Articles about Phishing

Reddit has fallen victim to a security incident that has been described as a "sophisticated and highly-targeted phishing attack". Hackers targeted employees of the site a few days ago, and were able to gain access to "some internal documents, code, and some internal business systems".

The unknown attackers sent Reddit employees "plausible-sounding prompts" leading to a website that cloned the behavior of the company's intranet gateway. While able to use an employee's credentials to steal data and code, user accounts are not affected.

Continue reading →

Phishing emails usually try to trick the user into opening an attachment or visiting a website. Often this is by instilling a sense of urgency -- telling you your account is about to expire, for example.

Researchers at NordVPN have uncovered a new tactic involving email birthday cards. After all, if it's your birthday and you've opened several eCards already you're not going to think there's anything phishy about another one.

Continue reading →

Phishing volumes increased 36 percent, with 278.3M unique phishing emails in the fourth quarter of 2022, while malware volumes increased 12 percent QoQ, accounting for 58.9M emails, in the same period.

The latest Phishing and Malware Report from Vade shows the company detected 278.3 million unique phishing emails in Q4, surpassing the previous quarter’s total by 74.4 million. December saw the biggest jump in phishing emails, up 260 percent, as threat actors tried to cash in on the holiday period, this echoes a similar pattern at the end of 2021.

Continue reading →

ChatGPT is very much flavor of the month at the moment, with many companies looking to add the AI technology into their products and Google launching its own alternative, Bard.

The latest to embrace the potential is Logpoint which is launching ChatGPT integration for its Security Orchestration, Automation and Response (SOAR) product.

Continue reading →

Google is using today's Safer Internet Day to announce a number of new security and privacy initiatives.

Among these are new ways to fill out passwords easily and securely in Chrome, more privacy protection for the Google app, improvements to Google Password Manger, and an expansion of SafeSearch to protect against explicit images.

Continue reading →

Web3 platforms have surged in popularity over the years and continue to catch headlines with billion-dollar investments as well as significant downturns. According to McKinsey, despite early funding issues, adoption of Web3 applications has occurred at an exponential pace, which has led to many industry professionals questioning how safe and stable these platforms are.

Web3 platforms are designed to make content hosting more available to individuals, evade censorship, guarantee access to the published content and avoid technical problems like server management, making these platforms attractive for threat actors seeking to host malicious content.

Continue reading →

A new set of zero trust email security solutions from Cloudflare are aimed at protecting employees from multichannel phishing attacks, preventing sensitive data from being exfiltrated via email, and helping businesses speed up and simplify deployments,

Compatible with any email provider, the protection is integrated into Cloudflare's platform, helping to secure all of an organization's applications and data.

Continue reading →

We reported last week on how ChatGPT could be used to offer hints on hacking websites. A new report released today by WithSecure highlights another potential use of AI to create harmful content.

Researchers used GPT-3 (Generative Pre-trained Transformer 3) -- language models that use machine learning to generate text -- to produce a variety of content deemed to be harmful.

Continue reading →

The cybersecurity world never stands still, with threats and the technology to combat them constantly evolving.

That makes predicting what might happen difficult, but we can still extrapolate current trends to get an indication of where things might be headed. Here are some expert predictions for cybersecurity in 2023.

Continue reading →

New research published in November revealed that the severity of inbound cyberthreats increased during holiday months.

The findings, from our Barracuda XDR team' Global Security Operations Center, suggest that cyberattackers may take advantage of IT security professionals being away from the workplace to launch more complex, higher risk attacks -- possibly in the hope that understaffed security departments are less likely to be monitoring the network for threats or equipped to deal with any crisis.

Continue reading →

The Christmas holiday period is a peak time for phisherfolk. Research from Check Point shows 17 percent of all malicious files distributed by email in November were related to orders and shipping around the Black Friday period.

This is expected to be worse still this month as attackers seek to take advantage of shipping and package notifications and more.

Continue reading →

For anyone invested in social media, copyright infringement is a big deal. Users must be able to protect their intellectual property from imposters and opportunists trying to ride their coattails. As such, most platforms invite content owners to report infringement, but this useful function has joined the long list of communication channels cybercriminals exploit.

Trustwave researchers have found criminal gangs are impersonating Instagram’s copyright report emails in phishing campaigns, angling to trick users into sharing their details.

Continue reading →

Hot on the heels of a report showing that 40 percent of business emails have unwelcome content, comes another report revealing that email is now the top way of delivering cyberattacks.

The report from Tessian shows that 94 percent of organizations experienced a spear phishing or impersonation attack, and 92 percent suffered ransomware attacks over email this year.

Continue reading →

Dropbox has revealed details of a phishing attack to which it fell victim. In the attack, a threat actor was able to steal code from the company after gathering employee credentials to GitHub repositories.

The security breach took place in the middle of last month, with GitHub notifying Dropbox of suspicious account activity on October 14. The cloud storage company says that the code that was accessed "contained some credentials -- primarily, API keys -- used by Dropbox developers" but insists that "no one's content, passwords, or payment information was accessed", and that its core apps and infrastructure were unaffected.

Continue reading →

The latest report from email security and threat detection company Vade shows the volume of phishing emails up 31 percent in the last quarter compared to Q2.

Volumes peaked in July (79.2 million), dipping in August (57.5 million), and rebounding in September (67.2 million). If this pace continues through Q4, phishing volumes in the second half of 2022 are set to exceed those reached in the first half (315 million).

Continue reading →