Phishing List - 2024 2023 2021 2020 2019 2018
DATE | NAME | Info | CATEG. | WEB |
| 21.4.25 | Phishers abuse Google OAuth to spoof Google in DKIM replay attack | In a rather clever attack, hackers leveraged a weakness that allowed them to send a fake email that seemed delivered from Google's systems, passing all verifications but pointing to a fraudulent page that collected logins. | Phishing | |
| 21.4.25 | Windows NTLM hash leak flaw exploited in phishing attacks on governments | A Windows vulnerability that exposes NTLM hashes using .library-ms files is now actively exploited by hackers in phishing campaigns targeting government entities and private companies. | Phishing | BleepingComputer |
| 19.4.25 | Chinese Smishing Kit Powers Widespread Toll Fraud Campaign Targeting U.S. Users in 8 States | Cybersecurity researchers are warning of a "widespread and ongoing" SMS phishing campaign that's been targeting toll road users in the United States for financial theft | Phishing | The Hacker News |
| 15.4.25 | Phishing Campaigns Use Real-Time Checks to Validate Victim Emails Before Credential Theft | Cybersecurity researchers are calling attention to a new type of credential phishing scheme that ensures that the stolen information is associated with valid online | Phishing | The Hacker News |
| 13.4.25 | Tycoon2FA phishing kit targets Microsoft 365 with new tricks | Phishing-as-a-service (PhaaS) platform Tycoon2FA, known for bypassing multi-factor authentication on Microsoft 365 and Gmail accounts, has received updates that improve its stealth and evasion capabilities. | Phishing | |
| 12.4.25 | Phishing kits now vet victims in real-time before stealing credentials | Phishing actors are employing a new evasion tactic called 'Precision-Validated Phishing' that only shows fake login forms when a user enters an email address that the threat actors specifically targeted. | Phishing | |
| 10.4.25 | E-ZPass toll payment texts return in massive phishing wave | An ongoing phishing campaign impersonating E-ZPass and other toll agencies has surged recently, with recipients receiving multiple iMessage and SMS texts to steal personal and credit card information. | Phishing | BleepingComputer |
| 6.4.25 | PoisonSeed phishing campaign behind emails with wallet seed phrases | A large-scale phishing campaign dubbed 'PoisonSeed' compromises corporate email marketing accounts to distribute emails containing crypto seed phrases used to drain cryptocurrency wallets. | Phishing | |
| 4.4.25 | Phishing platform 'Lucid' behind wave of iOS, Android SMS attacks | A phishing-as-a-service (PhaaS) platform named 'Lucid' has been targeting 169 entities in 88 countries using well-crafted messages sent on iMessage (iOS) and RCS (Android). | Phishing | |
| 4.4.25 | Microsoft Warns of Tax-Themed Email Attacks Using PDFs and QR Codes to Deliver Malware | Microsoft is warning of several phishing campaigns that are leveraging tax-related themes to deploy malware and steal credentials. "These campaigns notably use | Phishing | The Hacker News |
| 2.4.25 | Lucid PhaaS Hits 169 Targets in 88 Countries Using iMessage and RCS Smishing | A new sophisticated phishing-as-a-service (PhaaS) platform called Lucid has targeted 169 entities in 88 countries using smishing messages propagated via | Phishing | |
|
30.3.25 |
Phishing-as-a-service operation uses DNS-over-HTTPS for evasion | A newly discovered phishing-as-a-service (PhaaS) operation that researchers call Morphing Meerkat, has been using the DNS over HTTPS (DoH) protocol to evade detection. | Phishing | |
|
28.3.25 |
New Morphing Meerkat Phishing Kit Mimics 114 Brands Using Victims' DNS Email Records | Cybersecurity researchers have shed light on a new phishing-as-a-service (PhaaS) platform that leverages the Domain Name System ( DNS ) mail exchange ( MX ) | Phishing | The Hacker News |
|
23.3.25 |
Fake Semrush ads used to steal SEO professionals’ Google accounts | A new phishing campaign is targeting SEO professionals with malicious Semrush Google Ads that aim to steal their Google account credentials. | Phishing | |
|
16.3.25 |
