phising

Phishing Attack Hides JavaScript Using Invisible Unicode Trick

Phishing attacks are exploiting a new JavaScript obfuscation technique using invisible Unicode characters to hide malicious code. This method encodes payloads as spaces in JavaScript objects and employs advanced tactics for evasion, making detection difficult. Targeting affiliates of a U.S. political action committee, these attacks are highly personalized and include anti-debugging measures. The technique was disclosed in late 2024 and has rapidly been weaponized by attackers, indicating a potential for wider adoption.

https://www.bleepingcomputer.com/news/security/phishing-attack-hides-javascript-using-invisible-unicode-trick/

New Facebook Copyright Infringement Phishing Campaign

Check Point discovered a Facebook phishing campaign targeting over 12,279 companies since December 2024, impersonating copyright infringement notifications. It exploits Salesforce's mailing service, misleading recipients with genuine-looking emails, prompting them to fake Facebook support pages to harvest credentials. This poses risks for businesses using Facebook for operations, potentially leading to account breaches, loss of client trust, and regulatory penalties. Recommendations include setting security alerts, educating employees and customers, and having an incident response plan.

https://blog.checkpoint.com/security/new-facebook-copyright-infringement-phishing-campaign/

Microsoft Advertisers Phished Via Malicious Google Ads

, ,

Malicious Google ads target Microsoft advertisers, attempting to steal login info for Microsoft's ad platform. Attackers use cloaking techniques to redirect users and evade security, ultimately leading to a phishing page that mimics the legitimate site. The campaign highlights ongoing phishing threats in online advertising, urging users to verify URLs, utilize two-factor authentication, monitor accounts, and report suspicious ads.

https://www.malwarebytes.com/blog/news/2025/01/microsoft-advertisers-phished-via-malicious-google-ads

Phishing Texts Trick Apple iMessage Users Into Disabling Protection

,

Phishing texts are tricking Apple iMessage users into disabling phishing protection by prompting them to reply to messages. Users who respond to these texts inadvertently enable links, making them vulnerable to attacks. Cybercriminals exploit this tactic, especially targeting individuals who may be less aware of such scams. It's advised not to respond to unknown messages with disabled links and to verify their legitimacy directly with the sender.

https://www.bleepingcomputer.com/news/security/phishing-texts-trick-apple-imessage-users-into-disabling-protection/

AI-generated Phishing Emails Are Getting Very Good at Targeting Executives

,

AI-generated phishing emails are increasingly targeting corporate executives. Companies like Beazley and eBay report a rise in hyper-personalized scams using personal details gathered via AI analysis. Experts highlight that AI enables hackers to craft convincing phishing emails that bypass security measures. Phishing is the starting point for over 90% of cyberattacks, with the global cost of data breaches rising. AI's role in identifying vulnerabilities enhances the sophistication of these scams, making them more difficult to detect.

AI-generated phishing emails are getting very good at targeting executives

Scroll to Top