Articles about Phishing

A report released today by email security firm Tessian reveals that 43 percent of US and UK employees have made mistakes resulting in cybersecurity repercussions for themselves or their company.

A quarter of employees confess to clicking on links in a phishing email at work, with distraction cited as a top reason for falling for a phishing scam by 47 percent of employees. This is closely followed by the fact that the email 'looked legitimate' (43 percent), with 41 percent saying the phishing email looked like it came from a senior executive or a well-known brand.

Continue reading →

According to a new report, 89 percent of security professionals are most concerned about phishing, web and ransomware attacks, but only 48 percent confirm that they have continuous visibility into these risk areas.

The 2020 Cybersecurity 360 Report from Balbix also shows 64 percent of organizations are only, at best, somewhat confident in their security posture, and that the lack of visibility into security is the primary concern for organizations.

Continue reading →

Despite the devastating recent outbreak of the novel coronavirus, phishing attacks continue to drag us and our businesses down. So how exactly do COVID-19 related phishing attacks work?

Cybercriminals have taken it upon themselves to wreak havoc and feed off the fears people have about the virus. Emails are being sent that ask their targets to open attachments containing information about the latest coronavirus statistics or news. Or, they claim to be from legitimate companies offering information about COVID-19.

Continue reading →

In the first quarter of 2020 phishing attacks increased by 22.5 percent compared to the end of 2019, and 13 percent of all phishing was related to COVID-19.

A new report from Positive Technologies also shows that in Q1 there were 23 very active APT groups whose attacks targeted mostly government agencies, industrial, finance, and medical institutions.

Continue reading →

With increased numbers of people working remotely, a new report reveals that cybercriminals are using email impersonation to prey on the sense of urgency of an increasingly distracted and dispersed workforce.

Email security company GreatHorn has collected data from over 640 security, IT and C-suite professionals to gain a better understanding of new threat vectors and attack strategies. It found almost half of respondents (48.7 percent) report seeing impersonations of people such as colleagues, customers or vendors.

Continue reading →

Credential theft via social engineering is a major cause of data breaches, but with a more dispersed workforce it becomes harder to guard against.

Security platform MobileIron is launching a new multi-vector mobile phishing protection solution for iOS and Android devices to help organizations defend themselves.

Continue reading →

The Cofense Phishing Defense Center (PDC) has unearthed a new phishing campaign in multiple enterprise email environments protected by Proofpoint and Microsoft that delivers .ics calendar invite attachments containing phishing links in the body.

The researchers assume that the attackers believe putting the URL inside a calendar invite would help the messages to avoid automated analysis.

Continue reading →

Email is still a favorite attack route for cyber criminals a new study reveals, 77 percent of respondents say they have or are actively rolling out a cyber resilience strategy, yet an astounding 60 percent of respondents believe it is inevitable or likely they will suffer from an email-borne attack in the coming year.

Respondents to the Mimecast survey of more than 1,000 IT decision makers cite other worries as data loss (31 percent), a decrease in employee productivity (31 percent) and business downtime (29 percent) due to a lack of cyber resilience preparedness.

Continue reading →

According to the latest study from mobile security company Lookout, the first quarter of this year saw the enterprise mobile phishing encounter rate increase by 37.1 percent globally .

This includes regional increases of 66.3 percent in North America, 25.5 percent in EMEA and 27.7 percent in the Asia Pacific region.

Continue reading →

The first quarter of this year has seen a massive growth in phishing and counterfeit pages, with around a third of them related to COVID-19.

A new report from fraud prevention company Bolster shows that it detected 854,441 confirmed phishing and counterfeit pages and four million suspicious pages, with more than a quarter of a million devoted to COVID-19.

Continue reading →

There was a time when the main tech-based worry for any business were viruses. Large companies spent thousands of dollars on antivirus software, while those that didn’t paid the price when one of their client machines became infected, crippling their infrastructure and effectively grinding the whole operation to a screeching halt. In the modern era, pretty much every computer terminal you can buy comes with some sort of virus protection, which tends to do a pretty decent job so long as the security patches are installed promptly on all machines across the business.

In addition, companies are also taking advantage of the internet. Many now have various components of their infrastructure such as workstations, servers, and web applications that are connected online. Hackers try to breach company networks by exploiting these components. Fortunately, their attempts are now easily thwarted by the use of web application firewalls (WAF) which can block malicious traffic and unauthorized requests sent to these devices.

Continue reading →

Researchers at email protection company Armorblox have uncovered a targeted email phishing attack designed to get past Microsoft 365 security.

The attack is a variant of 'PerSwaysion', a recent spate of credential phishing attacks that utilize compromised accounts and leverage Microsoft file-sharing services to lull victims into a false sense of security.

Continue reading →

Santander, the fifth largest bank in Europe and the 16th largest in the world, has been leaking sensitive company data due to a misconfiguration on one of its websites.

Security analysts at CyberNews discovered that Santander's Belgian branch, Santander Consumer Bank, had a misconfiguration in its blog domain that allowed for its files to be indexed.

Continue reading →

The Better Business Bureau (BBB) recently issued a statement confirming that it is the busiest time of the year not only for the IRS, but also for bad actors trying to scam their way into people’s tax refunds. According to the BBB, the earlier you file your taxes, the lesser the chances of someone stealing your identity and claiming your tax returns. Unfortunately, a high percentage of everyone filing leave it for the last moment -- which will be July 15 this year -- and these are precisely the people scammers are targeting.

During tax season, many Americans wait on hefty refunds from the government. According to a survey done by NerdWallet, more than two out of five people said they prefer to overpay their taxes and get a refund. When scaled up to a national level, this means that the IRS is currently issuing refunds to staggering 80 million people. With major data leaks observed over the previous years, we’ve seen that scammers can quickly complete the puzzle of a person’s identity and get access to their cash. So, what are the top tax scams going on at the moment?

Continue reading →

Researchers at Check Point have revealed how a sophisticated cybercrime gang managed to trick three UK private equity firms to steal hundreds of thousands of pounds.

The gang, named 'The Florentine Banker,' got away with over £500,000 following a complex business email compromise (BEC) attack.

Continue reading →