https://hackingpassion.com/tags/phishing/Recent content in Phishing on HackingPassion.com : root@HackingPassion.com-[~]HugoenFri, 17 Apr 2026 13:11:20 +0200https://hackingpassion.com/microsoft-365-mailbox-rules-attack/Fri, 17 Apr 2026 13:11:20 +0200https://hackingpassion.com/microsoft-365-mailbox-rules-attack/<p>Microsoft 365 mailbox rules are being weaponized as a core technique behind <strong>$2.77 billion in annual Business Email Compromise losses</strong>, and attackers are creating hidden rules that survive password resets, MFA enrollment, and session invalidation. A new Proofpoint report reveals that <strong>10% of all compromised Microsoft 365 accounts get malicious inbox rules installed within seconds of the initial breach</strong>, targeting 400+ million users worldwide by abusing built-in email functionality no security tool will ever flag as suspicious. 😏</p>https://hackingpassion.com/qr-codes-what-you-need-to-know/Mon, 06 Apr 2026 16:48:56 +0200https://hackingpassion.com/qr-codes-what-you-need-to-know/<p>Yesterday, I posted a QR code challenge on this <strong><a href="https://www.facebook.com/ethical.hack.group/" target="_blank" rel="noopener noreffer">Ethical Hacking page</a></strong>, and it has since been removed. A cipher, hidden inside a QR code, with three security questions and a prize. The comments that followed gave me a good reason to write about this, because this is a topic that deserves a proper explanation.</p> <p>The comments came in fast. &ldquo;You should never scan a random QR code.&rdquo; &ldquo;This is a trap.&rdquo; &ldquo;You failed the first part just by scanning.&rdquo; &ldquo;Hackers know better than to do this.&rdquo; And honestly, that reaction makes sense. You see a QR code on a hacking page, you do not know what is inside it, and being careful is right. But being careful does not mean refusing to engage. It means knowing how to approach it.</p>https://hackingpassion.com/fake-bsod-clickfix-dcrat-malware/Tue, 06 Jan 2026 15:39:00 +0100https://hackingpassion.com/fake-bsod-clickfix-dcrat-malware/<p>$5 buys two months of complete access to someone&rsquo;s computer. Keylogging, webcam, passwords, files. The malware is called DCRat. The delivery method: a fake Blue Screen of Death that tricks people into hacking themselves. 😱</p> <p>ClickFix attacks surged 517% in six months. Now the second most common attack vector after phishing. 8% of all blocked attacks. The campaign is called PHALT#BLYX. Securonix published their analysis January 5, 2026.</p> <p>An email arrives with subject &ldquo;Reservation Cancellation.&rdquo; Sender appears to be Booking.com. The message mentions a refund over €1,000 and urges the recipient to click and review. Booking.com has been a popular target before, with similar campaigns in 2023 and 2024.</p>