Articles about Phishing

Google has taken the unusual move of addressing claims about a major Gmail security issue – claims the company says are “entirely false”.

Insisting that “Gmail’s protections are strong and effective”, Google does not specify which claims it is referring to or where they stem from. What is clear, though, is that the company has been rattled by whoever has tried to bring into question the security of its email platform.

Continue reading →

New research from Fortinet’s FortiGuard Labs highlights a recently identified phishing campaign that uses carefully crafted emails to deliver malicious URLs linked to convincing phishing pages.

These pages are designed to entice recipients into downloading JavaScript files that act as droppers for UpCrypter, malware that ultimately deploys various remote access tools (RATs).

Continue reading →

Threat researchers at Barracuda have uncovered two new techniques being used by cyber attackers to help malicious QR codes evade detection in ‘quishing’ attacks.

Quishing is a form of phishing that involves the use of QR codes embedded with malicious links that, when scanned, redirect victims to fake websites designed to steal their credentials or other sensitive information.

Continue reading →

Cybercriminals increasingly favor malicious URLs over attachments, as they are easier to disguise and more likely to evade detection, according to the latest report from Proofpoint.

These links are embedded in messages, buttons, and even inside attachments like PDFs or Word documents to entice clicks that initiate credential phishing or malware downloads.

Continue reading →

Vishing (voice phishing) attacks have surged by over 1,600 percent so far this year, partly driven by a rise in AI-driven deepfake voice scams.

This is yet another way cybercriminals are seeking to impersonate those with access to company systems to disrupt organizations and hold data for ransom. We spoke to Anthony Cusimano, solutions director at Object First, to discover more about this trend and how businesses are at risk.

Continue reading →

Cybercriminals are increasingly using sophisticated identity-based attacks (phishing, social engineering, leveraging compromised credentials) to gain access as trusted users and move laterally across systems undetected.

We spoke to Cristian Rodriguez, field CTO, Americas at CrowdStrike, about the company’s recent research into these attacks and now organizations can defend against them.

Continue reading →

Imagine if hackers could give their scam websites a cloak of invisibility, showing one web page to regular people and a harmless page to security scans. Sneaky, huh?

According to new research from SlashNext that’s essentially what’s happening as cybercriminals start to leverage AI-powered cloaking services to shield phishing pages, fake stores, and malware sites from prying eyes.

Continue reading →

A new report shows that security leaders have false confidence in their capabilities and employees when it comes to mobile security. While 96 percent are confident their employees can spot a phishing attempt, 58 percent have reported incidents where employees fell victim to executive impersonation scams via text message.

The study from Lookout, of more than 700 security leaders globally, underscores a critical need for organizations to rethink their cybersecurity strategies, particularly around the human-risk factors for social-engineering attacks.

Continue reading →

Advanced phishing kits and info-stealing malware have accounted for a 156 percent jump in cyberattacks targeting user logins.

A new report from cybersecurity company eSentire shows attackers are increasingly opting for obtaining login credentials and session cookies via phishing or malware. This then allows them to carry out Business Email Compromise (BEC) attacks, gain access to bank accounts, or steal cryptocurrency.

Continue reading →

We all know that businesses are facing a raft of more sophisticated cyberthreats, partly driven by AI. We also know that there can be an impact beyond the financial in terms of damage to reputation and loss of customers.

A new report from cyber insurance specialist Hiscox reveals that 67 percent of organizations report increase in attacks and 34 percent of firms have compromised cybersecurity measures due to lack of expertise in managing emerging tech risks.

Continue reading →

AI-powered phishing campaigns are bypassing traditional defenses as threat actors flood inboxes with polymorphic phishing, spoofed brands, and new malware families.

New research from the Cofense Phishing Defense Center (PDC) has tracked one malicious email every 42 seconds. Many of these were part of polymorphic phishing attacks that mutate in real-time in order to bypass traditional filters.

Continue reading →

Cybercriminals are pivoting to stealthier tactics, with lower-profile credential theft spiking, while ransomware attacks on enterprises have declined.

These are among the findings of a new report from IBM X-Force which also observes an 84 percent increase in emails delivering infostealers in 2024 compared to the previous year, a method threat actors rely heavily on to scale identity attacks.

Continue reading →

A new report from AI training company Hoxhunt reveals that AI agents can successfully create more effective simulated mass phishing campaigns than elite human red teams can.

Hoxhunt has been tracking the effectiveness of AI phishing since 2023 when AI was 31 percent less effective than humans. By November 2024, AI was 10 percent less effective than humans via development of Hoxhunt's AI spear phishing agent. As of March 2025 though AI is now 24 percent more effective than human red teams.

Continue reading →

Popular cloud collaboration and file sharing platforms like Adobe, DocuSign, Dropbox, Canva, and Zoho are being misused in phishing attacks due to their widespread adoption by businesses and individuals.

Research by Cofense finds 8.8 percent of all credential phishing campaigns in 2024 used these websites. Among campaigns exploiting these online document sites 79 percent of all cases containing the domains were credential phishing attacks.

Continue reading →

With deepfakes getting more sophisticated and harder to detect both organizations and individuals are at risk of falling victim to fraud and phishing attempts.

We spoke to SURF Security CTO, Ziv Yankovitz, to learn more about the increasing threat of deepfakes and best practices that can be used to for combat attacks.

Continue reading →