Articles about Phishing

Advanced phishing kits and info-stealing malware have accounted for a 156 percent jump in cyberattacks targeting user logins.

A new report from cybersecurity company eSentire shows attackers are increasingly opting for obtaining login credentials and session cookies via phishing or malware. This then allows them to carry out Business Email Compromise (BEC) attacks, gain access to bank accounts, or steal cryptocurrency.

Continue reading →

We all know that businesses are facing a raft of more sophisticated cyberthreats, partly driven by AI. We also know that there can be an impact beyond the financial in terms of damage to reputation and loss of customers.

A new report from cyber insurance specialist Hiscox reveals that 67 percent of organizations report increase in attacks and 34 percent of firms have compromised cybersecurity measures due to lack of expertise in managing emerging tech risks.

Continue reading →

AI-powered phishing campaigns are bypassing traditional defenses as threat actors flood inboxes with polymorphic phishing, spoofed brands, and new malware families.

New research from the Cofense Phishing Defense Center (PDC) has tracked one malicious email every 42 seconds. Many of these were part of polymorphic phishing attacks that mutate in real-time in order to bypass traditional filters.

Continue reading →

Cybercriminals are pivoting to stealthier tactics, with lower-profile credential theft spiking, while ransomware attacks on enterprises have declined.

These are among the findings of a new report from IBM X-Force which also observes an 84 percent increase in emails delivering infostealers in 2024 compared to the previous year, a method threat actors rely heavily on to scale identity attacks.

Continue reading →

A new report from AI training company Hoxhunt reveals that AI agents can successfully create more effective simulated mass phishing campaigns than elite human red teams can.

Hoxhunt has been tracking the effectiveness of AI phishing since 2023 when AI was 31 percent less effective than humans. By November 2024, AI was 10 percent less effective than humans via development of Hoxhunt's AI spear phishing agent. As of March 2025 though AI is now 24 percent more effective than human red teams.

Continue reading →

Popular cloud collaboration and file sharing platforms like Adobe, DocuSign, Dropbox, Canva, and Zoho are being misused in phishing attacks due to their widespread adoption by businesses and individuals.

Research by Cofense finds 8.8 percent of all credential phishing campaigns in 2024 used these websites. Among campaigns exploiting these online document sites 79 percent of all cases containing the domains were credential phishing attacks.

Continue reading →

With deepfakes getting more sophisticated and harder to detect both organizations and individuals are at risk of falling victim to fraud and phishing attempts.

We spoke to SURF Security CTO, Ziv Yankovitz, to learn more about the increasing threat of deepfakes and best practices that can be used to for combat attacks.

Continue reading →

New research from Menlo Security, based on analysis of more than 750,000 browser-based phishing attacks, shows a startling 140 percent increase compared to 2023, and a 130 percent increase specifically in zero-hour phishing attacks.

Microsoft, Facebook, and Netflix are the brands most commonly impersonated in browser-based phishing attempts. However, generative AI services are also increasingly impersonated with nearly 600 incidents of GenAI fraud identified, in which imposter sites used GenAI platform names to manipulate and exploit unsuspecting victims.

Continue reading →

While 86 percent of employees believe they can confidently identify phishing emails, nearly half have fallen for scams according to new research from security awareness training company KnowBe4.

The study, which surveyed professionals across the UK, USA, Germany, France, Netherlands, and South Africa, reveals a growing gap between confidence and competence in identifying cyber threats.

Continue reading →

It's that time again, as we approach the end of the tax year scammers are seeking to cash in with a raft of phishing emails, deepfake phone calls, and fake tax prep websites.

New research from McAfee shows 23 percent of Americans say they or someone they know has lost money to a tax scam and 61 percent of victims have lost more than $1,000.

Continue reading →

Third-party risk has emerged as a dominant driver of cyber insurance claims and material losses in 2024, according to new data from leading cyber risk solutions company Resilience.

Cyber insurance claims data shows that third-party risk, including ransomware and outages affecting vendors, accounted for 31 percent of all claims in 2024. Even more startling, third-party risk led to claims with incurred losses for the first time ever, making up nearly a quarter (23 percent) of incurred claims in 2024 (compared to none in 2023).

Continue reading →

As organizations increasingly rely on mobile devices for business operations, including multi-factor authentication and mobile-first applications, mobile phishing poses a severe risk to enterprise security.

New research from Zimperium's zLabs shows a surge in mobile-focused attacks, dubbed 'mishing', activity peaking in August 2024 with over 1,000 daily attack records. These attacks are specifically designed to evade desktop security measures, executing only on mobile devices.

Continue reading →

The internet was conceived to connect the world, and internationalized domain names (IDNs) have certainly helped make that vision a reality. By allowing non-ASCII characters in web addresses, they’ve been pivotal in improving both accessibility and inclusivity.

As with any technological breakthrough, cybercriminals have found a way to turn innovation into exploitation. By using Punycode, a system for encoding IDNs, attackers have been able to create their own deceptive domains to mimic trusted brands and evade traditional security defenses to fool even the most wary users.

Continue reading →

A new report from Darktrace reveals that Malware-as-a-Service (MaaS) is now responsible for 57 percent of all cyber threats to organizations, a 17 percent increase from the first half of 2024.

The use of remote access trojans (RATs) has also seen a significant increase in the latter half of last year, representing 46 percent of campaign activity identified, compared to only 12 percent in the first half.

Continue reading →

From phishing scams to business email compromise, fraud is continually evolving and cybercriminals are using increasingly refined tactics to exploit vulnerabilities. Adversary-in-the-middle (AiTM) attacks are also rapidly emerging as an advanced technique that poses pervasive physical and digital risk across industries. In fact, recent research shows a 46 percent increase in AiTM attacks compared to 2023. 

Staying ahead of these tactics is increasingly important as fraud becomes more complex. Before we delve into how to actively prevent fraud, we need to firstly explore the nature of AiTM attacks and then look at what’s fueling this increase in fraudulent activity. 

Continue reading →