Coinbase phishing email tricks users with fake wallet migration | A large-scale Coinbase phishing attack poses as a mandatory wallet migration, tricking recipients into setting up a new wallet with a pre-generated recovery phrase controlled by attackers. | Phishing | BleepingComputer |
| 13.3.25 | Microsoft Warns of ClickFix Phishing Campaign Targeting Hospitality Sector via Fake Booking[.]com Emails | Microsoft has shed light on an ongoing phishing campaign that targeted the hospitality sector by impersonating online travel agency Booking.com using an increasingly popular social engineering technique called ClickFix to deliver credential-stealing malware. | Phishing | The Hacker News |
| 11.3.25 | US cities warn of wave of unpaid parking phishing texts | US cities are warning of an ongoing mobile phishing campaign pretending to be texts from the city's parking violation departments about unpaid parking invoices, that if unpaid, will incur an additional $35 fine per day. | Phishing | BleepingComputer |
| 4.3.25 | Hackers Exploit AWS Misconfigurations to Launch Phishing Attacks via SES and WorkMail | Threat actors are targeting Amazon Web Services ( AWS ) environments to push out phishing campaigns to unsuspecting targets, according to findings from Palo | Phishing | The Hacker News |
| 4.3.25 | Hackers Use ClickFix Trick to Deploy PowerShell-Based Havoc C2 via SharePoint Sites | Cybersecurity researchers are calling attention to a new phishing campaign that employs the ClickFix technique to deliver an open-source command-and-control | Phishing | The Hacker News |
| 28.2.25 | 5,000 Phishing PDFs on 260 Domains Distribute Lumma Stealer via Fake CAPTCHAs | ybersecurity researchers have uncovered a widespread phishing campaign that uses fake CAPTCHA images shared via PDF documents hosted on Webflow's | Phishing | The Hacker News |
| 22.2.25 | Cybercriminals Can Now Clone Any Brand's Site in Minutes Using Darcula PhaaS v3 | The threat actors behind the Darcula phishing-as-a-service (PhaaS) platform appear to be readying a new version that allows prospective customers and cyber | Phishing | The Hacker News |
|
18.1.25 | New 'Sneaky 2FA' Phishing Kit Targets Microsoft 365 Accounts with 2FA Code Bypass | Cybersecurity researchers have detailed a new adversary-in-the-middle (AitM) phishing kit that's capable of Microsoft 365 accounts with an aim to steal | Phishing | The Hacker News |
|
26.12.24 | Rockstar2FA Collapse Fuels Expansion of FlowerStorm Phishing-as-a-Service | An interruption to the phishing-as-a-service (PhaaS) toolkit called Rockstar 2FA has led to a rapid uptick in activity from another nascent offering named | Phishing | |
| 18.12.24 | HubPhish Abuses HubSpot Tools to Target 20,000 European Users for Credential Theft | Cybersecurity researchers have disclosed a new phishing campaign that has targeted European companies with an aim to harvest account credentials and take | Phishing | |
| 18.12.24 | Hackers Use Microsoft MSC Files to Deploy Obfuscated Backdoor in Pakistan Attacks | A new phishing campaign has been observed employing tax-themed lures to deliver a stealthy backdoor payload as part of attacks targeting Pakistan. | Phishing | |
|
1.11.24 | New Phishing Kit Xiū gǒu Targets Users Across Five Countries With 2,000 Fake Sites | Cybersecurity researchers have disclosed a new phishing kit that has been put to use in campaigns targeting Australia, Japan, Spain, the | Phishing | |
|
27.10.24 |
Gophish Framework Used in Phishing Campaigns to Deploy Remote Access Trojans |
Russian-speaking users have become the target of a new phishing campaign that leverages an open-source phishing toolkit called | ||
16.9.24 | Cybercriminals Exploit HTTP Headers for Credential Theft via Large-Scale Phishing Attacks | Cybersecurity researchers have warned of ongoing phishing campaigns that abuse refresh entries in HTTP headers to deliver | Phishing | The Hacker News |
28.8.24 | New QR Code Phishing Campaign Exploits Microsoft Sway to Steal Credentials | Cybersecurity researchers are calling attention to a new QR code phishing (aka quishing) campaign that leverages Microsoft Sway | Phishing | The Hacker News |
