Articles about Phishing

Search engine optimization (SEO) is used to boost the ranking of websites by ensuring they offer quality content and a good user experience.

But new research from global threat intelligence firm Cybersixgill shows, perhaps not too surprisingly, that similar techniques are being exploited by threat actors to boost trust in their sites.

Continue reading →

New phishing sites are launched on a regular basis, even back in 2017 1.4 million were launching every month according to Webroot, and most of them exist for less than 24 hours.

This makes it hard for security teams to pre-empt attacks, but email and brand protection company Red Sift has come up with an answer in the launch of a new platform that proactively uncovers impersonation domains and takes them down before they can be exploited.

Continue reading →

Phishing emails that mention holidays are most likely to entice employees to click, according to security awareness training company KnowBe4.

The Q1 2022 top-clicked phishing report finds successful subjects globally include: 'HR: Change in Holiday Schedule', 'St. Patrick's Day: Employee Behavior/Company Policies', and 'Starbucks: Happy Holidays! Have a drink on us'.

Continue reading →

Credential phishing continues to be the top threat facing organizations, increasing 10 percentage points since 2020, accounting for 67 percent of all phishing emails now observed.

The latest Annual State of Phishing Report from Cofense also reveals that 52 percent of all credential phishing attempts observed by the Cofense Phishing Defense Center (PDC) were branded as Microsoft.

Continue reading →

We all make mistakes from time to time, but a cybersecurity error could cost you your job according to a new report.

The study from email security company Tessian finds almost one in four respondents (21 percent) lost their job as a result of a security mistake that compromised their company’s security -- up from 12 percent in 2020.

Continue reading →

The annual tax season is inevitably the cue for a spate of attacks impersonating official sites or popular accounting software.

In a new twist for this year researchers at email security firm Avanan have uncovered attacks spoofing fintech apps such as Stash and Public to steal credentials and give users a false sense of security that they've compiled the right tax documents.

Continue reading →

It never takes long for threat actors to jump on a bandwagon and the Ukraine conflict is the latest event to prompt a wave of cryptocurrency phishing emails.

A new report of February's attack vectors from managed detection and response company Expel shows attempts to impersonate legitimate aid organizations to exploit people's desire to support refugees and victims with donations.

Continue reading →

New research by Trustwave SpiderLabs has uncovered a phishing attack that is able to adapt itself to the user's email service in order to trick them into revealing their login credentials.

The attack acts like a chameleon, putting up a fake login page tailored for whatever email service the victim is using. So Gmail users for example will see a different page from Apple, Outlook or Yahoo! Mail users.

Continue reading →

A new report and infographic released today by Elevate Security shows that a mere three percent of a company's internal users are to blame for 92 percent of malware incidents, while just four percent are responsible for 80 percent of phishing incidents.

The research, carried out for Elevate by the Cyentia Institute, also shows 12 percent of users are responsible for 71 percent of browsing incidents with one percent triggering 200 events every week.

Continue reading →

Only 23 percent of board of directors consider ransomware to be their top priority. Yet 59 percent of organizations have fallen victim to ransomware.

A new study from email security company Egress, independently conducted by Arlington Research, polled 500 IT leaders across the US and UK. It finds 52 percent of organizations allocate less than a quarter of their security budget to anti-phishing measures, yet 84 percent were hit by phishing and 42 percent had credentials stolen.

Continue reading →

The UK's National Computer Security centre (NCSC) has recently issued new guidance on secure communications for voice and video calls and SMS in order to help protect consumers from scams.

UK telecoms regulator Ofcom has also announced a crackdown on scam phone calls using fake numbers as their volume has soared during the pandemic.

Continue reading →

The use of electronic signatures has become commonplace for many business transactions, cutting out the need for face-to-face meetings and couriering documents.

This though makes the signing process an attractive target for cybercriminals. Researchers at Armorblox have uncovered a sophisticated credential phishing attack impersonating e-signature leader DocuSign.

Continue reading →

New research from Hornetsecurity finds that 40 percent of all inbound emails pose a potential threat, including spam, phishing and advanced threats such as CEO fraud and any type of malware.

Phishing, malicious links, and ransomware are among the most popular attack tactics used by hackers with brand impersonation being especially popular.

Continue reading →

Worried about becoming a victim of cybercrime? A new study from Surfshark reveals the places where your fears are most likely to be justifed, the countries where cybercrime density -- the number of attacks per million of population -- is highest.

The UK tops the list with 3,409 victims per million internet users, almost twice as many as the US (1,724 per million). The number of victims in the UK also grew by 130 percent compared to 2019, which is the second-highest year-on-year growth worldwide after South Africa which faced the sharpest rise of 277 percent.

Continue reading →

The malware types and hacking services most discussed over the last year on dark web forums are dominated by phishing, stealers, zero-day attacks, and ransomware.

But the 2021 Year-End Data Breach Report from Risk Based Security finds discussing ransomware has been widely banned on major forums as evidenced by referring to ransomware offerings as 'crypters' or 'lockers' to avoid the post or account getting immediately banned.

Continue reading →