2022 #phishing #insights report published today by @v4ensics. Phishing campaigns, Greek wise, targeted the #HellenicPostService (ELTA), #NationalBankGr and #AlphaBank, while global wise, postal and #Meta targeting scams were on the rise. Read the report on

Campaign targeting @Meta by phishers posing as recruiters and trying to lure victims into handing their #Facebook credentials is still ongoing. Data handled by https[:]//calendars-calendly.com/handler.php

Both phishing sites seem to be subdomains of legitimate commercial sites (theoutwrld[.]com and flybus-travel[.]com) and , irrelevant obviously to the supposed recruiters brands (#Asos and #Airbus). Based on OSINT (kudos @urlscanio ) campaign is active the least 16 days

Data posted to a #PHP file, while jsfiddle[.].net, ipapi[.]co/ip/, api[.]ipify[.]org/?format=json and ipapi[.]co/json are also utilized by the sites. Site uses a banned IP txt file, which presumably contains "automatically" blocked by the phishers IP addresses

New #phishing campaign targeting @Meta spotted in the wild. Phishers posing as recruiters try to lure victims into handing their #Facebook credentials. 2 relevant phishing sites (asos-calendly[.]theoutwrld[.]com airbus-careers[.]flybus-travel[.]com) were seen today by @v4ensics

New #IPaddress (193.46.217.13) hosting malicious sites. IP uncovered through e-mail campaigns mimicking @bookingcom and hosts multiple #FakeCaptcha sites

XSS Forum seized @Europol ❤️

New #phishing campaign targeting #eltacourier (elta[.]courier-ls[.]sale/gr) just spotted in the wild

4 Greek banks available for the alleged #taxrefund (@NationalBankGR , #AlphaBank, #Eurobank and #PiraeusBank

As #Greekcitizens submit their tax statements #phishers try to trick them that #taxrefund is communing. Relevant phishing site is https://syndesiapp[.]web[.]app/main

🚨Ransomware actors exploited an unpatched vulnerability (CVE-2024-57727) in SimpleHelp RMM to compromise a utility billing software provider—part of a pattern of actors targeting downstream customers. See our advisory for mitigations👉 https://t.co/Yli2jWTtOw

New #phishing campaign targeting #Elta in the wild. Phishers use mediaoffice[.]com[.]uy/elt to direct victims to csclear[.]co[.]za/wwwGR-hellenicPost/

Another @Meta phisher abuses @Meta www[.]facebook[.]com/61576714928950/posts/122102540912890497 to direct victims to recovercaseidhelp3232[.]d1tzhlqwrrp8x9[.]amplifyapp[.]com/. Phished data get processed via #Telegram

The #phishers played a @Meta #communityguidelinesviolation scheme. @v4ensics #OSINT investigation revealed the phishers phishing kit to be associated with the least 122 sites and be actively used the last 5 months, with the last site scanned on @URLScan 3 hours ago

Another #Meta phisher was spotted today that used a kit, which processed victims data using @awscloud (https[:]//yal32bnurk4yna4k73okvggdau0cjzgc[.]lambda-url[.]us-west-2[.]on[.]aws/).

With #phishers playing again the familiar to @v4ensics @Meta #policyviolation scheme accompanied with the "short"/24h #accountterminationnotice phishers sent the e-mails that triggered the investigation from @gmail accounts and targeted #German speaking users

The #phishers targeting @Meta came back today with another @telegram version of their phishing kit, which based on @v4ensics rapid investigation is connected with the least 11 sites and is actively used for the last 6 days (kudos @urlscan). All sites are hosted by @vercel

New #phishing campaign targeting @Piraeus_Bank active since yesterday. Phishers use makaanshop[.]com/haikku to direct intended victims to online[.]myirdrefund[.]nz[.]ilhii[.]ip-ddns[.]com/PiraeusGR/

the #fakecaptcha page instructs, as seen before, the intended victim to execute #powershell code

As #infostealing #campaigns targeting #hospitality evolve malicious actors the last few days use @Github sites to direct victims to #fakecaptcha pages and get them infect. At the moment commentsgst[.]github[.]io/698434 is used to direct to stayinfovstr[.]com

It seems that #Lumma #infostealer infra has been brought to a halt. Kudos @Microsoft and @EC3Europol for making this happen ( https://t.co/D1lqMwusTO, https://t.co/3rLRkrQKYQ)