Your address will show here +12 34 56 78

Facebook is now the most impersonated brand, accounting for 14% of phishing pages. It is closely followed by Microsoft, Credit Agricole, WhatsApp, and La Banque Postale.

A new study examined around 185,000 phishing websites in 2021 and identified the top 20 most counterfeited firms, according to cybersecurity firm Vade.

In 2021, financial services were the most imitated sector, with 35% of phishing sites (24% compared to 2020). Scammers like to target Credit Agricole, La Banque Postale, Chase, PayPal, Wells Fargo, and MTB.

Vade claims that the COVID-19’s influence on the global economy has aided in the rise of financial services phishing.

“At the beginning of the crisis, businesses and citizens around the world took advantage of government-backed business loans and payment deferrals or “holidays” from consumer banks and credit unions. Crédit Agricole processed 211,000 applications for small to midsized business and small business and corporate loans, totaling €315 billion,” according to Vade.

The second most imitated sector, accounting for 24% of phishing sites, is social media. Facebook is a popular target for hackers looking to reach a larger audience because it has 2.8 billion users and numerous social enterprises under its corporate parent Meta.

“Additionally, 2021 saw a string of high-profile ups and downs for Facebook, from its starring role in politically charged arguments about freedom of speech to Facebook’s rebranding to Meta to its ongoing fight against misinformation. Cybercriminals are opportunists, and they have a strong preference for attacking brands during periods when the brand is top of mind with end-users,” Vade said.

Phishing sites may include a variety of elements that are designed to trick users into believing they are on a legitimate website. The most common goal is to elicit personally identifiable information, such as an email address or password. Attackers use this data to access other online accounts, launch identity theft attacks against the victim’s real identity and financial information, commit fraud

Microsoft is the second most imitated brand in phishing assaults and the first most imitated cloud brand, representing 13% of all attempted phishing attacks.

“From sporting events to holidays, to elections, current events capture the attention of users around the world. They present a prime opportunity for phishers to attack a wide pool of victims for whom the events are top of mind and are likely to respond to emails containing keywords and images associated with the event,” Vade stated.

We can anticipate attempts to steal credentials and money by leveraging the Ukraine conflict as a pretext. Countries have already discovered fraudulent websites purported to raise money for Ukraine that were actually set up to obtain funds.



Threat actors have responded quickly to the Omicron COVID-19 variant’s emergence, and it is now used as a lure in malicious email assaults. Increasing people’s worries is a great way to get them to rush to open an email without first weighing the consequences.

In this instance, the COVID-19 Omicron variety is a new variant of COVID-19 that researchers are wary of because of its high transmissibility and the potential ineffectiveness of existing vaccines against its changes.

This all makes it an ideal target for phishing, since even those who have been vaccinated are concerned about how Omicron might affect them if they get sick.

The UK’s consumer protection agency ‘Which?’ recently issued two examples of purported new phishing emails from the United Kingdom’s National Health Service (NHS) warning about the newest Omicron variant, which is being distributed by email.

These emails claim that they will provide a free Omicron PCR test to people who want to get around restrictions.

The fraudulent address used for sending these emails is ‘,’ which implies there’s no need to worry about it being a legitimate email from NHS Contact.

If the recipient clicks on the “Get it now” button or taps the URL in the email body, they are directed to a phony website that claims to provide the “COVID-19 Omicron PCR test.”

After that, they are instructed to provide their complete name, birth date, home address, mobile phone number, and email address.

Finally, they are asked to pay $1.65, which is supposed to cover the test results’ delivery fee.

As a result, the thieves run away with both the money itself and any payment information that was entrusted to them, such as e-banking credentials or credit card numbers.

During this stage, the victim is also asked to input their mother’s name, which may be utilized by actors later in an attempt to bypass security questions when taking over a new account.

What to Do If You’ve Been Scammed

Contact your bank as soon as possible and terminate any compromised cards/accounts if you believe you have submitted your information to a fraudulent website. Keep an eye on your bank accounts for any unusual activity. Examine any purchases for signs of irregular payments.

Contact Micropac if you have any cybersecurity questions. at



A hacker gang claims to be selling data on 70 million AT&T customers, including individual call records and account PIN codes. The alleged AT&T data was posted for sale on the dark web last week by an entity known as “Gnosticplayers.” An advertisement for the stolen data states that it comes in two parts—a smaller one with basic subscriber information such as customer names, addresses, e-mail addresses, account numbers, and payment information; and a bigger one that includes more detailed records of phone calls.  

AT&T confirmed to Motherboard on Friday that the data is real. “We’re aware of the situation and we’ve notified law enforcement,” an AT&T spokesperson said in a brief statement.

The account PIN codes mentioned in the advertisement refer to those used for some corporate accounts, according to Motherboard’s anonymous sources. It’s not clear what these numbers would allow attackers to do with stolen corporate accounts, but it may go beyond just hijacking calls and messages: AT&T reportedly uses them as security tokens for other services such as email and VPN access.

AT&T has been notified of the hacked data and told Motherboard it’s working on a statement, which will be added once available. For now, anyone who thinks they might have an AT&T account should read this post by security expert Brian Krebs on how to protect yourself.

While data breaches are unfortunately common, the claimed 70 million AT&T records make it one of the biggest in recent years. Earlier this year, credit reporting agency Equifax admitted that hackers stole the personal details (including names and social security numbers) on 143 million US customers—almost half of all Americans. It later revised the number up to 145.5 million people.

