Threat Category: Spam and Phishing | Page 3

We invited notable experts to share their insights and unbiased opinions on what we should expect from cybersecurity in the following year.

Mass spam mailing posing as customer email delivers the Agent Tesla stealer disguised as a document to corporate users.

Text-based fraud (419 scams, vishing, extortion, etc.) is still alive and well. Here, we describe cybercriminal techniques and present statistics.

The Verizon 2022 Data Breach Investigations Report is out, where Kaspersky collaborated as a contributor. The report provides interesting analysis of a full amount of global incident data.

In this article we review phishing HTML attachments, explaining common tricks the attackers use, and give statistics on HTML attachments detected by Kaspersky solutions.

What are phishing kits (phishkits), what do they include, who uses them, and where are they sold? A report and statistics on phishing kits.

This report provides insight into 2021 financial threat trends and statistics, including data on banking malware for Windows and Android, banking, payment system and e-shop phishing, etc.

Statistics on spam and phishing with the key trends in 2021: investment scams, fake streaming websites, theft of corporate credentials and COVID-19.

This report contains statistics and observations on vulnerabilities, phishing schemes and malware related to telehealth.

How to trick the machine-learning model in Anti-Spam designed to detect and quarantine suspicious e-mails, and how to detect such attacks.

We’ve analyzed the life cycle of phishing pages, how they transform during their active period, and the domains where they’re located.

We constantly monitor the landscape of shopping-related threats and release a report tracking the latest criminal activity targeting online shoppers. Here’s what we found this year.

This report contains spam and phishing statistics for Q3 2021, plus descriptions of scams linked to the Olympics, Euro 2020, COVID-19, and other relevant events.

How we took part in the Machine Learning Security Evasion Competition (MLSEC) — a series of trials testing contestants’ ability to create and attack machine learning models.

This report contains technical analysis of the Trojan-Banker named QakBot (aka QBot, QuackBot or Pinkslipbot) and its information stealing, web injection and other modules.

Reports

Kaspersky GReAT experts dive deep into the BlueNoroff APT’s GhostCall and GhostHire campaigns. Extensive research detailing multiple malware chains targeting macOS, including a stealer suite, fake Zoom and Microsoft Teams clients and ChatGPT-enhanced images.

Kaspersky researchers discovered previously unidentified commercial Dante spyware developed by Memento Labs (formerly Hacking Team) and linked it to the ForumTroll APT attacks.

Kaspersky GReAT experts describe the latest Mysterious Elephant APT activity. The threat actor exfiltrates data related to WhatsApp and employs tools such as BabShell and MemLoader HidenDesk.

According to Kaspersky, Librarian Ghouls APT continues its series of attacks on Russian entities. A detailed analysis of a malicious campaign utilizing RAR archives and BAT scripts.

Spam and Phishing

Cybersecurity threats: what awaits us in 2023?

Mass email campaign with a pinch of targeted spam

Text-based fraud: from 419 scams to vishing

The Verizon 2022 DBIR

HTML attachments in phishing e-mails

Phishing-kit market: what’s inside “off-the-shelf” phishing packages

Financial cyberthreats in 2021

Spam and phishing in 2021

Telehealth: a new frontier in medicine—and security

How and why do we attack our own Anti-Spam?

The life cycle of phishing pages

Black Friday 2021: How to Have a Scam-Free Shopping Day

Spam and phishing in Q3 2021

How we took part in MLSEC and (almost) won

QakBot technical analysis

Reports

Crypto wasted: BlueNoroff’s ghost mirage of funding and jobs

Mem3nt0 mori – The Hacking Team is back!

Mysterious Elephant: a growing threat

Sleep with one eye open: how Librarian Ghouls steal data by night

Subscribe to our weekly e-mails