This is a security awareness focused newsletter that I share internally. Feel free to grab and use for your own internal security awareness program. Created with help from ChatGPT.

Personal Information Compromised in Grubhub Data Breach 

A recent data breach at Grubhub has compromised personal information of millions of users. The breach exposed sensitive details such as names, email addresses, and passwords, leading to potential risks of identity theft and fraud. Customers are urged to change their passwords and monitor their accounts for any unusual activity. This incident highlights the importance of securing user data and staying vigilant after a breach. 

Key Insights: 

• Grubhub's recent data breach exposed sensitive personal information, including names and email addresses. 

• Customers should change passwords and monitor accounts for suspicious activity to protect against identity theft. 

• This breach underscores the need for stronger data protection measures and proactive security practices in handling consumer information. 

Further Reading: SecurityWeek 

Beware of Lazarus LinkedIn Recruiting Scam 

A new LinkedIn recruiting scam linked to the Lazarus Group is targeting professionals with fake job offers. The scam lures victims into sharing personal information or downloading malicious files, ultimately leading to data theft or malware infections. As the threat actor behind this campaign is known for cyber espionage and financial theft, users must remain cautious when interacting with unsolicited job offers on LinkedIn. 

Key Insights: 

• The Lazarus Group is behind a LinkedIn recruiting scam aimed at stealing personal information and spreading malware. 

• The scam involves fake job offers that seem legitimate, tricking victims into revealing sensitive details. 

• Users should verify job offers before engaging and avoid downloading files or clicking links from unknown sources. 

Further Reading: GBHackers 

Love Gone Phishy: Check Point Research Exposes Valentine’s Day Cyber Threats 

Check Point Research has uncovered a rise in phishing campaigns during the Valentine's season, targeting users with fake promotions, gifts, and love-related messages. These attacks are exploiting the festive period to lure victims into clicking malicious links or sharing sensitive information. This underscores the importance of maintaining cybersecurity practices during high-traffic times like holidays. 

Key Insights: 

• Phishing campaigns around Valentine's Day are using romantic themes to deceive users into revealing personal information. 

• These threats often involve fake websites or links promising deals and gifts, leading to credential theft or malware infection. 

• Consumers should be cautious when clicking on unsolicited links, especially during holiday seasons, and verify offers from trusted sources. 

Further Reading: Check Point Blog 

Fake Etsy Invoice Scam Tricks Sellers into Sharing Credit Card Information 

A new scam targeting Etsy sellers involves fake invoices that appear to come from Etsy's support team. These fraudulent invoices contain links that lead to a phishing page, designed to steal credit card information. Sellers are urged to carefully examine the sender’s email address and to avoid clicking links in suspicious emails. Etsy never requires credit card information for verification purposes, and any such request should be treated as a red flag. 

Key Insights: 

• The scam begins with a fake invoice sent via email, often with a PDF attachment that appears legitimate. 

• Fraudulent websites closely mimic Etsy’s design but ask for sensitive data, including credit card information. 

• Sellers should avoid clicking on email links and should visit Etsy’s official site directly to verify any account requests. 

Further Reading: Malwarebytes 

Using Genuine Business Domains and Legitimate Services to Harvest Credentials 

Cybercriminals are increasingly using legitimate business domains and services to conduct credential harvesting attacks. By spoofing well-known companies and mimicking their email communications, attackers deceive users into providing their login information. These tactics often involve using business-looking email addresses and phishing links that lead to fake login pages. This trend underscores the need for businesses and consumers to be cautious when interacting with unsolicited messages. 

Key Insights: 

• Phishing attacks are increasingly using trusted business domains and services to trick users into disclosing credentials. 

• Attackers mimic legitimate emails to create fake login pages that steal sensitive information. 

• Users should be cautious of unsolicited messages and verify the authenticity of any login requests by visiting official websites directly. 

Further Reading: KnowBe4 Blog 

Phishing for Love: A Sharp Surge in Valentine’s Day-Themed Scams 

As Valentine's Day approaches, scammers are leveraging love-themed phishing attacks to deceive users into clicking malicious links or revealing personal information. These scams often appear as romantic gift offers, fake delivery notices, or enticing deals, tricking individuals into providing sensitive data or making fraudulent payments. This surge in phishing tactics highlights the need for extra caution during the holiday season. 

Key Insights: 

• Valentine’s Day scams are using themed messages to entice victims into sharing personal information or clicking on malicious links. 

• These scams often come in the form of fake gift offers, e-cards, and package delivery notifications. 

• Users should avoid clicking on unsolicited links and verify offers before engaging with any communications. 

Further Reading: KnowBe4 Blog 

Tips for Detecting Real-time Deepfakes: A Guide to Staying One Step Ahead 

As deepfake technology becomes more sophisticated, it’s increasingly important to know how to identify fake videos and images in real-time. These manipulated media files are often used for scams, misinformation, or even social engineering attacks. The blog offers practical tips for detecting deepfakes, such as examining inconsistencies in video and audio quality, checking metadata, and verifying the source of the content. With deepfakes becoming more prevalent, staying informed about these techniques can help protect against digital manipulation. 

Key Insights: 

• Real-time detection of deepfakes is critical as they are being used in a variety of attacks. 

• Signs to look for include mismatched lighting, unnatural facial movements, and inconsistencies in audio. 

• Verifying sources and cross-checking information are essential steps in detecting fake content. 

Further Reading: KnowBe4 Blog 

Protect Your Data: Russian Spear-Phishing Targets Microsoft 365 Accounts 

A new spear-phishing campaign linked to Russian threat actors is targeting Microsoft 365 users. The attackers use highly customized phishing emails that appear legitimate, aiming to steal login credentials and gain unauthorized access to sensitive information. With Microsoft 365 being a prime target, organizations should enhance their security by training users to recognize phishing attempts and implementing advanced security measures, including multi-factor authentication. 

