Articles about Phishing

Popular cloud collaboration and file sharing platforms like Adobe, DocuSign, Dropbox, Canva, and Zoho are being misused in phishing attacks due to their widespread adoption by businesses and individuals.

Research by Cofense finds 8.8 percent of all credential phishing campaigns in 2024 used these websites. Among campaigns exploiting these online document sites 79 percent of all cases containing the domains were credential phishing attacks.

Continue reading →

With deepfakes getting more sophisticated and harder to detect both organizations and individuals are at risk of falling victim to fraud and phishing attempts.

We spoke to SURF Security CTO, Ziv Yankovitz, to learn more about the increasing threat of deepfakes and best practices that can be used to for combat attacks.

Continue reading →

New research from Menlo Security, based on analysis of more than 750,000 browser-based phishing attacks, shows a startling 140 percent increase compared to 2023, and a 130 percent increase specifically in zero-hour phishing attacks.

Microsoft, Facebook, and Netflix are the brands most commonly impersonated in browser-based phishing attempts. However, generative AI services are also increasingly impersonated with nearly 600 incidents of GenAI fraud identified, in which imposter sites used GenAI platform names to manipulate and exploit unsuspecting victims.

Continue reading →

While 86 percent of employees believe they can confidently identify phishing emails, nearly half have fallen for scams according to new research from security awareness training company KnowBe4.

The study, which surveyed professionals across the UK, USA, Germany, France, Netherlands, and South Africa, reveals a growing gap between confidence and competence in identifying cyber threats.

Continue reading →

It's that time again, as we approach the end of the tax year scammers are seeking to cash in with a raft of phishing emails, deepfake phone calls, and fake tax prep websites.

New research from McAfee shows 23 percent of Americans say they or someone they know has lost money to a tax scam and 61 percent of victims have lost more than $1,000.

Continue reading →

Third-party risk has emerged as a dominant driver of cyber insurance claims and material losses in 2024, according to new data from leading cyber risk solutions company Resilience.

Cyber insurance claims data shows that third-party risk, including ransomware and outages affecting vendors, accounted for 31 percent of all claims in 2024. Even more startling, third-party risk led to claims with incurred losses for the first time ever, making up nearly a quarter (23 percent) of incurred claims in 2024 (compared to none in 2023).

Continue reading →

As organizations increasingly rely on mobile devices for business operations, including multi-factor authentication and mobile-first applications, mobile phishing poses a severe risk to enterprise security.

New research from Zimperium's zLabs shows a surge in mobile-focused attacks, dubbed 'mishing', activity peaking in August 2024 with over 1,000 daily attack records. These attacks are specifically designed to evade desktop security measures, executing only on mobile devices.

Continue reading →

The internet was conceived to connect the world, and internationalized domain names (IDNs) have certainly helped make that vision a reality. By allowing non-ASCII characters in web addresses, they’ve been pivotal in improving both accessibility and inclusivity.

As with any technological breakthrough, cybercriminals have found a way to turn innovation into exploitation. By using Punycode, a system for encoding IDNs, attackers have been able to create their own deceptive domains to mimic trusted brands and evade traditional security defenses to fool even the most wary users.

Continue reading →

A new report from Darktrace reveals that Malware-as-a-Service (MaaS) is now responsible for 57 percent of all cyber threats to organizations, a 17 percent increase from the first half of 2024.

The use of remote access trojans (RATs) has also seen a significant increase in the latter half of last year, representing 46 percent of campaign activity identified, compared to only 12 percent in the first half.

Continue reading →

From phishing scams to business email compromise, fraud is continually evolving and cybercriminals are using increasingly refined tactics to exploit vulnerabilities. Adversary-in-the-middle (AiTM) attacks are also rapidly emerging as an advanced technique that poses pervasive physical and digital risk across industries. In fact, recent research shows a 46 percent increase in AiTM attacks compared to 2023. 

Staying ahead of these tactics is increasingly important as fraud becomes more complex. Before we delve into how to actively prevent fraud, we need to firstly explore the nature of AiTM attacks and then look at what’s fueling this increase in fraudulent activity. 

Continue reading →

The cybersecurity landscape is constantly evolving and organizations need to stay up to date if they're to adequately protect themselves.

At the end of last year, O'Reilly released its 2024 State of Security survey, which analyzes the threats that concern frontline practitioners most, the projects they're implementing to safeguard systems and infrastructure, the skills companies are hiring for, and more.

Continue reading →

Email remains a vital channel for business communications, but the availability of easy-to-use AI tools makes protecting the inbox a challenge as it's easier than ever for cybercriminals to launch sophisticated attacks.

A new report from Abnormal Security charts the rise of adversarial AI which has seen a 54 percent year-on-year rise in business email compromise attacks.

Continue reading →

The latest Phishing Trends Report from Hoxhunt -- based on a global sample size of 2.5 million email users, 50 million phishing simulations, and millions of real phishing attacks -- shows a 49 percent increase in phishing since 2021, driven partly by the rise of blackhat AI.

Among the findings are that between 0.7 percent and 4.7 percent of reported phishing attempts are written by AI. This may seem low but to put it into context numbers of AI phishing attempts were negligible six months earlier. Highly targeted, AI-enabled spear phishing attacks with multiple links in the kill chain are on the rise.

Continue reading →

A new report from LevelBlue reveals an increase in the use of Phishing-as-a-Service (PhaaS) kits, with business email compromise (BEC) remaining the most common form of
attack.

Because PhaaS kits are increasingly accessible, it's easier for threat actors to carry out advanced phishing attacks with minimal technical knowledge. According to the LevelBlue Threat Trends Report, there's a new PhaaS, known as RaccoonO365, on the block too. This kit uses methods that can intercept user credentials and multi-factor authentication (MFA) session cookies to bypass these common defensive measures.

Continue reading →

Half of businesses have reported a growth in deepfake and AI-generated fraud, alongside rising biometric spoofs and counterfeit ID fraud attempts, according to the 2025 State of Identity Fraud Report, released today by AuthenticID.

The report analyzes internal proprietary data anonymized from AuthenticID's identity verification and fraud detection technology. When paired with insights from annual fraud surveys of both fraud and technology professionals as well as consumers in North America, the report offers a comprehensive view of the fraud landscape.

Continue reading →