27.8.24 | Microsoft Sway abused in massive QR code phishing campaign | A massive QR code phishing campaign abused Microsoft Sway, a cloud-based tool for creating online presentations, to host landing pages to trick Microsoft 365 users into handing over their credentials. | Phishing | |
21.8.24 | CERT-UA Warns of New Vermin-Linked Phishing Attacks with PoW Bait | The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of new phishing attacks that aim to infect devices with | Phishing | The Hacker News |
20.8.24 | Xeon Sender Tool Exploits Cloud APIs for Large-Scale SMS Phishing Attacks | Malicious actors are using a cloud attack tool named Xeon Sender to conduct SMS phishing and spam campaigns on a large scale by abusing legitimate services. "Attackers can use Xeon to send | Phishing | The Hacker News |
3.8.24 | Proofpoint settings exploited to send millions of phishing emails daily | A massive phishing campaign dubbed "EchoSpoofing" exploited a security gap in Proofpoint's email protection service to dispatch millions of spoofed emails impersonating big entities like Disney, Nike, IBM, and Coca-Cola, to target Fortune 100 companies. | Phishing | |
31.7.24 | OneDrive Phishing Scam Tricks Users into Running Malicious PowerShell Script | Cybersecurity researchers are warning about a new phishing campaign that targets Microsoft OneDrive users with the aim of | Phishing | The Hacker News |
27.7.24 | CrowdStrike Warns of New Phishing Scam Targeting German Customers | CrowdStrike is alerting about an unfamiliar threat actor attempting to capitalize on the Falcon Sensor update fiasco to distribute dubious | Phishing | The Hacker News |
2.7.24 | Router maker's support portal hacked, replies with MetaMask phishing | BleepingComputer has verified that the helpdesk portal of a router manufacturer is currently sending MetaMask phishing emails in response to newly filed support tickets, in what appears to be a compromise. | Phishing | |
| 27.6.24 | ONNX phishing service targets Microsoft 365 accounts at financial firms | A new phishing-as-a-service (PhaaS) platform called ONNX Store is targeting Microsoft 365 accounts for employees at financial firms using QR codes in PDF attachments. | Phishing | |
| 14.6.24 | New phishing toolkit uses PWAs to steal login credentials | A new phishing kit has been released that allows red teamers and cybercriminals to create progressive web Apps (PWAs) that display convincing corporate login forms to steal credentials. | Phishing | |
| 13.6.24 | New Phishing Campaign Deploys WARMCOOKIE Backdoor Targeting Job Seekers | Cybersecurity researchers have disclosed details of an ongoing phishing campaign that leverages recruiting- and job-themed lures to | Phishing | The Hacker News |
| 11.6.24 | More_eggs Malware Disguised as Resumes Targets Recruiters in Phishing Attack | Cybersecurity researchers have spotted a phishing attack distributing the More_eggs malware by masquerading it as a resume, | Phishing | The Hacker News |
| 8.6.24 | New V3B phishing kit targets customers of 54 European banks | Cybercriminals are promoting a new phishing kit named 'V3B' on Telegram, which currently targets customers of 54 major financial institutes in Ireland, the Netherlands, Finland, Austria, Germany, France, Belgium, Greece, Luxembourg, and Italy. | Phishing | |
1.6.24 | Free Piano phish targets American university students, staff | A large-scale phishing campaign is using an unusual lure to earn at least $900,000 by tricking email recipients into believing they're about to receive a baby grand piano for free. | Phishing | |
29.5.24 | Hackers phish finance orgs using trojanized Minesweeper clone | Hackers are utilizing code from a Python clone of Microsoft's venerable Minesweeper game to hide malicious scripts in attacks on European and US financial organizations. | Phishing | |
20.5.24 | Latrodectus Malware Loader Emerges as IcedID's Successor in Phishing Campaigns | Cybersecurity researchers have observed a spike in email phishing campaigns starting early March 2024 that delivers Latrodectus , a | Phishing | The Hacker News |
