Articles about Phishing

Researchers at email protection company Armorblox have uncovered a targeted email phishing attack designed to get past Microsoft 365 security.

The attack is a variant of 'PerSwaysion', a recent spate of credential phishing attacks that utilize compromised accounts and leverage Microsoft file-sharing services to lull victims into a false sense of security.

Continue reading →

Santander, the fifth largest bank in Europe and the 16th largest in the world, has been leaking sensitive company data due to a misconfiguration on one of its websites.

Security analysts at CyberNews discovered that Santander's Belgian branch, Santander Consumer Bank, had a misconfiguration in its blog domain that allowed for its files to be indexed.

Continue reading →

The Better Business Bureau (BBB) recently issued a statement confirming that it is the busiest time of the year not only for the IRS, but also for bad actors trying to scam their way into people’s tax refunds. According to the BBB, the earlier you file your taxes, the lesser the chances of someone stealing your identity and claiming your tax returns. Unfortunately, a high percentage of everyone filing leave it for the last moment -- which will be July 15 this year -- and these are precisely the people scammers are targeting.

During tax season, many Americans wait on hefty refunds from the government. According to a survey done by NerdWallet, more than two out of five people said they prefer to overpay their taxes and get a refund. When scaled up to a national level, this means that the IRS is currently issuing refunds to staggering 80 million people. With major data leaks observed over the previous years, we’ve seen that scammers can quickly complete the puzzle of a person’s identity and get access to their cash. So, what are the top tax scams going on at the moment?

Continue reading →

Researchers at Check Point have revealed how a sophisticated cybercrime gang managed to trick three UK private equity firms to steal hundreds of thousands of pounds.

The gang, named 'The Florentine Banker,' got away with over £500,000 following a complex business email compromise (BEC) attack.

Continue reading →

The need to protect remote working is exercising many organizations at the moment. Abnormal Security is launching a new Microsoft Teams Protection product to help guard the platform against social engineering attacks.

It automatically detects suspicious messages sent within a customer's Microsoft Teams environment, lowering the risk of phishing attacks infiltrating internal Teams communication channels.

Continue reading →

While many industries are struggling to continue during the lockdown, the cybercrime business is gearing up to exploit the economic stimulus and relief payments being offered around the world.

Researchers at Check Point have seen COVID-19 related cyberattacks rise to an average of 14,000 a day this month, which is six times the average number of daily attacks compared to March.

Continue reading →

A new study from Check Point Research highlights the brands which are most frequently imitated by criminals in attempts to steal individuals' personal information or payment credentials.

The Brand Phishing Report for the first quarter of this year shows Apple was the brand most frequently imitated, up from seventh place in the final quarter of 2019.

Continue reading →

It's not unusual for phishing attacks to focus their efforts on major events. The end of the tax year is always popular as are major sporting occasions. The latest lure of course is the current COVID-19 pandemic.

The problem for IT admins is how to protect against a sudden deluge of threats and spam messages while ensuring that important legitimate communications aren't accidentally blocked.

Continue reading →

With phisherfolk ever keen to cash in at the end of the tax year, a new study has analyzed the public DNS records for 200 domains likely to be impersonated for tax fraud and finds that 78 percent are not adequately protected.

The research from email security company Valimail looked at Fortune 100 businesses, US states' departments of revenue, federal tax agencies and well-known tax preparation services.

Continue reading →

The upcoming US presidential election is wrought with emotions. That makes it the perfect ruse for email scams targeting citizens, politicians, and government organizations. While election phishing is the top concern, there are a host of other scams that are making the rounds.

Your favorite politician -- or the one you’re most likely to vote for -- needs money to successfully run their campaign. Hackers are relying on our devotion not only to politicians but to our affiliated political party to lure us into a trap.

Continue reading →

Predictive email defense company Vade Secure has released a new report ranking the top 25 brands most impersonated in phishing attacks.

The report covering the final quarter of 2019 shows PayPal is the top brand impersonated by cybercriminals for the second quarter in a row, with Facebook taking the number two spot and Microsoft coming in third.

Continue reading →

Using analysis of the last three year's worth of data breach information from the UK's Information Commissioner's Office (ICO), cyber security awareness platform CybSafe has revealed that phishing breaches have jumped significantly.

In 2019, UK organizations reported more cyber security breaches to the ICO than ever before. A total of 2,376 reports were sent to the public body last year, up from 540 in 2017, and 1,854 reports in 2018.

Continue reading →

Some phishing emails are easy to spot: the spelling is bad, the spoofed email is clearly a fake, and the images are too warped to have possibly been sent by a reputable brand. If you receive one of these low-quality phishing emails, you’re lucky. Today’s phishing emails are extremely sophisticated, and if you’re not well trained to spot one, you probably won’t.

Email filters have long relied on fingerprint and reputation-based threat detection to block phishing emails. A fingerprint is essentially all the evidence a phisher leaves behind -- a signature that, once identified, will be recognized on future phishing attempts and the phishing email or webpage blocked. Examples of a fingerprint include the header, subject line, and HTML.

Continue reading →

As cybercriminals become more sophisticated, spotting phishing emails is increasingly difficult. Even if a user reports something suspicious to the IT security team it can take time to analyze it before others can be warned.

Security automation specialist LogicHub is launching its Autonomous Phishing Triage, which automatically and accurately analyzes and classifies emails with 97 percent accuracy, reducing the number of alerts requiring human analysis by 75 percent or more.

Continue reading →

We know that cybercrime is increasingly a very serious business and a new report from Akamai Technologies reveals that enterprise-based development and deployment strategies are being used to create phishing attacks.

Tools such as phishing as a service (PaaS) are being used to leverage some of the world's largest tech brands, with 42.63 percent of domains observed targeting Microsoft, PayPal, DHL, and Dropbox.

Continue reading →