Articles about Phishing

A new study of over 1,000 US parents with children at home between the ages of two and 20 finds that 35 percent of families have experienced a phishing scam via text, email or chat, and 25 percent have had a game or social media account hacked.

The report from Bitwarden finds that children as young as three to five are already using the internet, and 42 percent of parents in this age group say their child has unintentionally shared personal information. Nearly 80 percent of kids ages three to 12 have their own tablet, making device access nearly universal by early elementary school.

Continue reading →

Cybercrime has become a global epidemic, with costs soaring across sectors and borders. But who’s paying the price and how has that changed since the turn of the century?

Researchers from vpnMentor have analyzed 25 years of FBI Internet Crime Complaint Center (IC3) data along with a review of major global incidents to discover the cost of cybercrime and how it’s evolving.

Continue reading →

A new survey reveals that 44 percent of all participants admit to having interacted with a phishing message in the last year. Gen Z stands out as the most susceptible demographic, with 62 percent reporting engagement with a phishing scam in the past year, significantly higher than other age groups.

Commissioned by Yubico and conducted by Talker Research, the survey gathered insights from 18,000 employed adults across nine countries including Australia, France, Germany, India, Japan, Singapore, Sweden, the UK and the US. It explored individuals’ cybersecurity habits in both their workplace and personal lives.

Continue reading →

Phishing has overtaken all other vectors as the leading entry point for ransomware, cited by 35 percent of affected organizations, up sharply from 25 percent in 2024.

This is one of the findings of a new report from SpyCloud which also shows that 85 percent of organizations were affected by ransomware at least once in the past year, with nearly a third (31 percent) reporting six to 10 ransomware events in the last year.

Continue reading →

As we do more and more on our mobile devices it’s clear that the front line of cyber defense isn't the corporate server it's the employee's phone.

As AI boosts social engineering, hackers are bypassing traditional firewalls to target people directly with smishing and phishing, making every employee a critical, and often vulnerable, defender against highly convincing threats.

Continue reading →

We tend to think of cybersecurity as being a technology problem, but in fact it’s often about humans. Attackers exploit our weaknesses with social engineering, phishing and other attacks designed to trick us into giving up valuable information.

A new whitepaper released today by KnowBe4 looks at the core principles of a modern human risk management (HRM) approach and how organizations can apply the framework to strengthen security culture and drive measurable change in employee behavior.

Continue reading →

Phishing emails often feature malicious links (URLs) that lead victims to fake websites
where they are infected with harmful software or tricked into giving away personal
information.

There’s a constant battle between security tools getting better at identifying bad links and attackers trying to hide them more effectively. Barracuda has uncovered some of the latest approaches its researchers are seeing in attacks involving the advanced phishing-as-a-service (PhaaS) kit, Tycoon.

Continue reading →

Google has taken the unusual move of addressing claims about a major Gmail security issue – claims the company says are “entirely false”.

Insisting that “Gmail’s protections are strong and effective”, Google does not specify which claims it is referring to or where they stem from. What is clear, though, is that the company has been rattled by whoever has tried to bring into question the security of its email platform.

Continue reading →

New research from Fortinet’s FortiGuard Labs highlights a recently identified phishing campaign that uses carefully crafted emails to deliver malicious URLs linked to convincing phishing pages.

These pages are designed to entice recipients into downloading JavaScript files that act as droppers for UpCrypter, malware that ultimately deploys various remote access tools (RATs).

Continue reading →

Threat researchers at Barracuda have uncovered two new techniques being used by cyber attackers to help malicious QR codes evade detection in ‘quishing’ attacks.

Quishing is a form of phishing that involves the use of QR codes embedded with malicious links that, when scanned, redirect victims to fake websites designed to steal their credentials or other sensitive information.

Continue reading →

Cybercriminals increasingly favor malicious URLs over attachments, as they are easier to disguise and more likely to evade detection, according to the latest report from Proofpoint.

These links are embedded in messages, buttons, and even inside attachments like PDFs or Word documents to entice clicks that initiate credential phishing or malware downloads.

Continue reading →

Vishing (voice phishing) attacks have surged by over 1,600 percent so far this year, partly driven by a rise in AI-driven deepfake voice scams.

This is yet another way cybercriminals are seeking to impersonate those with access to company systems to disrupt organizations and hold data for ransom. We spoke to Anthony Cusimano, solutions director at Object First, to discover more about this trend and how businesses are at risk.

Continue reading →

Cybercriminals are increasingly using sophisticated identity-based attacks (phishing, social engineering, leveraging compromised credentials) to gain access as trusted users and move laterally across systems undetected.

We spoke to Cristian Rodriguez, field CTO, Americas at CrowdStrike, about the company’s recent research into these attacks and now organizations can defend against them.

Continue reading →

Imagine if hackers could give their scam websites a cloak of invisibility, showing one web page to regular people and a harmless page to security scans. Sneaky, huh?

According to new research from SlashNext that’s essentially what’s happening as cybercriminals start to leverage AI-powered cloaking services to shield phishing pages, fake stores, and malware sites from prying eyes.

Continue reading →

A new report shows that security leaders have false confidence in their capabilities and employees when it comes to mobile security. While 96 percent are confident their employees can spot a phishing attempt, 58 percent have reported incidents where employees fell victim to executive impersonation scams via text message.

The study from Lookout, of more than 700 security leaders globally, underscores a critical need for organizations to rethink their cybersecurity strategies, particularly around the human-risk factors for social-engineering attacks.

Continue reading →