--- title: "US Energy Giant Hit, Website Scammers Exploit, Social Media Phishing – Cybersecurity News [August 14, 2023] | Phish Protection" description: "US Energy Giant Hit, Website Scammers Exploit, Social Media Phishing – Cybersecurity News [August 14, 2023]: Here" image: "https://phishprotection.com/og/blog/cybersecurity-updates-for-the-week-33-of-2023.png" canonical: "https://phishprotection.com/blog/cybersecurity-updates-for-the-week-33-of-2023/" --- Quick Answer Here’s the latest phishing news causing a stir around the world this week. has come to light, focusing on a prominent US energy enterprise. The attackers exploit a novel approach of employing a QR code phishing scam to infiltrate email inboxes and bypass security controls. Share [ ](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-33-of-2023%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=US%20Energy%20Giant%20Hit%2C%20Website%20Scammers%20Exploit%2C%20Social%20Media%20Phishing%20%26%238211%3B%20Cybersecurity%20News%20%5BAugust%2014%2C%202023%5D&url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-33-of-2023%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-33-of-2023%2F "Share on Facebook") [ ](https://reddit.com/submit?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-33-of-2023%2F&title=US%20Energy%20Giant%20Hit%2C%20Website%20Scammers%20Exploit%2C%20Social%20Media%20Phishing%20%26%238211%3B%20Cybersecurity%20News%20%5BAugust%2014%2C%202023%5D "Share on Reddit") [ ](mailto:?subject=US%20Energy%20Giant%20Hit%2C%20Website%20Scammers%20Exploit%2C%20Social%20Media%20Phishing%20%26%238211%3B%20Cybersecurity%20News%20%5BAugust%2014%2C%202023%5D&body=Check out this article: https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-33-of-2023%2F "Share via Email") ![Phish Protection blog post image](https://media.mailhop.org/phishprotection/images/2023/08/phishing-definition-1632.jpg) Here’s the latest phishing news causing a stir **around the world** this week. ### Top US Energy Enterprise Falls Victim to QR Code Phishing Scam An extensive phishing campaign has come to light, focusing on a prominent US energy enterprise. The attackers exploit a novel approach of employing a[QR code phishing scam](https://heimdalsecurity.com/blog/quishing/)to infiltrate email inboxes and **bypass security controls**. A substantial portion of the campaign’s 1,000 emails, approximately 29% , were directed at a significant US energy firm. Cofense, the organization that[uncovered](https://cofense.com/blog/major-energy-company-targeted-in-large-qr-code-campaign/)this scheme, noted that this deployment of QR codes on **such a large scale** is unprecedented. This incident suggests other threat actors may experiment with QR codes as a potential attack vector. Although not disclosed by Cofense, the targeted energy organization was identified as a significant US-based corporation. The phishing attack commences with an **email alerting recipients** to update their [Microsoft 365](/resources/microsoft-office-365s-phishing-protection-add-ons) account settings. Attached PNG or PDF files contain QR codes, urging the recipient to scan them for account verification, with a sense of urgency emphasized by a **2-3 day deadline**. While QR codes have been leveraged in smaller-scale phishing attempts, this campaign stands out due to its size and innovation. Organizations are advised to integrate [image recognition](https://www.mygreatlearning.com/blog/image-recognition/) tools into their [phishing protection](/) strategies to **prevent falling prey** to such scams. This enhancement can significantly bolster their defenses against phishing attacks. ### Unprotected Websites Exploited by Scammers for Phishing Page Distribution [Malicious actors](/phishing/malicious-actors-exploit-commenting-feature-in-google-docs-to-send-phishing-emails) are capitalizing on websites lacking robust security safeguards to \*\*spread \*\* **phishing** pages . Exploiting **well-known vulnerabilities**, scammers target vulnerable sites, planting fraudulent pages to harvest confidential and financial data. This stolen information is then[used](https://www.dailynewsegypt.com/2023/08/16/scammers-target-unprotected-websites-to-distribute-phishing-pages/)to siphon money from victims, often masquerading as popular services like **streaming platforms**. Kaspersky’s recent study reveals a concentration of malicious activities aimed at WordPress sites due to their established weak points . Rather than relying solely on software vulnerabilities, attackers also employ tactics like exploiting site administrators with weak passwords or leaked credentials. This **unauthorized access to control panels** enables the publication of phishing pages . As streaming services gain immense popularity, they’ve become **prime targets** for [threat actors](/phishing-awareness/threat-actors-breach-reddit-and-access-internal-documents-code-and-business-systems). Kaspersky uncovers meticulously crafted phishing pages that mimic well-known platforms like Netflix, HBO Max, Hulu, and Disney+.\_ Purchasing subscriptions exclusively from **authorized channels** would be best to stay protected from unforeseen pitfalls.