CallBack
Microsoft Azure Monitor alerts abused for callback phishing attacks
Microsoft Azure Monitor alerts are being abused to send callback phishing emails that impersonate warnings from the Microsoft Security Team about unauthorized charges on your account. Azure Monitor is Microsoft’s cloud-based monitoring service that collects and analyzes data from Azure resources, applications, and infrastructure. It enables users to track performance, notify about billing changes, detect […]
Beware: PayPal subscriptions abused to send fake purchase emails
An email scam is abusing abusing PayPal’s “Subscriptions” billing feature to send legitimate PayPal emails that contain fake purchase notifications embedded in the Customer service URL field. Over the past couple of months, people have reported [1, 2] receiving emails from PayPal stating, “Your automatic payment is no longer active.” The email includes a customer service URL field […]
iCloud Calendar abused to send phishing emails from Apple’s servers
iCloud Calendar invites are being abused to send callback phishing emails disguised as purchase notifications directly from Apple’s email servers, making them more likely to bypass spam filters to land in targets’ inboxes. Earlier this month, a reader shared an email with GeekFeed that claimed to be a payment receipt for $599 charged against the recipient’s […]
FBI warns of Luna Moth extortion attacks targeting law firms
The FBI warned that an extortion gang known as the Silent Ransom Group has been targeting U.S. law firms over the last two years in callback phishing and social engineering attacks. Also known as Luna Moth, Chatty Spider, and UNC3753, this threat group has been active since 2022 and was also behind BazarCall campaigns that provided initial access to […]