Threat Category: Spam and Phishing | Page 2

Phishing bots and services on Telegram: how malicious actors use the messaging app to automate the process of generating phishing pages, and sell phishing kits and data.

This report shines a spotlight on the financial cyberthreat landscape in 2022. We look at phishing threats commonly encountered by users and companies, as well as the dynamics of various Windows and Android-based financial malware.

Attackers put phishing HTML files in IPFS thus cutting back on web hosting costs. IPFS is used in both mass phishing and targeted (spearphishing) campaigns.

Statistics on spam and phishing with the key trends in 2022: two-stage spear phishing, hijacking of social network and instant messaging accounts, import substitution, and survey phishing.

Phishing in social networks and messengers, marketplace fraud, exploitation of Google Forms and other services: we uncover what’s trending among attackers in 2022

We invited notable experts to share their insights and unbiased opinions on what we should expect from cybersecurity in the following year.

Mass spam mailing posing as customer email delivers the Agent Tesla stealer disguised as a document to corporate users.

Text-based fraud (419 scams, vishing, extortion, etc.) is still alive and well. Here, we describe cybercriminal techniques and present statistics.

The Verizon 2022 Data Breach Investigations Report is out, where Kaspersky collaborated as a contributor. The report provides interesting analysis of a full amount of global incident data.

In this article we review phishing HTML attachments, explaining common tricks the attackers use, and give statistics on HTML attachments detected by Kaspersky solutions.

What are phishing kits (phishkits), what do they include, who uses them, and where are they sold? A report and statistics on phishing kits.

This report provides insight into 2021 financial threat trends and statistics, including data on banking malware for Windows and Android, banking, payment system and e-shop phishing, etc.

Statistics on spam and phishing with the key trends in 2021: investment scams, fake streaming websites, theft of corporate credentials and COVID-19.

This report contains statistics and observations on vulnerabilities, phishing schemes and malware related to telehealth.

How to trick the machine-learning model in Anti-Spam designed to detect and quarantine suspicious e-mails, and how to detect such attacks.

Reports

Kaspersky discovered a new APT CloudSorcerer targeting Russian government entities and using cloud services as C2, just like the CloudWizard actor.

The report features the most significant developments relating to APT groups in Q1 2024, including the new malware campaigns DuneQuixote and Durian, and hacktivist activity.

We continue to report on the APT group ToddyCat. This time, we’ll talk about traffic tunneling, constant access to a target infrastructure and data extraction from hosts.

New unattributed DuneQuixote campaign targeting entities in the Middle East employs droppers disguised as Total Commander installer and CR4T backdoor in C and Go.

Spam and Phishing

The Telegram phishing market

Financial cyberthreats in 2022

How scammers employ IPFS for email phishing

Spam and phishing in 2022

Main phishing and scamming trends and techniques

Cybersecurity threats: what awaits us in 2023?

Mass email campaign with a pinch of targeted spam

Text-based fraud: from 419 scams to vishing

The Verizon 2022 DBIR

HTML attachments in phishing e-mails

Phishing-kit market: what’s inside “off-the-shelf” phishing packages

Financial cyberthreats in 2021

Spam and phishing in 2021

Telehealth: a new frontier in medicine—and security

How and why do we attack our own Anti-Spam?

Reports

CloudSorcerer – A new APT targeting Russian government entities

APT trends report Q1 2024

ToddyCat is making holes in your infrastructure

DuneQuixote campaign targets Middle Eastern entities with “CR4T” malware

Subscribe to our weekly e-mails