Phishing scams leveled up and we didn?t

On the other, we have Jeff Bezos and his iPhone.In case you missed it, on January 22 Guardian reported: "Amazon billionaire Jeff Bezos had his mobile phone 'hacked' in 2018 after receiving a WhatsApp message that had apparently been sent from the personal account of the crown prince of Saudi Arabia."According to the now-contested report by FTI Consulting cited by Guardian, that was in April. "The bigger groups, like the threat actor behind Emotet, have built the automation to do social engineering at the scale of millions of messages a day, and are very good are getting their relatively simple attacks (often documents with macros sent via already phished cloud email accounts) through security controls."So what, you say? Proofpoint's Kalember told us, "Compromising WordPress and other sites is unfortunately quite common, and it can be challenging for even the most experienced administrators to thoroughly clean as attackers often create layers of access." Explaining further he added, "A tremendous amount of malicious content is also hosted on cloud file storage that most networks (and users) have to trust: SharePoint and OneDrive are the biggest offenders at the moment."Every website that can be compromised — hacked into — is being used to send legitimate-looking phishing emails, using mail addresses from websites ranging from alpaca farms to law firms and universities.Yes, actual alpaca farms. From a network perspective, no one is likely to block their users going to alpaca farm websites, so it suits their purposes for command and control of their malware."Criminal organizations are compromising legit sites and using those to send legit (and despicably personal) phishing attacks — to install malware or ransomware.