This week, we upgraded our Brand Abuse Lure Protection service to provide comprehensive protection against all cybercrime email lures that abuse the brands of our clients.
PhishLabs has discovered a fraudulent invoice campaign targeting corporate executives. The scammers attempt to convince their targets to wire funds to various accounts controlled by the fraudsters in order to settle the terms and outstanding balances on legitimate invoices from other companies.
What to look for
Emails associated with this campaign follow this characteristic pattern:
PhishLabs is studying a wave of phishing attacks that utilize spam to distribute links to phishing sites installed and hosted on the personal computers of residential broadband customers.
The attackers start by scanning residential service IP address space for open RDP (Remote Desktop) ports and brute-force default, common, or otherwise weak passwords. Once access is gained, the attackers install web server software and upload a number of different phishing pages, the links to which are sent out via spam email messages.
Over the past several months, we've noticed a growing number of "all-in-one" webmail phishing sites using Google Docs or Google Drive as bait. More than 1,700 are active as of this posting, many of which have been up for months.