11.5.24 | Monday.com removes "Share Update" feature abused for phishing attacks | Project management platform Monday.com has removed its "Share Update" feature after threat actors abused it in phishing attacks. | Phishing | |
| 4.5.24 | Millions of Docker repos found pushing malware, phishing sites | Three large-scale campaigns have targeted Docker Hub users, planting millions of repositories designed to push malware and phishing sites since early 2021. | Phishing | |
| 4.5.24 | US Post Office phishing sites get as much traffic as the real one | Security researchers analyzing phishing campaigns that target United States Postal Service (USPS) saw that the traffic to the fake domains is typically similar to what the legitimate site records and it is even higher during holidays. | Phishing | |
| 4.5.24 | LA County Health Services: Patients' data exposed in phishing attack | The Los Angeles County Department of Health Services disclosed a data breach after thousands of patients' personal and health information was exposed in a data breach resulting from a recent phishing attack impacting over two dozen employees. | Phishing | |
| 19.4.24 | LabHost phishing service with 40,000 domains disrupted, 37 arrested | The LabHost phishing-as-a-service (PhaaS) platform has been disrupted in a year-long global law enforcement operation that compromised the infrastructure and arrested 37 suspects, among them the original developer. | Phishing | |
| 18.4.24 | FIN7 targets American automaker’s IT staff in phishing attacks | The financially motivated threat actor FIN7 targeted a large U.S. car maker with spear-phishing emails for employees in the IT department to infect systems with the Anunak backdoor. | Phishing | |
| 18.4.24 | Global Police Operation Disrupts 'LabHost' Phishing Service, Over 30 Arrested Worldwide | As many as 37 individuals have been arrested as part of an international crackdown on a cybercrime service called LabHost | Phishing | The Hacker News |
| 14.4.24 | FBI warns of massive wave of road toll SMS phishing attacks | On Friday, the Federal Bureau of Investigation warned of a massive ongoing wave of SMS phishing attacks targeting Americans with lures regarding unpaid road toll fees. | Phishing | |
| 14.4.24 | LastPass: Hackers targeted employee in failed deepfake CEO call | LastPass revealed this week that threat actors targeted one of its employees in a voice phishing attack, using deepfake audio to impersonate Karim Toubba, the company's Chief Executive Officer. | Phishing | |
| 12.4.24 | TA547 Phishing Attack Hits German Firms with Rhadamanthys Stealer | A threat actor tracked as TA547 has targeted dozens of German organizations with an information stealer called Rhadamanthys as | Phishing | The Hacker News |
| 9.4.24 | Hackers Targeting Human Rights Activists in Morocco and Western Sahara | Human rights activists in Morocco and the Western Sahara region are the targets of a new threat actor that leverages phishing attacks | Phishing | The Hacker News |
| 8.4.24 | Cybercriminals Targeting Latin America with Sophisticated Phishing Scheme | A new phishing campaign has set its eyes on the Latin American region to deliver malicious payloads to Windows systems. "The phishing email contained a ZIP file attachment that when extracted | Phishing | The Hacker News |
| 5.4.24 | New Phishing Campaign Targets Oil & Gas with Evolved Data-Stealing Malware | An updated version of an information-stealing malware called Rhadamanthys is being used in phishing campaigns targeting the | Phishing | The Hacker News |
| 4.4.24 | Google now blocks spoofed emails for better phishing protection | Google has started automatically blocking emails sent by bulk senders who don't meet stricter spam thresholds and authenticate their messages as required by new guidelines to strengthen defenses against spam and phishing attacks. | Phishing | |
| 31.3.24 | New Darcula phishing service targets iPhone users via iMessage | A new phishing-as-a-service (PhaaS) named 'Darcula' uses 20,000 domains to spoof brands and steal credentials from Android and iPhone users in more than 100 countries. | Phishing | |
