Tackling Email Spoofing and Phishing
September 27, 2021
Today we’re announcing a new tool to tackle email spoofing and phishing. We’ll warn users about insecure configurations and provide an easy-to-use wizard to create required DNS records....
Count yourself in for a vaccine phish: new phishing campaign exploits concern over COVID-19 vaccine availability
January 27, 2021
Area 1 has uncovered a coronavirus vaccine-themed campaign spoofing the CDC. The attack, which originally bypassed Office 365’s email security, uses a number of techniques to bypass normal anti-spoofing and email authentication methods....
Phishpoint back in full swing: an infamous Microsoft SharePoint spoof resumes with new tactics
December 11, 2020
Our researchers detected an updated wave of Microsoft SharePoint phish that are leveraging new COVID-19 restrictions to steal victims’ login information....
Phishing campaign threatens job security, drops Bazar and Buer Malware
November 09, 2020
A phishing campaign is threatening targets with false claims of employment termination. The goal of the attacker is to intimidate employees into clicking on a link that will ultimately lead to Bazar or Buer malware infections by way of Trickbot....
With 14 days to go, we haven’t nailed the basics: election security risks from expired domains
October 20, 2020
Failure for any organization to properly register their domains poses several key risks. For example, anyone who might register an election-sensitive domain would be able to assume the identity of elections officials and send phishing emails....
MORE POSTS
October 06, 2020
PAC spoof drops Emotet: phishing campaign leverages stolen PAC content to drop Emotet
President Donald Trump, election fundraising, Microsoft Office 365 used to send Emotet malware in fake Political Action Committee phishing email....
- By
September 23, 2020
Are you GDPR-compliant? New phishing message harvests credentials with GDPR lure
Credential harvesting phishing emails leverage GDPR compliance and exploits cloud-based services, Virtual Private Servers, to target sales executives....
- By
September 09, 2020
Latest SBA phishing attempt: stealthy social engineering phish using newly registered domains attempts to gain bank details
Area 1 blocks social engineering, COVID-19 phishing emails impersonating Small Business Administration, using Newly Registered Domains, PDF attachments....
- By
August 27, 2020
“Face mask manufacturer” supplies Agent Tesla Malware: campaign employs Covid-19 lures and sophisticated evasion techniques
Covid-19 phishing attack exploits need for face masks, thermometers to launch Agent Tesla malware (advanced Remote Access Trojan); bypasses gateways, DMARC....
- By
July 26, 2020
New Area 1 security study shows that U.S. State & local election administrators remain vulnerable to phish
With only 100 days until Election Day, Area 1 Security’s new “Phishing Election Administrators” report assesses the depth of current email security controls used by 10,000 U.S. state and local election administrators....
- By
July 20, 2020
Don’t trust that tweet…or that email from "Bill Gates"
On July 16th, 2020, an email appearing to be from the Bill & Melinda Gates Foundation was sent to numerous recipients, seeking donations for the Foundation in Bitcoin....
- By
February 16, 2018
Keeping our users safe
To everyone in Cloudflare, account security is one of our most important tasks. We recognize that to every customer on our platform, we are critical infrastructure. We also know that the simplest attacks often lead to the most devastating of outcomes. ...
- By
December 12, 2017
Why Some Phishing Emails Are Mysteriously Disappearing
Phishing is the absolute worst. Unfortunately, sometimes phishing campaigns use Cloudflare for the very convenient, free DNS. ...
- By
July 01, 2012
Protecting CloudFlare sites from phishing
As the internet has grown, phishing attacks have continued to be a problem. While better awareness and focus on security has helped reduce their number, the RSA and other services tracking phishing still show that somewhere between 20-30,000 phishing attacks generally occur every...
- By