\_ ### Phishing Attacks Concentrate Half of Their Efforts on Social Media Platforms Malicious actors have shifted their focus towards [social media platforms](https://keyt.com/news/santa-maria-north-county/2023/08/04/social-media-platforms-become-the-new-cyber-scammers-goldmine/), overtaking financial institutions as their prime target. These threat actors **exploit vulnerabilities** to obtain credentials, which are subsequently sold to potential attackers. While many [cyber attacks](https://www.bbc.com/news/uk-england-manchester-65855002) have historically targeted organizations for monetary gain, there’s a **rising trend** of initial access brokers solely concentrating on obtaining valid credentials. Moreover, another faction of adversaries has turned their attention solely to social media platforms. Such strategic moves allow them to compromise accounts for scams and social engineering campaigns. Recent[data](https://www.phishlabs.com/blog/phishing-sites-impersonating-social-media-jump-in-q2/)from PhishLabs reveals a startling increase of 23% in attacks on social media sites in the last quarter, making it the **most targeted sector** and accounting for roughly half of all phishing attacks during that period. Organizations must prioritize up-to-date awareness of social engineering techniques among their employees and provide consistent [phishing awareness training](/products/phishing-awareness-training) to ensure constant vigilance. By offering comprehensive training programs, businesses can empower their staff to **recognize and mitigate potential threats** effectively. ![Phishing definition](https://media.mailhop.org/phishprotection/images/2023/08/phishing-definition-1632.jpg) ### Caution! Search Results Conceal Clickbait PDF Phishing Campaign Recent research has[revealed](https://arxiv.org/pdf/2308.01273.pdf)a concerning trend in a clickbait phishing attack involving a blend of \*\*PDF-based \*\* **phishing** attacks and SEO (Search Engine Optimization) techniques. _These combined attacks pose a **significant challenge** to conventional defense mechanisms, including blocklists, ad blockers, and antivirus services like VirusTotal._ PDF-based attacks, which can take the form of **embedded websites** or email content, exploit familiar visual cues to deceive recipients into believing they’re accessing legitimate sources. [SEO attacks](https://www.techtarget.com/whatis/definition/search-poisoning#:~:text=SEO%20poisoning%2C%20also%20known%20as,up%20prominently%20in%20search%20results.), on the other hand, leverage keyword combinations to manipulate search algorithms and boost the **ranking of malicious links**. Attackers often disguise malware as solutions to common technical issues or employ “**data voids**,” which are uncommon search term combinations that lead victims to their trap. ![Prevent spear phishing](https://media.mailhop.org/phishprotection/images/2023/08/prevent-spear-phishing.jpg) Such circumstances underscore the importance of empowering individuals to **identify social engineering attempts** and the new[clickbait phishing attack](https://www.malwarebytes.com/blog/threat-intelligence/2023/06/thousands-of-malicious-google-cloud-run-instances-deployed-to-scam-facebook-users), whether they arrive via phishing emails or clickbait PDFs in search results. The study emphasizes the need for modern security awareness training, recognizing humans as the ultimate line of defense against these novel threats. ### Protect Your Organization - [Learn how phishing attacks work and how to spot them](/learn-what-is-phishing/) - [See how Phish Protection blocks threats in real time](/anti-phishing-tools/) ## Topics [ Announcements ](/tags/announcements/) ![Brad Slavin](https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg) [ Brad Slavin ](/authors/brad-slavin/) General Manager Founder and General Manager of DuoCircle. Product strategy and commercial lead across DuoCircle's 2,000+ customer base. [LinkedIn Profile →](https://www.linkedin.com/in/bradslavin) ## Protect your inbox from phishing attacks Real-time email security with 60-day free trial. No credit card required. [Start Free Trial](https://portal.duocircle.com/cart.php?a=add&pid=101&brand=phishprotection) [View Pricing](/pricing/) ## Related Articles [ Intermediate 5m Cybersecurity Updates For The Week 33 of 2022 Aug 22, 2022 ](/blog/cyber-security-news-update-week-33-2022/)[ Intermediate 6m Cybersecurity Updates For The Week 41 of 2022 Oct 21, 2022 ](/blog/cybersecurity-news-21-oct-2022/)[ Intermediate 5m Cybersecurity Updates For The Week 1 of 2021 Jan 1, 2021 ](/blog/cybersecurity-updates-for-the-week-1-of-2021/)[ Intermediate 6m Cybersecurity Updates For The Week 1 of 2022 Jan 7, 2022 ](/blog/cybersecurity-updates-for-the-week-1-of-2022/) ```json {"@context":"https://schema.org","@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]} ``` ```json {"@context":"https://schema.org","@type":"WebSite","name":"Phish Protection","url":"https://phishprotection.com","description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}} ``` ```json {"@context":"https://schema.org","@type":"BlogPosting","headline":"US Energy Giant Hit, Website Scammers Exploit, Social Media Phishing – Cybersecurity News [August 14, 2023]","description":"US Energy Giant Hit, Website Scammers Exploit, Social Media Phishing – Cybersecurity News [August 14, 2023]: Here's the latest phishing news causing a.","url":"https://phishprotection.com/blog/cybersecurity-updates-for-the-week-33-of-2023/","datePublished":"2023-08-22T11:15:06.000Z","dateModified":"2026-04-17T15:43:10.000Z","dateCreated":"2023-08-22T11:15:06.000Z","author":{"@type":"Person","@id":"https://phishprotection.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://phishprotection.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin is the founder and General Manager of DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. He founded DuoCircle in 2014 and has led the company's growth to 2,000+ customers across its email security product family. Brad's focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://phishprotection.com/blog/cybersecurity-updates-for-the-week-33-of-2023/"},"articleSection":"intermediate","keywords":"Announcements","wordCount":765,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/phishprotection/images/2023/08/phishing-definition-1632.jpg","caption":"Phish Protection blog post image","width":1200,"height":630},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}} ``` ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://phishprotection.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://phishprotection.com/blog/"},{"@type":"ListItem","position":3,"name":"Intermediate","item":"https://phishprotection.com/intermediate/"},{"@type":"ListItem","position":4,"name":"US Energy Giant Hit, Website Scammers Exploit, Social Media Phishing – Cybersecurity News [August 14, 2023]","item":"https://phishprotection.com/blog/cybersecurity-updates-for-the-week-33-of-2023/"}]} ```