Phishing List - 2024 2023 2021 2020 2019 2018
DATE | NAME | Info | CATEG. | WEB |
| 18.12.24 | HubPhish Abuses HubSpot Tools to Target 20,000 European Users for Credential Theft | Cybersecurity researchers have disclosed a new phishing campaign that has targeted European companies with an aim to harvest account credentials and take | Phishing | |
| 18.12.24 | Hackers Use Microsoft MSC Files to Deploy Obfuscated Backdoor in Pakistan Attacks | A new phishing campaign has been observed employing tax-themed lures to deliver a stealthy backdoor payload as part of attacks targeting Pakistan. | Phishing | |
1.11.24 | New Phishing Kit Xiū gǒu Targets Users Across Five Countries With 2,000 Fake Sites | Cybersecurity researchers have disclosed a new phishing kit that has been put to use in campaigns targeting Australia, Japan, Spain, the | Phishing | |
27.10.24 | Gophish Framework Used in Phishing Campaigns to Deploy Remote Access Trojans | Russian-speaking users have become the target of a new phishing campaign that leverages an open-source phishing toolkit called | ||
16.9.24 | Cybercriminals Exploit HTTP Headers for Credential Theft via Large-Scale Phishing Attacks | Cybersecurity researchers have warned of ongoing phishing campaigns that abuse refresh entries in HTTP headers to deliver | Phishing | The Hacker News |
28.8.24 | New QR Code Phishing Campaign Exploits Microsoft Sway to Steal Credentials | Cybersecurity researchers are calling attention to a new QR code phishing (aka quishing) campaign that leverages Microsoft Sway | Phishing | The Hacker News |
27.8.24 | Microsoft Sway abused in massive QR code phishing campaign | A massive QR code phishing campaign abused Microsoft Sway, a cloud-based tool for creating online presentations, to host landing pages to trick Microsoft 365 users into handing over their credentials. | Phishing | |
21.8.24 | CERT-UA Warns of New Vermin-Linked Phishing Attacks with PoW Bait | The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of new phishing attacks that aim to infect devices with | Phishing | The Hacker News |
20.8.24 | Xeon Sender Tool Exploits Cloud APIs for Large-Scale SMS Phishing Attacks | Malicious actors are using a cloud attack tool named Xeon Sender to conduct SMS phishing and spam campaigns on a large scale by abusing legitimate services. "Attackers can use Xeon to send | Phishing | The Hacker News |
3.8.24 | Proofpoint settings exploited to send millions of phishing emails daily | A massive phishing campaign dubbed "EchoSpoofing" exploited a security gap in Proofpoint's email protection service to dispatch millions of spoofed emails impersonating big entities like Disney, Nike, IBM, and Coca-Cola, to target Fortune 100 companies. | Phishing | |
31.7.24 | OneDrive Phishing Scam Tricks Users into Running Malicious PowerShell Script | Cybersecurity researchers are warning about a new phishing campaign that targets Microsoft OneDrive users with the aim of | Phishing | The Hacker News |
27.7.24 | CrowdStrike Warns of New Phishing Scam Targeting German Customers | CrowdStrike is alerting about an unfamiliar threat actor attempting to capitalize on the Falcon Sensor update fiasco to distribute dubious | Phishing | The Hacker News |
2.7.24 | Router maker's support portal hacked, replies with MetaMask phishing | BleepingComputer has verified that the helpdesk portal of a router manufacturer is currently sending MetaMask phishing emails in response to newly filed support tickets, in what appears to be a compromise. | Phishing | |
| 27.6.24 | ONNX phishing service targets Microsoft 365 accounts at financial firms | A new phishing-as-a-service (PhaaS) platform called ONNX Store is targeting Microsoft 365 accounts for employees at financial firms using QR codes in PDF attachments. | Phishing | |
| 14.6.24 | New phishing toolkit uses PWAs to steal login credentials | A new phishing kit has been released that allows red teamers and cybercriminals to create progressive web Apps (PWAs) that display convincing corporate login forms to steal credentials. | Phishing | |
| 13.6.24 | New Phishing Campaign Deploys WARMCOOKIE Backdoor Targeting Job Seekers | Cybersecurity researchers have disclosed details of an ongoing phishing campaign that leverages recruiting- and job-themed lures to | Phishing | The Hacker News |
| 11.6.24 | More_eggs Malware Disguised as Resumes Targets Recruiters in Phishing Attack | Cybersecurity researchers have spotted a phishing attack distributing the More_eggs malware by masquerading it as a resume, | Phishing | The Hacker News |