An advertisement for the stolen data states that it comes in two parts—a smaller one with basic subscriber information such as customer names, addresses, e-mail addresses, account numbers, and payment information; and a bigger one that includes more detailed records of phone calls.




A new vishing (voice phishing) attack is scamming victims by scaring them with fake Microsoft Defender invoices in an attempt to take over control of their computers.

The campaign was first detected by security researcher Barak Tawily, who shared his findings Thursday via a blog post and on Twitter:

“Scam alert: vishing-scammers spoofed Microsoft’s ‘Microsoft Defender’ and send voice messages pretending to be bills,” he wrote on Twitter .

Tawily said the vishing scam begins with a phone call that offers “Microsoft support.” Victims are then persuaded into opening remote desktop connections so the scammers can access their PCs. From there, malware is downloaded, meaning criminals could potentially lock down devices and demand a ransom in return for a decryption key.

Tawily said vishing scammers have been using similar tactics in recent weeks to target Chrome and Firefox users. Reports indicate that victims are receiving automated messages telling them their browsers are infected with the Dvmap malware , claiming it must be removed immediately or else data will be encrypted and held for ransom (i.e., “we will block your browser”). The messages claim that support is available via vishing, which encourages people to call numbers listed in Florida and Texas .

It’s unclear if the vishing scam described by Tawily is related to the Dvmap malware attack, but vishing continues to gain momentum as a top method of cybercrime: Earlier this year, security specialist Symantec said vishing attacks are surging in popularity among extortionists, including the infamous Business Email Compromise (BEC) vishing scam.

The latest vishing campaign discovered by Tawily uses a “voice message pretending to be a bill,” he told ZDNet via Twitter .

“It has been observed over the last few days that vishing-scammers spoofed Microsoft’s ‘Microsoft Defender’ and send voice messages pretending to be bills,” Tawily wrote in his post. “This is not an automated attack but humans doing vishing.”

Tawilyn also posted two audio samples of the vishing attack, which use Microsoft support numbers listed in Texas and New Mexico . Both recordings say visitors are subject to a $100 fee before the vishing attack will stop.

“We are very sorry, but there seems to be some kind of technical problem with your device,” the vishing message states. “To solve this issue, we’ve detected that you need troubleshooting assistance from our Microsoft support team . You can call on (866) 576-1810 x99 to fix the error.”

The vishing scam is similar in nature to another vishing campaign reported by BleepingComputer earlier today , which claims victims must pay an immediate $200 fine or risk having their social security number blocked for life. The vishing scheme uses phone numbers listed in Texas and Washington state , according to BleepingComputer’s Lawrence Abrams .

Tech support vishing scams are extremely common, and vishing attacks often use scare tactics to convince victims into giving up personal information. A vishing attack , for example, might inform users that their system is infected with ransomware; if people call the phone number listed in the vishing message, attackers will instruct them on how to pay the ransom (and pocket victims’ money).

Another vishing scam that made headlines last week told Chrome users their browsers were infected with malware and asked people to call a Google-listed phone number to receive assistance. Once called, however, criminals locked devices down so they could demand a ransom in return for a decryption key.

Technology news site BleepingComputer has published several vishing awareness guides over the past year. If you need help with cybersecurity contact MicroPac today to schedule a consultation.



Cyberattacks are on the rise. For some time, the U.S Cybersecurity and Infrastructure Security Agency (CISA) has been warning about the risks in using a VPN for personal cybersecurity purposes; they’ve now released guidance on how best to harden your virtual private network solutions so you can stay safe online!

The two agencies have created a report to help organizations defend themselves against attacks from nation-state adversaries. These are the kinds of hackers that can take advantage when you use an encrypted VPN system because they’ll be able execute code on your computer or read sensitive data without any protection whatsoever!

“Multiple nation-state advanced persistent threat (APT) actors have weaponized common vulnerabilities and exposures (CVEs) to gain access to vulnerable VPN devices,” the U.S. National Security Agency

It’s important for organizations to have a plan in place when it comes to patching known vulnerabilities. Organizations should also choose products from reputable vendors with an active history of quickly acting on patches, since we know that some attackers will exploit these holes as soon they’re found by looking at how often hackers use them themselves.

The two agencies recommend users improve VPN security and reduce their server’s attack surface by:

  1. Configuring strong cryptography and authentication

  2. Running on strictly necessary features

  3. Protecting and monitoring access to and from the VPN

With the rise of state-sponsored hackers, it is more important than ever to ensure your data stays secure and you are protecting . VPN vulnerabilities have been used recently by both financially motivated and backed assailants in an effort to penetrate networks belonging not only private companies but also defense firms all over Europe with a goal of gaining access for financial gain or geopolitical advantage on behalf their countries.

This year in April, cybersecurity company FireEye published a report about two state-backed groups who used an unknown vulnerability to compromise the Pulse Connect Secure (PCS) VPN appliance. 

The National Security Agency (NSA) has warned that Russian hackers are exploiting security flaws in certain firewalls and VPN providers. The NSA also reported this information to Congress around the same time, warning them about potential cyber attacks by these foreign agents who have been going under names like “APT29”, Cozy Bear or even just ‘The Dukes’.

Ransomware gangs are not only targeting computers and mobile devices. They’re also interested in network access, as evidenced by seven attacks on VPN solutions from Fortinet, Ivanti (Pulse), SonicWall. At least 7 operations exploiting flaws in these products have been reported since 2017- including two that successfully encrypted user data within the organization’s firewall perimeter.

If you need help with cybersecurity contact MicroPac today!