Articles about Phishing

We reported last week on how ChatGPT could be used to offer hints on hacking websites. A new report released today by WithSecure highlights another potential use of AI to create harmful content.

Researchers used GPT-3 (Generative Pre-trained Transformer 3) -- language models that use machine learning to generate text -- to produce a variety of content deemed to be harmful.

Continue reading →

The cybersecurity world never stands still, with threats and the technology to combat them constantly evolving.

That makes predicting what might happen difficult, but we can still extrapolate current trends to get an indication of where things might be headed. Here are some expert predictions for cybersecurity in 2023.

Continue reading →

New research published in November revealed that the severity of inbound cyberthreats increased during holiday months.

The findings, from our Barracuda XDR team' Global Security Operations Center, suggest that cyberattackers may take advantage of IT security professionals being away from the workplace to launch more complex, higher risk attacks -- possibly in the hope that understaffed security departments are less likely to be monitoring the network for threats or equipped to deal with any crisis.

Continue reading →

The Christmas holiday period is a peak time for phisherfolk. Research from Check Point shows 17 percent of all malicious files distributed by email in November were related to orders and shipping around the Black Friday period.

This is expected to be worse still this month as attackers seek to take advantage of shipping and package notifications and more.

Continue reading →

For anyone invested in social media, copyright infringement is a big deal. Users must be able to protect their intellectual property from imposters and opportunists trying to ride their coattails. As such, most platforms invite content owners to report infringement, but this useful function has joined the long list of communication channels cybercriminals exploit.

Trustwave researchers have found criminal gangs are impersonating Instagram’s copyright report emails in phishing campaigns, angling to trick users into sharing their details.

Continue reading →

Hot on the heels of a report showing that 40 percent of business emails have unwelcome content, comes another report revealing that email is now the top way of delivering cyberattacks.

The report from Tessian shows that 94 percent of organizations experienced a spear phishing or impersonation attack, and 92 percent suffered ransomware attacks over email this year.

Continue reading →

Dropbox has revealed details of a phishing attack to which it fell victim. In the attack, a threat actor was able to steal code from the company after gathering employee credentials to GitHub repositories.

The security breach took place in the middle of last month, with GitHub notifying Dropbox of suspicious account activity on October 14. The cloud storage company says that the code that was accessed "contained some credentials -- primarily, API keys -- used by Dropbox developers" but insists that "no one's content, passwords, or payment information was accessed", and that its core apps and infrastructure were unaffected.

Continue reading →

The latest report from email security and threat detection company Vade shows the volume of phishing emails up 31 percent in the last quarter compared to Q2.

Volumes peaked in July (79.2 million), dipping in August (57.5 million), and rebounding in September (67.2 million). If this pace continues through Q4, phishing volumes in the second half of 2022 are set to exceed those reached in the first half (315 million).

Continue reading →

A new report analyzing billions of link-based URLs, attachments and natural language messages in email, mobile and browser channels over six months in 2022, finds more than 255 million phishing attacks -- a 61 percent increase compared to 2021.

The study from messaging security company SlashNext shows earlier security strategies, including secure email gateways, firewalls, and proxy servers are no longer stopping threats, as bad actors increasingly launch these attacks from trusted services and business and personal messaging apps.

Continue reading →

Digital natives aged between 18-39 are the most vulnerable age group for phishing scams, according to new data from security awareness training company SoSafe.

It finds that 18-39 year-olds have an average click rate of 29 percent on phishing emails, which drops to 19 percent among older age groups.

Continue reading →

For many organizations, Microsoft 365 has become their default service for email. But for attackers this makes it attractive as a point of compromise.

New research from cloud and email security specialist Avanan shows that the missed phishing rate for Microsoft Defender is 18.8 percent. A previous analysis in 2020 showed 10.8 percent of phishing emails reaching inboxes, so Defender's missed phishing rates have increased by 74 percent.

Continue reading →

Phishing is one of the most common methods of launching a cyberattack, yet new research from Red Sift shows that only a small percentage of publicly traded companies have fully adopted the latest email standards that could protect them and their customers.

DMARC (Domain-based Message Authentication, Reporting and Conformance) and BIMI (Brand Indicators for Message Identification) help prevent spoofing and allow businesses to display their logo on authenticated emails.

Continue reading →

Without training, 21 percent of the workforce don't not know who to go to when faced with a cybersecurity threat.

A new report from security awareness training platform KnowBe4 shows that annual security training reduces that percentage to 17 percent.

Continue reading →

After a tailing off during the pandemic, phishing is back, with more attacks spotted in the second quarter of this year than for the whole of 2021.

The latest phishing and malware report from Vade also shows that malware emails decreased 48 percent month-on-month -- down from 32.9 million in March to 17 million in April -- but rebounded 31 percent May, with 22.4 million malware-weaponized emails detected. June saw even higher malware volumes (28.9 million), a 29 percent increase from the previous month.

Continue reading →

Phishing has become a matter of grave concern for banks and financial institutions, as attacks on the industry have increased in recent years. Finance is the most impersonated industry in phishing campaigns. Some 35 percent of fake websites and emails claim to be from financial institutions, according to the American Bankers Association.

This should come as no surprise, considering the industry's role in the global economy. Given that financial organizations facilitate the flow of money it makes sense that their networks, employees, and customers are prime targets for digital fraud and theft. In response, central banks and regulators have been directing financial institutions to improve their security.

Continue reading →