A Link, Click, and a Phish Away! Using Legitimate Domains for a Multi-Step Phishing Attack

Illustrates the high-level flow a user follows to fall victim to these multi-step phishing campaigns that ultimately attempt to steal credentials.

Key points: Overview Keep Aware has observed phishing attacks that use legitimate domains to host links that eventually lead to a credential stealing web page. This article focuses on commonalities between two recent phishing attacks that require a victim to click links on multiple legitimate domains before ultimately landing on a fake login page. This […]

AI and Zero-Day Phishing: Combating The Evolving Browser-Based Security Challenges

AI and Zero-Day Phishing

With the rise of generative AI usage across industries, no one should be surprised this trend also applies to the cybercriminal industry. They, too, are integrating AI into their workflows to ultimately increase productivity. This new technological integration into cyber criminals’ and other threat actors’ operations have many IT security professionals left wondering: Before we […]

Understanding Security Support Scams: A Comprehensive Analysis

Security support scam website impersonating Apple.

Key Topics and Findings: Overview In today’s interconnected world where practically all employees use the internet, the prevalence of security support scams and other social engineering sites remains a concern. In a threat post specifically about Microsoft security scam websites, our Threat Research team discussed recent web pages impersonating Microsoft that are falsely claiming a […]

From Google Search to Microsoft Security Scam

Image of a Microsoft security scam site.

Key Findings: Overview Keep Aware’s Threat Research division identified a recent batch of fraudulent Microsoft support sites. While these scam campaigns are not novel, they persist as an online security risk for all internet users. The scam sites impersonate Microsoft, deceive the user into thinking their machine is infected, and prompt the user to call […]

Browser Notifications Hijacking via DDoS-Protection Mimicry 

Browser Notifications Hijacking Blog

Key Findings: Overview Keep Aware’s Threat Research team has identified a browser notifications hijacking campaign that impersonates a Russian-based distributed denial of service (DDoS) protection company’s challenge page. This campaign tricks the user into allowing browser notifications and subsequently bombards them with dubious notifications, masquerading as McAfee or Windows Defender alerts, falsely claiming that the […]

Addressing the Risks of Using Prompt-Based AI Tools: A Proactive Strategy

Key Takeaways: Employees are Capitalizing on Prompt-Based AI Tools There has been a trend across industries where businesses are flocking to integrate AI into their technology stack, with the ultimate goal of increasing efficiency and/or efficacy. Alongside this trend, though, employees have been integrating prompt-based AI tools, such as OpenAI’s well-known tool ChatGPT, into their […]