Articles about Phishing

Personnel working in IT or DevOps are more likely to click on phishing emails than those in other areas of an organization.

A new study by F-Secure looks at how over 80,000 people from different organizations responded to emails that simulated one of four commonly used phishing tactics.

Continue reading →

Adobe Creative Cloud hosts popular apps including Photoshop and Acrobat, it also aids collaboration by allowing users to share documents.

Cybersecurity researchers at Avanan have discovered that hackers are now exploiting these file-sharing services as a phishing attack vector by sending legitimate emails through a trusted sender, bypassing ATP protection via Adobe’s SaaS offering.

Continue reading →

A flaw in the comments feature of Google Docs is allowing attackers to target users with phishing emails.

Security researchers at email security company Avanan have observed what they call, "a new, massive wave of hackers" using the comment feature in Google Docs during December to launch attacks, mainly against Outlook users.

Continue reading →

Almost a quarter (22 percent) of employees globally are likely to expose their organization to the risk of cyber-attack via a successful phishing attempt according to a new study.

The study, from AI-driven cybersecurity training software company Phished, shows that of employees who open a phishing message 53 percent are likely to click a malicious link contained within it.

Continue reading →

No organization in any industry is immune to a phishing attack. As organizations reduce their office footprints and the world of work has evolved into the now normal hybrid and remote models of working, organizations are wide open to cybersecurity attacks. This hybrid model of more flexible working is likely to be on the increase, and according to CIPD, 85 percent  of employees want to split their hours between the office and home, while 40 percent  of employers cite hybrid working as their new operational model. 

Workplaces are reeling back in their employees as the pandemic eases up and over two-thirds of organizations are expected to adopt a hybrid working model, Amid the excitement of back to work, cyber vigilance may experience a lapse among users. The threat actors target chinks in an organization's security armor as new apps, devices and user touchpoints are added into the tech ecosystem, providing more surface points for attacks. This means, if you haven’t already started planning your security prevention, there is no better time to refresh security training.

Continue reading →

New research from Python software house STX Next finds that that CTOs see human error, ransomware and phishing as the biggest security threats.

The study of 500 CTOs globally shows 59 percent still see human error as the main security threat to their business, alongside other prominent concerns such as ransomware (49 percent) and phishing (36 percent).

Continue reading →

Phishing remains the dominant attack vector for bad actors, growing 31.5 percent over 2020 level, according to the latest quarterly trends report by PhishLabs.

Social media is now the attack target of choice, with attacks per target climbing steadily, up 82 percent year-to-date. The payment services industry continues to be the most targeted, but staffing and recruiting experienced the steepest increase in attacks compared to Q2.

Continue reading →

According to a new report 59 percent of all workers are using corporate email for personal use, but Gen Zs are the biggest offenders at 93 percent.

The study from SailPoint also finds that Gen Z (77 percent) and Millennials (55 percent) are using corporate emails for their social media logins, compared to just 15 percent of Gen X and seven percent of Boomers.

Continue reading →

Energy organizations provide infrastructure that's essential for the safety and well being of society, but recent events like the Colonial Pipeline breach demonstrate that the industry is particularly vulnerable to cyberattacks.

A new report on energy industry threats finds that 20 percent of energy employees have been exposed to a mobile phishing attack in the first half of 2021, a 161 percent increase from the second half of 2020.

Continue reading →

Despite the rising popularity of other communication and collaboration methods like Zoom and Teams, email remains at the core of business correspondence. However, it also remains a popular vehicle for delivering cyberattacks and other unwelcome material.

Secure email company Avanan has produced an infographic looking at email safety.

Continue reading →

Most web traffic is now associated with users who are mobile, so it's no surprise that hackers are using this to their advantage by crafting attacks specific to mobile platforms.

Clearly this is paying off with as many as one in 10 users clicking on mobile phishing messages according to Apple enterprise management company Jamf's latest Phishing Trends report based on information, statistics and analysis of 500,000 protected devices across 90 countries.

Continue reading →

A new report from NTT Application Security shows that last year the education sector saw 408 publicly-disclosed school incidents, including student and staff data breaches, ransomware and other malware outbreaks, phishing attacks and other social engineering scams, plus a wide variety of other incidents.

This is 18 percent more incidents than were publicly-disclosed during the previous calendar year and equates to more than two incidents a day. The sector also has lower remediation rates and a higher than average time to fix.

Continue reading →

Although people are sometimes seen as a weak link in information security, a new report from F-Secure shows that a third of emails that employees report as suspicious are actually phishing.

The finding comes from an analysis of emails reported by employees from organizations around the world, using F-Secure's mail reporting plugin for Office 365, during the first half of 2021.

Continue reading →

Coverage of fraud tends to focus on the online methods such as phishing, credential stuffing, opening fake accounts and so on.

But there's another side to the problem in the form of voice fraud via 'vishing' and the use of social engineering techniques, this is made simpler by the ease with which numbers can be spoofed so a call can appear to come from a legitimate number such as your bank.

Continue reading →

The latest analysis of phishing data from the Cyren Incident and Response team shows that 88 percent of evasive threats were detected using real-time techniques like machine learning.

Of the remainder six percent were found with proprietary threat intelligence or readily matched patterns from previous attacks, and the remaining six percent were suspicious messages that required human analysis to confirm the detection.

Continue reading →