-based fraud (419 scams, vishing, extortion, etc.) is still alive and well. Here, we describe cybercriminal techniques and present statistics.

The Verizon 2022 Data Breach Investigations Report is out, where Kaspersky collaborated as a contributor. The report provides interesting analysis of a full amount of global incident data.

In this article we review phishing HTML attachments, explaining common tricks the attackers use, and give statistics on HTML attachments detected by Kaspersky solutions.

What are phishing kits (phishkits), what do they include, who uses them, and where are they sold? A report and statistics on phishing kits.

This report provides insight into 2021 financial threat trends and statistics, including data on banking malware for Windows and Android, banking, payment system and e-shop phishing, etc.

Statistics on spam and phishing with the key trends in 2021: investment scams, fake streaming websites, theft of corporate credentials and COVID-19.

This report contains statistics and observations on vulnerabilities, phishing schemes and malware related to telehealth.

Reports

While monitoring the traffic of our own corporate Wi-Fi network, we noticed suspicious activity that originated from several iOS-based phones. We created offline backups of the devices, inspected them and discovered traces of compromise.

GoldenJackal is an APT group, active since 2019, that usually targets government and diplomatic entities in the Middle East and South Asia. The main feature of this group is a specific toolset of .NET malware, JackalControl, JackalWorm, JackalSteal, JackalPerInfo and JackalScreenWatcher.

Kaspersky analysis of the CloudWizard APT framework used in a campaign in the region of the Russo-Ukrainian conflict.

For more than five years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. These summaries are based on our threat intelligence research; and they provide a representative snapshot of what we have published and discussed in greater detail in our private APT reports.

Spam and Phishing

What does ChatGPT know about phishing?

The Telegram phishing market

Financial cyberthreats in 2022

How scammers employ IPFS for email phishing

Spam and phishing in 2022

Main phishing and scamming trends and techniques

Cybersecurity threats: what awaits us in 2023?

Mass email campaign with a pinch of targeted spam

Text-based fraud: from 419 scams to vishing

The Verizon 2022 DBIR

HTML attachments in phishing e-mails

Phishing-kit market: what’s inside “off-the-shelf” phishing packages

Financial cyberthreats in 2021

Spam and phishing in 2021

Telehealth: a new frontier in medicine—and security

Reports

Operation Triangulation: iOS devices targeted with previously unknown malware

Meet the GoldenJackal APT group. Don’t expect any howls

CloudWizard APT: the bad magic story goes on

APT trends report Q1 2023

Subscribe to our weekly e-mails