Key Insights: 

• Russian threat actors are targeting Microsoft 365 accounts using personalized spear-phishing emails. 

• These attacks aim to steal credentials, putting sensitive data at risk. 

• Organizations should deploy multi-factor authentication and conduct regular security awareness training to protect against these threats. 

Further Reading: KnowBe4 Blog 

New Facebook Copyright Infringement Phishing Campaign 

A new phishing campaign has been detected targeting Facebook users with fake copyright infringement notices. The attackers use deceptive emails that appear to come from Facebook, claiming that users have violated copyright laws. The emails contain links to fake Facebook pages that prompt users to enter personal information, including passwords. This campaign highlights the ongoing threat of phishing attacks that impersonate trusted platforms like Facebook. 

Key Insights: 

• The phishing emails mimic Facebook's notifications about copyright violations to trick users into sharing sensitive data. 

• Victims are directed to fake pages designed to capture their credentials. 

• Users should be cautious about unsolicited emails and verify the authenticity of any official communications by visiting Facebook directly. 

Further Reading: Check Point Blog 

Phishing Kit Abuses Open Graph to Target Social Media Users 

A new phishing kit takes advantage of the Open Graph protocol, which is commonly used to display rich media on social media platforms, to deceive users. The kit allows attackers to embed phishing links into seemingly harmless social media posts, making it more difficult for users to identify fraudulent content. By manipulating Open Graph data, the scam appears legitimate, drawing users into phishing sites that steal personal information. 

Key Insights: 

• The phishing kit abuses Open Graph to embed malicious links in social media posts, creating fake but convincing content. 

• This tactic makes it harder for users to detect phishing attempts on social media. 

• Users should be cautious about clicking links in social media posts, especially if they appear unfamiliar or too good to be true. 

Further Reading: KnowBe4 Blog 

Phishing Campaign Disguises as ChatGPT Subscription 

A new phishing campaign is using ChatGPT subscriptions as a cover to steal user credentials. The attackers send emails offering a fake ChatGPT subscription, prompting users to enter their personal and payment information. This method exploits the popularity of ChatGPT and preys on users' trust. Security measures, such as verifying subscription details and avoiding unsolicited emails, can help prevent falling victim to this scam. 

Key Insights: 

• Attackers are using fake ChatGPT subscription offers to steal personal and financial information. 

• The phishing emails mimic legitimate communications, making them harder to detect. 

• Users should verify subscription offers directly on trusted platforms and avoid clicking on links in unsolicited emails. 

Further Reading: Broadcom 

DeepSeek Lure Used to Spread Malware 

A new DeepSeek campaign uses CAPTCHA-like pages to distribute malware. Attackers use fake CAPTCHA challenges to lure users into executing malicious code, evading detection by appearing harmless. The campaign primarily targets users who are tricked into downloading and running the malware. This attack illustrates how cybercriminals are exploiting popular web features to deliver malicious payloads. 

Key Insights: 

• The malware is delivered through fake CAPTCHA-like pages, making it seem legitimate. 

• Attackers use this method to bypass security filters and trick users into downloading harmful software. 

• Regular security updates and cautious behavior when interacting with unfamiliar websites can help mitigate such threats. 

Further Reading: Zscaler Blog 

Chinese Hackers Target Hospitals by Spoofing Medical Software 

A new phishing campaign has been discovered where Chinese hackers are targeting hospitals by spoofing medical software, including fake updates for health-related applications. The hackers use these fake updates to deliver malware, gaining access to sensitive healthcare data. Hospitals and healthcare organizations are urged to be cautious of unsolicited software updates and to ensure they are obtaining updates from official sources. 

Key Insights: 

• Attackers are spoofing medical software updates to distribute malware in healthcare organizations. 

• The campaign targets sensitive healthcare data, with phishing emails disguised as software updates. 

• Healthcare organizations should verify software updates and ensure they come from trusted sources. 

Further Reading: KnowBe4 Blog 

Scanning for Trouble: Behind the Scenes of Our QR Code Phishing Demo 

The KnowBe4 team explores the mechanics of QR code phishing in their latest demo, showcasing how attackers are using QR codes to direct victims to phishing sites. The demo reveals the ease with which malicious actors can create seemingly harmless QR codes that lead to fraudulent sites, designed to steal personal information. By understanding the techniques used in these phishing campaigns, organizations can better educate employees and defend against such attacks. 

Key Insights: 

• QR code phishing is becoming more common, with attackers using them to bypass traditional email filtering techniques. 

• Malicious QR codes often lead victims to fake login pages where sensitive data is harvested. 

• Organizations should educate employees on the risks of scanning unsolicited QR codes and implement strong security measures. 

Further Reading: KnowBe4 Blog 

How Phished Data Turns into Apple & Google Wallets 

Phishing campaigns are evolving, with cybercriminals now using phished data to load stolen payment card information directly into Apple and Google Wallets. These scams often involve SMS messages impersonating services like the USPS or toll operators, tricking users into entering payment details. Once victims provide their information and verification codes, their data is linked to mobile wallets controlled by attackers. This advancement in carding techniques highlights the growing risks of mobile payment systems and the need for heightened security measures. 

Key Insights: 

• Cybercriminals use phishing to steal payment information, converting it into mobile wallets for fraud. 

• These phishing schemes often involve spoofed messages and real-time interaction with human operators. 

• Attackers can use "ghost tap" technology to make fraudulent purchases from a distance using NFC technology. 

Further Reading: Krebs on Security