| 8.6.24 | New V3B phishing kit targets customers of 54 European banks | Cybercriminals are promoting a new phishing kit named 'V3B' on Telegram, which currently targets customers of 54 major financial institutes in Ireland, the Netherlands, Finland, Austria, Germany, France, Belgium, Greece, Luxembourg, and Italy. | Phishing | |
1.6.24 | Free Piano phish targets American university students, staff | A large-scale phishing campaign is using an unusual lure to earn at least $900,000 by tricking email recipients into believing they're about to receive a baby grand piano for free. | Phishing | |
29.5.24 | Hackers phish finance orgs using trojanized Minesweeper clone | Hackers are utilizing code from a Python clone of Microsoft's venerable Minesweeper game to hide malicious scripts in attacks on European and US financial organizations. | Phishing | |
20.5.24 | Latrodectus Malware Loader Emerges as IcedID's Successor in Phishing Campaigns | Cybersecurity researchers have observed a spike in email phishing campaigns starting early March 2024 that delivers Latrodectus , a | Phishing | The Hacker News |
11.5.24 | Monday.com removes "Share Update" feature abused for phishing attacks | Project management platform Monday.com has removed its "Share Update" feature after threat actors abused it in phishing attacks. | Phishing | |
| 4.5.24 | Millions of Docker repos found pushing malware, phishing sites | Three large-scale campaigns have targeted Docker Hub users, planting millions of repositories designed to push malware and phishing sites since early 2021. | Phishing | |
| 4.5.24 | US Post Office phishing sites get as much traffic as the real one | Security researchers analyzing phishing campaigns that target United States Postal Service (USPS) saw that the traffic to the fake domains is typically similar to what the legitimate site records and it is even higher during holidays. | Phishing | |
| 4.5.24 | LA County Health Services: Patients' data exposed in phishing attack | The Los Angeles County Department of Health Services disclosed a data breach after thousands of patients' personal and health information was exposed in a data breach resulting from a recent phishing attack impacting over two dozen employees. | Phishing | |
| 19.4.24 | LabHost phishing service with 40,000 domains disrupted, 37 arrested | The LabHost phishing-as-a-service (PhaaS) platform has been disrupted in a year-long global law enforcement operation that compromised the infrastructure and arrested 37 suspects, among them the original developer. | Phishing | |
| 18.4.24 | FIN7 targets American automaker’s IT staff in phishing attacks | The financially motivated threat actor FIN7 targeted a large U.S. car maker with spear-phishing emails for employees in the IT department to infect systems with the Anunak backdoor. | Phishing | |
| 18.4.24 | Global Police Operation Disrupts 'LabHost' Phishing Service, Over 30 Arrested Worldwide | As many as 37 individuals have been arrested as part of an international crackdown on a cybercrime service called LabHost | Phishing | The Hacker News |
| 14.4.24 | FBI warns of massive wave of road toll SMS phishing attacks | On Friday, the Federal Bureau of Investigation warned of a massive ongoing wave of SMS phishing attacks targeting Americans with lures regarding unpaid road toll fees. | Phishing | |
| 14.4.24 | LastPass: Hackers targeted employee in failed deepfake CEO call | LastPass revealed this week that threat actors targeted one of its employees in a voice phishing attack, using deepfake audio to impersonate Karim Toubba, the company's Chief Executive Officer. | Phishing | |
| 12.4.24 | TA547 Phishing Attack Hits German Firms with Rhadamanthys Stealer | A threat actor tracked as TA547 has targeted dozens of German organizations with an information stealer called Rhadamanthys as | Phishing | The Hacker News |
| 9.4.24 | Hackers Targeting Human Rights Activists in Morocco and Western Sahara | Human rights activists in Morocco and the Western Sahara region are the targets of a new threat actor that leverages phishing attacks | Phishing | The Hacker News |
| 8.4.24 | Cybercriminals Targeting Latin America with Sophisticated Phishing Scheme | A new phishing campaign has set its eyes on the Latin American region to deliver malicious payloads to Windows systems. "The phishing email contained a ZIP file attachment that when extracted | Phishing | The Hacker News |
| 5.4.24 | New Phishing Campaign Targets Oil & Gas with Evolved Data-Stealing Malware | An updated version of an information-stealing malware called Rhadamanthys is being used in phishing campaigns targeting the | Phishing | The Hacker News |
