Articles about Phishing

Researchers at F-Secure have uncovered a targeted, advanced attack on a cryptocurrency organization which they have linked to the Lazarus Group, and believe is part of a global, and financially motivated, hacking campaign.

Lazarus has been linked to the now infamous WannaCry attacks of 2017. This latest report identifies the tactics, techniques, and procedures (TTPs) used during the attack, such as spearphishing via a service (in this case, using LinkedIn to send a fake job offer tailored to the recipient’s profile).

Continue reading →

Email is still the favored attack vector for cybercriminals, with recent research from GreatHorn showing that a third of IT professionals are dealing with attacks every day.

In order to bolster defences the company is launching an update to its security platform offering visibility across the entire email security stack with intelligent phishing detection and response capability.

Continue reading →

A new report from email security and cyber resilience company Mimecast, released to coincide with this year's virtual Black Hat conference, reveals that threat actors are motivated by monetary gain more than stealing data or intellectual property.

It also finds that COVID-19 continues to be a major theme in current attacks, especially in certain sectors, and that opportunistic and malware-based campaigns are being launched at volumes never seen before, with manufacturing, retail/wholesale, finance/insurance, and media and publishing being the hardest hit.

Continue reading →

The DMARC standard for email verification has been around for several years. Domain-based Message Authentication, Reporting and Conformance has the potential to rebuild trust in email communications plagued by spam and phishing.

Google's announcement this week that it's about to start piloting the display of authenticated brand logos in Gmail could mark the start of the technology's mainstream adoption.

Continue reading →

A report released today by email security firm Tessian reveals that 43 percent of US and UK employees have made mistakes resulting in cybersecurity repercussions for themselves or their company.

A quarter of employees confess to clicking on links in a phishing email at work, with distraction cited as a top reason for falling for a phishing scam by 47 percent of employees. This is closely followed by the fact that the email 'looked legitimate' (43 percent), with 41 percent saying the phishing email looked like it came from a senior executive or a well-known brand.

Continue reading →

According to a new report, 89 percent of security professionals are most concerned about phishing, web and ransomware attacks, but only 48 percent confirm that they have continuous visibility into these risk areas.

The 2020 Cybersecurity 360 Report from Balbix also shows 64 percent of organizations are only, at best, somewhat confident in their security posture, and that the lack of visibility into security is the primary concern for organizations.

Continue reading →

Despite the devastating recent outbreak of the novel coronavirus, phishing attacks continue to drag us and our businesses down. So how exactly do COVID-19 related phishing attacks work?

Cybercriminals have taken it upon themselves to wreak havoc and feed off the fears people have about the virus. Emails are being sent that ask their targets to open attachments containing information about the latest coronavirus statistics or news. Or, they claim to be from legitimate companies offering information about COVID-19.

Continue reading →

In the first quarter of 2020 phishing attacks increased by 22.5 percent compared to the end of 2019, and 13 percent of all phishing was related to COVID-19.

A new report from Positive Technologies also shows that in Q1 there were 23 very active APT groups whose attacks targeted mostly government agencies, industrial, finance, and medical institutions.

Continue reading →

With increased numbers of people working remotely, a new report reveals that cybercriminals are using email impersonation to prey on the sense of urgency of an increasingly distracted and dispersed workforce.

Email security company GreatHorn has collected data from over 640 security, IT and C-suite professionals to gain a better understanding of new threat vectors and attack strategies. It found almost half of respondents (48.7 percent) report seeing impersonations of people such as colleagues, customers or vendors.

Continue reading →

Credential theft via social engineering is a major cause of data breaches, but with a more dispersed workforce it becomes harder to guard against.

Security platform MobileIron is launching a new multi-vector mobile phishing protection solution for iOS and Android devices to help organizations defend themselves.

Continue reading →

The Cofense Phishing Defense Center (PDC) has unearthed a new phishing campaign in multiple enterprise email environments protected by Proofpoint and Microsoft that delivers .ics calendar invite attachments containing phishing links in the body.

The researchers assume that the attackers believe putting the URL inside a calendar invite would help the messages to avoid automated analysis.

Continue reading →

Email is still a favorite attack route for cyber criminals a new study reveals, 77 percent of respondents say they have or are actively rolling out a cyber resilience strategy, yet an astounding 60 percent of respondents believe it is inevitable or likely they will suffer from an email-borne attack in the coming year.

Respondents to the Mimecast survey of more than 1,000 IT decision makers cite other worries as data loss (31 percent), a decrease in employee productivity (31 percent) and business downtime (29 percent) due to a lack of cyber resilience preparedness.

Continue reading →

According to the latest study from mobile security company Lookout, the first quarter of this year saw the enterprise mobile phishing encounter rate increase by 37.1 percent globally .

This includes regional increases of 66.3 percent in North America, 25.5 percent in EMEA and 27.7 percent in the Asia Pacific region.

Continue reading →

The first quarter of this year has seen a massive growth in phishing and counterfeit pages, with around a third of them related to COVID-19.

A new report from fraud prevention company Bolster shows that it detected 854,441 confirmed phishing and counterfeit pages and four million suspicious pages, with more than a quarter of a million devoted to COVID-19.

Continue reading →

There was a time when the main tech-based worry for any business were viruses. Large companies spent thousands of dollars on antivirus software, while those that didn’t paid the price when one of their client machines became infected, crippling their infrastructure and effectively grinding the whole operation to a screeching halt. In the modern era, pretty much every computer terminal you can buy comes with some sort of virus protection, which tends to do a pretty decent job so long as the security patches are installed promptly on all machines across the business.

In addition, companies are also taking advantage of the internet. Many now have various components of their infrastructure such as workstations, servers, and web applications that are connected online. Hackers try to breach company networks by exploiting these components. Fortunately, their attempts are now easily thwarted by the use of web application firewalls (WAF) which can block malicious traffic and unauthorized requests sent to these devices.

Continue reading →