| 29.3.24 | Darcula Phishing Network Leveraging RCS and iMessage to Evade Detection | A sophisticated phishing-as-a-service (PhaaS) platform called Darcula has set its sights on organizations in over 100 countries by | Phishing | The Hacker News |
| 28.3.24 | Alert: New Phishing Attack Delivers Keylogger Disguised as Bank Payment Notice | A new phishing campaign has been observed leveraging a novel loader malware to deliver an information stealer and keylogger | Phishing | The Hacker News |
| 23.3.24 | Spa Grand Prix email account hacked to phish banking info from fans | Hackers hijacked the official contact email for the Belgian Grand Prix event and used it to lure fans to a fake website promising a €50 gift voucher. | Phishing | |
| 19.3.24 | New Phishing Attack Uses Clever Microsoft Office Trick to Deploy NetSupport RAT | A new phishing campaign is targeting U.S. organizations with the intent to deploy a remote access trojan called NetSupport RAT. Israeli cybersecurity | Phishing | The Hacker News |
| 10.3.24 | MiTM phishing attack can let attackers unlock and steal a Tesla | Researchers demonstrated how they could conduct a Man-in-the-Middle (MiTM) phishing attack to compromise Tesla accounts, unlocking cars, and starting them. The attack works on the latest Tesla app, version 4.30.6, and Tesla software version 11.1 2024.2.7. | Phishing | |
| 3.3.24 | Hackers target FCC, crypto firms in advanced Okta phishing attacks | A new phishing kit named CryptoChameleon is being used to target Federal Communications Commission (FCC) employees, using specially crafted single sign-on (SSO) pages for Okta that appear remarkably similar to the originals. | Phishing | |
| 2.3.24 | Need to Know: Key Takeaways from the Latest Phishing Attacks | This article takes a look at some lessons from recent phishing attacks and highlights actionable tips to limit the risks of phishing affecting your company. | Phishing | |
| 2.3.24 | LabHost cybercrime service lets anyone phish Canadian bank users | The Phishing as a Service (PhaaS) platform 'LabHost' has been helping cybercriminals target North American banks, particularly financial institutes in Canada, causing a notable increase in activity. | Phishing | |
| 28.2.24 | TimbreStealer Malware Spreading via Tax-themed Phishing Scam Targets IT Users | Mexican users have been targeted with tax-themed phishing lures at least since November 2023 to distribute a previously undocumented Windows | Phishing | The Hacker News |
| 25.2.24 | Bitwarden’s new auto-fill option adds phishing resistance | The Bitwarden open-source password management service has introduced a new inline auto-fill menu that addresses the risk of user credentials being stolen through malicious form fields. | Phishing | |
| 17.2.24 | Ongoing Microsoft Azure account hijacking campaign targets executives | A phishing campaign detected in late November 2023 has compromised hundreds of user accounts in dozens of Microsoft Azure environments, including those of senior executives. | Phishing | |
3.2.24 | Microsoft Teams phishing pushes DarkGate malware via group chats | New phishing attacks abuse Microsoft Teams group chat requests to push malicious attachments that install DarkGate malware payloads on victims' systems. | Phishing | |
| 1.2.24 | Telegram Marketplaces Fuel Phishing Attacks with Easy-to-Use Kits and Malware | Cybersecurity researchers are calling attention to the "democratization" of the phishing ecosystem owing to the emergence of Telegram as an epicenter for | Phishing | The Hacker News |
20.1.24 | Invoice Phishing Alert: TA866 Deploys WasabiSeed & Screenshotter Malware | The threat actor tracked as TA866 has resurfaced after a nine-month hiatus with a new large-volume phishing campaign to deliver known malware families | Phishing | The Hacker News |
19.1.24 | US court docs expose fake antivirus renewal phishing tactics | In a seizure warrant application, the U.S. Secret Service sheds light on how threat actors stole $34,000 using fake antivirus renewal subscription emails. | Phishing | |