| 4.4.24 | Google now blocks spoofed emails for better phishing protection | Google has started automatically blocking emails sent by bulk senders who don't meet stricter spam thresholds and authenticate their messages as required by new guidelines to strengthen defenses against spam and phishing attacks. | Phishing | |
| 31.3.24 | New Darcula phishing service targets iPhone users via iMessage | A new phishing-as-a-service (PhaaS) named 'Darcula' uses 20,000 domains to spoof brands and steal credentials from Android and iPhone users in more than 100 countries. | Phishing | |
| 29.3.24 | Darcula Phishing Network Leveraging RCS and iMessage to Evade Detection | A sophisticated phishing-as-a-service (PhaaS) platform called Darcula has set its sights on organizations in over 100 countries by | Phishing | The Hacker News |
| 28.3.24 | Alert: New Phishing Attack Delivers Keylogger Disguised as Bank Payment Notice | A new phishing campaign has been observed leveraging a novel loader malware to deliver an information stealer and keylogger | Phishing | The Hacker News |
| 23.3.24 | Spa Grand Prix email account hacked to phish banking info from fans | Hackers hijacked the official contact email for the Belgian Grand Prix event and used it to lure fans to a fake website promising a €50 gift voucher. | Phishing | |
| 19.3.24 | New Phishing Attack Uses Clever Microsoft Office Trick to Deploy NetSupport RAT | A new phishing campaign is targeting U.S. organizations with the intent to deploy a remote access trojan called NetSupport RAT. Israeli cybersecurity | Phishing | The Hacker News |
| 10.3.24 | MiTM phishing attack can let attackers unlock and steal a Tesla | Researchers demonstrated how they could conduct a Man-in-the-Middle (MiTM) phishing attack to compromise Tesla accounts, unlocking cars, and starting them. The attack works on the latest Tesla app, version 4.30.6, and Tesla software version 11.1 2024.2.7. | Phishing | |
| 3.3.24 | Hackers target FCC, crypto firms in advanced Okta phishing attacks | A new phishing kit named CryptoChameleon is being used to target Federal Communications Commission (FCC) employees, using specially crafted single sign-on (SSO) pages for Okta that appear remarkably similar to the originals. | Phishing | |
| 2.3.24 | Need to Know: Key Takeaways from the Latest Phishing Attacks | This article takes a look at some lessons from recent phishing attacks and highlights actionable tips to limit the risks of phishing affecting your company. | Phishing | |
| 2.3.24 | LabHost cybercrime service lets anyone phish Canadian bank users | The Phishing as a Service (PhaaS) platform 'LabHost' has been helping cybercriminals target North American banks, particularly financial institutes in Canada, causing a notable increase in activity. | Phishing | |
| 28.2.24 | TimbreStealer Malware Spreading via Tax-themed Phishing Scam Targets IT Users | Mexican users have been targeted with tax-themed phishing lures at least since November 2023 to distribute a previously undocumented Windows | Phishing | The Hacker News |
| 25.2.24 | Bitwarden’s new auto-fill option adds phishing resistance | The Bitwarden open-source password management service has introduced a new inline auto-fill menu that addresses the risk of user credentials being stolen through malicious form fields. | Phishing | |
| 17.2.24 | Ongoing Microsoft Azure account hijacking campaign targets executives | A phishing campaign detected in late November 2023 has compromised hundreds of user accounts in dozens of Microsoft Azure environments, including those of senior executives. | Phishing | |
3.2.24 | Microsoft Teams phishing pushes DarkGate malware via group chats | New phishing attacks abuse Microsoft Teams group chat requests to push malicious attachments that install DarkGate malware payloads on victims' systems. | Phishing | |
| 1.2.24 | Telegram Marketplaces Fuel Phishing Attacks with Easy-to-Use Kits and Malware | Cybersecurity researchers are calling attention to the "democratization" of the phishing ecosystem owing to the emergence of Telegram as an epicenter for | Phishing | The Hacker News |
20.1.24 | Invoice Phishing Alert: TA866 Deploys WasabiSeed & Screenshotter Malware | The threat actor tracked as TA866 has resurfaced after a nine-month hiatus with a new large-volume phishing campaign to deliver known malware families | Phishing | The Hacker News |
19.1.24 | US court docs expose fake antivirus renewal phishing tactics | In a seizure warrant application, the U.S. Secret Service sheds light on how threat actors stole $34,000 using fake antivirus renewal subscription emails. | Phishing | |