Articles about Phishing

Phishing is one of the most common methods of launching a cyberattack, yet new research from Red Sift shows that only a small percentage of publicly traded companies have fully adopted the latest email standards that could protect them and their customers.

DMARC (Domain-based Message Authentication, Reporting and Conformance) and BIMI (Brand Indicators for Message Identification) help prevent spoofing and allow businesses to display their logo on authenticated emails.

Continue reading →

Without training, 21 percent of the workforce don't not know who to go to when faced with a cybersecurity threat.

A new report from security awareness training platform KnowBe4 shows that annual security training reduces that percentage to 17 percent.

Continue reading →

After a tailing off during the pandemic, phishing is back, with more attacks spotted in the second quarter of this year than for the whole of 2021.

The latest phishing and malware report from Vade also shows that malware emails decreased 48 percent month-on-month -- down from 32.9 million in March to 17 million in April -- but rebounded 31 percent May, with 22.4 million malware-weaponized emails detected. June saw even higher malware volumes (28.9 million), a 29 percent increase from the previous month.

Continue reading →

Phishing has become a matter of grave concern for banks and financial institutions, as attacks on the industry have increased in recent years. Finance is the most impersonated industry in phishing campaigns. Some 35 percent of fake websites and emails claim to be from financial institutions, according to the American Bankers Association.

This should come as no surprise, considering the industry's role in the global economy. Given that financial organizations facilitate the flow of money it makes sense that their networks, employees, and customers are prime targets for digital fraud and theft. In response, central banks and regulators have been directing financial institutions to improve their security.

Continue reading →

Phishing is one of the most common forms of cyberattack, fooling people into thinking they're dealing with a trusted organization in order to get them to part with credentials.

But what are the hallmarks of a phishing attack? Atlas VPN has collected some phishy statistics to find out.

Continue reading →

The latest quarterly report from NortonLifeLock's global research team, Norton Labs, looks at how cybercriminals are using social media phishing attacks to steal private information.

Based on analysis of a full year of phishing attacks on the top social media platforms, it finds plenty of fake login pages designed to trick victims into inputting their login credentials, but also a diversity and complexity of lures going far beyond that one technique.

Continue reading →

A number of high-profile cyber-attacks in 2021 thrust cybersecurity back into the spotlight. In light of the HAFNIUM hack, cybersecurity has become a major focus for many businesses. Although the hack itself was not the result of human error, it was a wake-up call for organizations to make sure they were fully protected.

The Department for DCMS' Cyber Security Breaches Survey 2021 revealed that phishing is still the most common cause of cybersecurity breaches, accounting for 83 percent of all successful attacks.

Continue reading →

Email security continues to be a top concern of organizations, with 94 percent of all cyber attacks being delivered through email. As the most frequently used communication channel across all industries -- no wonder threat actors love exploiting it!

The conventional approach to email security is failing. Our latest research found that an average of 75 malicious messages per 100 mailboxes slip past traditional email security filters every month. Consequently, organizations put employees through countless hours of security training with hopes they spot and report these threats to security operations centers. The so-called Human Firewall.

Continue reading →

Popular NFT marketplace OpenSea has started issuing emails to its users warning them of a leak of customer data.

OpenSea says that an employee of its email delivery vendor, Customer.io, abused their position to access and share email addresses with an unauthorized third party. The company has not given an indication of the number of users affected by the data breach, but has warned of an increased risk of phishing attacks. With the number of active users of OpenSea reported to be around 2 million -- and this does not include people who have just signed up for a newsletter -- the potential impact is huge.

Continue reading →

Phishing emails referencing corporate issues and delivery problem notifications are the ones most likely to induce people to click links according to new research.

Data on simulated phishing attacks from Kaspersky's Security Awareness Platform shows emails with these subjects were successful in getting people to click 16 to 18 percent of the time.

Continue reading →

New research released today from Cyren shows that business email perimeter defenses are often incapable of preventing well-crafted email attacks.

During an average month, there are 75 malicious messages per 100 mailboxes that slip past email security filters like Microsoft 365 Defender. This means that an enterprise with 5,000 mailboxes would need to detect and respond to 3,750 confirmed malicious inbox threats each month.

Continue reading →

The Facebook Messenger 'Is That You?' video phishing scam has been around since 2017, but a recent investigation into it by researchers at Cybernews has led to the discovery of what they're calling a 'cybercriminal stronghold'.

Threat actors are using this to infect the social network with thousands of malicious links each day. The research has also identified at least five suspects, thought to be residing in the Dominican Republic.

Continue reading →

New analysis by AtlasVPN of primary data from Check Point shows business social network LinkedIn was related to over 52 percent of all phishing scams globally in the first quarter of 2022.

This is the first time that a social media network has been seen in campaigns much more often than any tech giant brand name like Apple, Google and Microsoft.

Continue reading →

A new study commissioned by email security company Cyren from Osterman Research seeks to understand how businesses using Microsoft 365 for email are being impacted by email-borne security threats, such as phishing, business email compromise (BEC), and ransomware attacks.

It shows security team managers are most concerned that current email security solutions do not block serious inbound threats -- particularly ransomware. Fewer than half of organizations surveyed rank their currently deployed email security solutions as effective.

Continue reading →

Most of us don't think too much about the 'From' address field on our emails, it's filled in by your mail program or web service. At the recipient's end security tools can check this against the sending server to verify that the mail is legitimate.

But hold on a second, an SMTP relay server between the server and the inbox allows messages through even though the addresses don't match. This is how organizations send out mass mailings without them getting blocked.

Continue reading →