We know that phishing attacks are gaining in sophistication and are one of the most popular ways of hackers and cybercriminals gaining access to an organization's systems.

But this type of attack is notoriously difficult to guard against using technology and employee awareness is a big part of any business' defense strategy. This is underlined by a new report from awareness training company KnowBe4 which looks at the level of risk and finds that 29.6 percent of organizations are 'phish-prone'.

Continue reading →

At least 3.4 billion fake emails are sent around the world every day, according to a new report from email verification company Valimail, with the majority of suspicious emails coming from US-based sources.

The report shows that email impersonation -- accounting for 1.2 percent of all email sent in the first quarter of 2019 -- is a phishing attacker's primary weapon to gain access into an organization's network, systems, intellectual property and other sensitive assets.

Continue reading →

Despite businesses investing in next-gen technologies, phishing threats continue to become more sophisticated and effective according to a new report.

The study from intelligent phishing defense company Cofense shows how threat actors, armed with an ever-growing arsenal of tactics and techniques, continue to tweak their campaigns and enhance their capacity to deliver malware, ultimately getting more messages past perimeter controls to user inboxes.

Continue reading →

Social media phishing, primarily on Facebook and Instagram, has seen a 74.7 percent increase in the first quarter of 2019.

A new report on the current phishing landscape from predictive email defense company Vade Secure also shows that Microsoft has retained its spot as the most impersonated brand for four straight quarters, due to the potentially lucrative returns to be gained from Office 365 credentials.

Continue reading →

According to a new study analyzing more than 55 million emails, 25 percent of phishing emails bypass Office 365 security, using malicious links and attachments as the main vectors.

Other findings of the report from cloud-native security firm Avanan include that 33 percent of emails contain a link to a site hosted on WordPress and 98 percent of emails containing a crypto wallet address are phishing attacks.

Continue reading →

Payday should be a pleasurable time of the month, but thanks to a new spear phishing campaign, some employees are losing their pay checks to cybercriminals.

Email defense specialist Vade Secure uncovered the attack in which criminals initiate an email conversation with HR staff to get them to change bank details for receiving direct payroll payments.

Continue reading →

With 155 million corporate users, the highly popular Microsoft Office 365 has become a target-rich environment for sophisticated phishing attacks. On top of all the standard phishing and spear phishing threats, Office 365 presents a number of unique attack techniques for hackers looking to compromise the platform.

Microsoft is the number one phished brand for the third straight quarter -- thanks to Office 365. A multisystem platform, Office 365 combines email, file storage, collaboration, and productivity applications, including OneDrive and SharePoint. Together, they represent a honeypot of sensitive data and files that phishers are looking to exploit.

Continue reading →

Phishing is a major problem for large organizations, but while there are standards to authenticate email and prevent phishers from spoofing domains with fake emails, a majority of companies have not made full use of them.

The tech sector has moved faster than some but while they are beginning to implement protection many companies in this sector are still at an early stage with the result that 90 percent are still vulnerable to impersonation.

Continue reading →

An increasingly common -- and frankly rather annoying -- feature of many commercial websites is the little chat box that pops up in the bottom right corner and asks if you need any help.

Security researcher Michael Gillespie has revealed that an Office 365 phishing site is using this live support technique to give its page an air of legitimacy.

Continue reading →

A Nigeria-based gang of scam artists, known as Scarlet Widow, have been using romance scams to trick victims out of large amounts of cash.

Secure email company Agari has uncovered the scam which involves posting fake personas on the largest dating websites like Match, eHarmony, and OKCupid.

Continue reading →

An analysis of phishing attacks in the final quarter of 2018 reveals the majority of attacks showed an increase in target personalization, making them considerably more difficult to detect.

The study by email protection start up INKY shows 12 percent of phishing attacks in the period took the form of corporate VIP impersonations, 10 percent were sender forgery and six percent were via corporate email spoofing.

Continue reading →

If you're anything like me, you probably inwardly roll your eyes -- or laugh outright -- when you hear of someone falling for a phishing scam. Surely you'd have to be a certified idiot to be taken in by one of these, right?

You may have avoided falling victim up until now, but maybe that's been more through luck than good judgement. Or perhaps you really do think you could spot a phishing scam at a hundred paces. If you think you're up to it, why not put yourself to the test and take Google's phishing quiz?

Continue reading →

Security awareness training company KnowBe4 has put together its latest list of the most-clicked phishing subject lines.

Popular categories for phishing messages include, deliveries, passwords, company policies, vacations and IT department. Other popular keywords are, Amazon, Wells Fargo and Microsoft.

Continue reading →

Cybercriminals are increasingly recognizing that smaller businesses can be be lucrative targets as they are able to devote less resources to security.

Phishing defense specialist Cofense is launching a new Managed Security Service Provider (MSSP) program aimed at providing SMBs with human-driven solutions designed to stop active phishing attacks.

Continue reading →

It used to be easy to spot a phishing email, you just looked out for bad grammar and URLs that clearly didn't correspond to the organization being impersonated.

Recently though they've become harder to detect. According to the latest Global Threat Report from Comodo Cybersecurity, phishing really is getting better and it now represents one in every 100 emails received by enterprises.

Continue reading →