CoFense Scam News

 Cybercriminals are exploiting CapCut’s popularity by launching a phishing campaign with fake invoice lures to steal Apple ID credentials and credit card information. By imitating CapCut’s branding, attackers aim to deceive users into sharing sensitive data. This blog post delves into the mechanics of this phishing scheme, highlights the tactics used, and provides insights on how to recognize and avoid such threats.

The Cofense PDC has identified a new phishing campaign that uses a .gov domain to deceive employees into thinking they owe an unpaid toll. It creates urgency by warning of penalties or vehicle registration holds if payment isn’t made immediately. The attackers aim to exploit this urgency to steal personal information or credentials.

In Q1 2025, Cofense Intelligence identified a sophisticated phishing tactic combining long-lived domains, custom CAPTCHAs, and anti-automated analysis to bypass SEGs. This combination allows threat actors to evade detection by replacing malicious content with benign pages for scanning software and leveraging CAPTCHAs that security systems cannot easily solve.

Cofense Intelligence has identified a rise in Booking.com-spoofing phishing attacks using fake CAPTCHAs to deliver malicious scripts disguised as verification codes. These campaigns surged in March 2025, with 75% spoofing Booking.com templates.

A recent campaign identified by the Cofense PDC disguises phishing emails as invoices, linking to a Google Apps Script-hosted page to appear legitimate. This tactic exploits Google’s trusted environment, making it easier to deceive recipients into sharing sensitive information.

The Cofense PDC recently identified a phishing campaign that lures victims with a fake online course invitation. It initially spoofs the Coursera platform but ultimately redirects users to a counterfeit Meta login page to steal credentials.

Threat actors often abuse legitimate remote access tools (RATs) for malicious deployments on unsuspecting victims. These legitimate RATs are different from remote access trojans (also abbreviated as RAT) because they are software originally intended for legitimate use. 

Apple Pay is a mobile payment and digital wallet service that allows users to make payments using their Apple devices. Digital wallets are now widely embraced, and Apple Pay is considered one of the most trusted and secure platforms.

Starting in mid-2022, Cofense Intelligence detected a new technique for successfully delivering a credential phishing page to a user’s inbox: blob URIs (Uniform Resource Identifier). 

Global Manufacturing Leader Strengthens Email Security

Cofense Intelligence has seen an email campaign spoofing TAP Air Portugal, the Portuguese national airline. This specific campaign takes advantage of a headline about the April 28, 2025 nationwide power outage that occurred in Spain and Portugal. The emails were received while the power outage was ongoing.

Vishing, or “voice phishing,” continues to be a silent yet formidable cyber threat for businesses of all sizes. While traditional phishing and smishing (SMS phishing) are widely recognized, vishing often flies under the radar, leaving organizations vulnerable to devastating attacks.