Tag: domain spoofing

9 Attack Reports | 0 Vulnerabilities

Attack reports

Hurricane Melissa Relief Scams: How Criminals Exploit Disaster

In the aftermath of Hurricane Melissa's devastating impact on Jamaica in October 2025, cybercriminals swiftly exploited the crisis through various online scams. These included phishing campaigns, fake charity drives, and fraudulent financial-relief websites impersonating legitimate aid organization…
phishing
social engineering
cryptocurrency
scams
domain spoofing
2025-11-14
fake charities
hurricane
disaster relief
Published: November 14, 2025
Downloadable IOCs: 16

Cyber Attacks on Government Agencies: Detect and Investigate

This analysis examines cyber threats targeting government institutions worldwide, focusing on three case studies: a phishing email targeting the South Carolina Department of Employment and Workforce, a fraudulent domain mimicking the U.S. Social Security Administration, and a malicious PDF posing a…
screenconnect
phishing
stealer
government
pdf
remote-access
formbook
domain-spoofing
2025-06-04
credential-harvesting
Published: June 4, 2025
Downloadable IOCs: 2

The Return of Pharmacy-Themed Spam

Pharmaceutical-themed spam campaigns continue to target individuals and organizations, particularly in the healthcare and pharmaceutical sectors. Recent observations reveal a bulk spam campaign using spoofed identities and compromised infrastructure to send deceptive emails. The attackers employ ta…
phishing
spam
social-engineering
domain-spoofing
2025-04-26
pharmacy
compromised-servers
email-security
fraudulent-websites
dkim
Published: April 26, 2025
Downloadable IOCs: 0

Highway Robbery 2.0: How Attackers Are Exploiting Toll Systems in Phishing Scams

A massive SMS phishing campaign targeting U.S. drivers exploits various toll systems, including E-ZPass, SunPass, and TxTag. The scam uses fake payment alerts sent via iMessage and SMS from foreign numbers to lure victims to fraudulent websites. Analysis reveals a pattern in domain names and infras…
infrastructure analysis
domain spoofing
sms phishing
sunpass
2025-03-10
nginx
toll systems
txtag
imessage
chinese asns
e-zpass
Published: March 10, 2025
Downloadable IOCs: 0

Phishing via 'com-' prefix domains

This analysis reveals a new phishing trend using domains with a "com-" prefix to mimic legitimate websites. The scam targets users of Florida's Sunpass toll system, exploiting the similarity between sunpass.com and fraudulent "com-" domains. A surge in "com-" prefix domain registrations has been ob…
phishing
2025-02-06
newly-registered-domains
domain-spoofing
sunpass
dns-monitoring
com-prefix
toll-fraud
Published: February 6, 2025
Downloadable IOCs: 9

Hackers Hijack JFK File Release: Malware & Phishing Surge

A potentially growing cyber threat campaign has been uncovered surrounding the release of declassified JFK, RFK, and MLK files. Attackers are exploiting public interest in these historical documents to launch malware campaigns, phishing schemes, and exploit attempts. Within days of the announcement…
malware
phishing
social engineering
ransomware
spyware
domain spoofing
2025-02-03
cyber threat
trojans
declassified files
historical documents
jfk files
Published: February 3, 2025
Downloadable IOCs: 4

Cyberhaven Extension Compromise: TLS Certificates Reveal Hidden Infrastructure

A phishing attack targeting a Cyberhaven employee led to the compromise of their Google Chrome extension. The attacker published a malicious version on the Chrome Web Store, active for 24 hours, capable of exfiltrating cookies and session data. Analysis of IP addresses and domains revealed connecti…
phishing
chrome extension
domain spoofing
2025-01-10
certificate rotation
Published: January 10, 2025
Downloadable IOCs: 66

Suspected DPRK Phishing Campaign Targets Naver; Separate Apple Domain Spoofing Cluster Identified

Researchers discovered a potential North Korean phishing campaign targeting Naver, a major South Korean tech platform. The investigation revealed an exposed directory containing phishing pages designed to steal Naver user credentials. Separately, an infrastructure cluster was identified using domai…
phishing
apple
credential theft
dprk
infrastructure analysis
domain spoofing
2024-10-30
naver
tls certificates
Published: October 30, 2024
Downloadable IOCs: 0

Credential Phishing Pages Mimicking Legitimate Webmail Login Portals

Since August 2024, an India-linked threat actor has been targeting entities in China and South Asia using credential phishing pages that mimic legitimate webmail login portals. The campaign primarily focuses on government and defense sectors. The phishing domains share common characteristics, inclu…
china
government
2024-09-18
south asia
domain spoofing
credential phishing
Published: September 18, 2024
Downloadable IOCs: 20
Click here to see more Attack Reports