Articles about Phishing

As we do more and more on our mobile devices it’s clear that the front line of cyber defense isn't the corporate server it's the employee's phone.

As AI boosts social engineering, hackers are bypassing traditional firewalls to target people directly with smishing and phishing, making every employee a critical, and often vulnerable, defender against highly convincing threats.

Continue reading →

We tend to think of cybersecurity as being a technology problem, but in fact it’s often about humans. Attackers exploit our weaknesses with social engineering, phishing and other attacks designed to trick us into giving up valuable information.

A new whitepaper released today by KnowBe4 looks at the core principles of a modern human risk management (HRM) approach and how organizations can apply the framework to strengthen security culture and drive measurable change in employee behavior.

Continue reading →

Phishing emails often feature malicious links (URLs) that lead victims to fake websites
where they are infected with harmful software or tricked into giving away personal
information.

There’s a constant battle between security tools getting better at identifying bad links and attackers trying to hide them more effectively. Barracuda has uncovered some of the latest approaches its researchers are seeing in attacks involving the advanced phishing-as-a-service (PhaaS) kit, Tycoon.

Continue reading →

Google has taken the unusual move of addressing claims about a major Gmail security issue – claims the company says are “entirely false”.

Insisting that “Gmail’s protections are strong and effective”, Google does not specify which claims it is referring to or where they stem from. What is clear, though, is that the company has been rattled by whoever has tried to bring into question the security of its email platform.

Continue reading →

New research from Fortinet’s FortiGuard Labs highlights a recently identified phishing campaign that uses carefully crafted emails to deliver malicious URLs linked to convincing phishing pages.

These pages are designed to entice recipients into downloading JavaScript files that act as droppers for UpCrypter, malware that ultimately deploys various remote access tools (RATs).

Continue reading →

Threat researchers at Barracuda have uncovered two new techniques being used by cyber attackers to help malicious QR codes evade detection in ‘quishing’ attacks.

Quishing is a form of phishing that involves the use of QR codes embedded with malicious links that, when scanned, redirect victims to fake websites designed to steal their credentials or other sensitive information.

Continue reading →

Cybercriminals increasingly favor malicious URLs over attachments, as they are easier to disguise and more likely to evade detection, according to the latest report from Proofpoint.

These links are embedded in messages, buttons, and even inside attachments like PDFs or Word documents to entice clicks that initiate credential phishing or malware downloads.

Continue reading →

Vishing (voice phishing) attacks have surged by over 1,600 percent so far this year, partly driven by a rise in AI-driven deepfake voice scams.

This is yet another way cybercriminals are seeking to impersonate those with access to company systems to disrupt organizations and hold data for ransom. We spoke to Anthony Cusimano, solutions director at Object First, to discover more about this trend and how businesses are at risk.

Continue reading →

Cybercriminals are increasingly using sophisticated identity-based attacks (phishing, social engineering, leveraging compromised credentials) to gain access as trusted users and move laterally across systems undetected.

We spoke to Cristian Rodriguez, field CTO, Americas at CrowdStrike, about the company’s recent research into these attacks and now organizations can defend against them.

Continue reading →

Imagine if hackers could give their scam websites a cloak of invisibility, showing one web page to regular people and a harmless page to security scans. Sneaky, huh?

According to new research from SlashNext that’s essentially what’s happening as cybercriminals start to leverage AI-powered cloaking services to shield phishing pages, fake stores, and malware sites from prying eyes.

Continue reading →

A new report shows that security leaders have false confidence in their capabilities and employees when it comes to mobile security. While 96 percent are confident their employees can spot a phishing attempt, 58 percent have reported incidents where employees fell victim to executive impersonation scams via text message.

The study from Lookout, of more than 700 security leaders globally, underscores a critical need for organizations to rethink their cybersecurity strategies, particularly around the human-risk factors for social-engineering attacks.

Continue reading →

Advanced phishing kits and info-stealing malware have accounted for a 156 percent jump in cyberattacks targeting user logins.

A new report from cybersecurity company eSentire shows attackers are increasingly opting for obtaining login credentials and session cookies via phishing or malware. This then allows them to carry out Business Email Compromise (BEC) attacks, gain access to bank accounts, or steal cryptocurrency.

Continue reading →

We all know that businesses are facing a raft of more sophisticated cyberthreats, partly driven by AI. We also know that there can be an impact beyond the financial in terms of damage to reputation and loss of customers.

A new report from cyber insurance specialist Hiscox reveals that 67 percent of organizations report increase in attacks and 34 percent of firms have compromised cybersecurity measures due to lack of expertise in managing emerging tech risks.

Continue reading →

AI-powered phishing campaigns are bypassing traditional defenses as threat actors flood inboxes with polymorphic phishing, spoofed brands, and new malware families.

New research from the Cofense Phishing Defense Center (PDC) has tracked one malicious email every 42 seconds. Many of these were part of polymorphic phishing attacks that mutate in real-time in order to bypass traditional filters.

Continue reading →

Cybercriminals are pivoting to stealthier tactics, with lower-profile credential theft spiking, while ransomware attacks on enterprises have declined.

These are among the findings of a new report from IBM X-Force which also observes an 84 percent increase in emails delivering infostealers in 2024 compared to the previous year, a method threat actors rely heavily on to scale identity attacks.

Continue reading →