Articles about Phishing

Employees are still falling for social engineering techniques leading them to download malicious files, click phishing links, correspond with hackers, and even share contact information for their colleagues.

Enterprise security specialist Positive Technologies imitated the actions of hackers by sending emails to employees with links to websites, password entry forms, and attachments.

Continue reading →

Attacks such as ransomware are able to bypass legacy security solutions because organizations are neglecting to patch, update, or replace their current products according to a new report.

The study from cyber security company Webroot also shows cryptojacking gaining ground, with over 5,000 websites being compromised with JavaScript cryptocurrency miner CoinHive to mine Monero since September 2017.

Continue reading →

More than half of phishing attacks in 2017 were aimed at getting hold of financial information according to a new report.

Kaspersky Lab's anti-phishing technologies detected more than 246 million user attempts to visit different kinds of phishing pages, with 54 percent being attempts to visit a financial-related website, compared to 47 percent in 2016.

Continue reading →

As children, most of us learned the hard way not to touch a hot stove. The instant searing pain and the lingering bite that followed and lasted for at least a couple days is the bitter reminder that we had messed up. But ask yourself, have you touched a hot stove since?

The lesson learned here still follows us throughout our lives because learning from failure is the quickest path to growth. The first time one falls for a phishing email is no different.

Continue reading →

The healthcare sector is a popular target for phishing attacks, yet it's failing to adopt simple measures like DMARC that could offer protection to both patients and staff.

A new report from cyber security company Agari reveals that fewer than 10 percent NHS Trusts and Boards in the UK have self-certified as using DMARC. Globally 77 percent of healthcare organizations don't have a DMARC policy.

Continue reading →

When securing systems most people's thoughts turn to the technology of firewalls, anti-virus programs and so on. What’s often neglected is the human aspect.

Many breaches are down to poor password practices or falling for phishing emails, things which can be prevented with better education. We spoke to Stephen Burke, founder and CEO of security awareness specialist Cyber Risk Aware to get his views on how awareness training can be used to drive better behavior and make businesses more secure.

Continue reading →

The Adwind cross-platform, malware-as-a-service Trojan has been around since 2012. Spread by phishing emails claiming to be invoices, purchase orders, and requests for quotations, it's aimed at high value targets like finance departments.

While it never completely disappeared in recent years the number of attacks did die down. However, security awareness training company KnowBe4 has noted an upsurge in Adwind emails during October of this year.

Continue reading →

The people behind phishing attacks are always looking for ways to improve their profitability. They quite often re-use material by bundling site resources into a phishing kit, uploading that kit to a server and sending a new batch of emails.

Sometimes though they get careless and leave the kits behind allowing them to be analyzed. Trusted access specialist Duo Security carried out a month-long experiment to track down these abandoned kits.

Continue reading →

As part of Cybersecurity Awareness Month, Google has announced numerous security-related updates including revamped phishing protection. Now the company has also announced what it is referring to as its "strongest security, for those who need it most."

Aimed at protecting people who are most likely to find themselves the target of attacks -- Google suggests journalists and human rights workers as examples -- the new Advanced Protection Program is being made available to anyone who wants to use it. It will protect Gmail, Google Drive and YouTube data with a variety of measures including a physical authentication key.

Continue reading →

We're in the middle of Cybersecurity Awareness Month and Google is taking part. The company has launched two updated protection tools to help keep internet users safe online.

While Google refers to "two new protections," these are really updates rather than completely new offerings. Both the Security Checkup tool and Google Safe Browsing have been updated to make them more personal, and both of them will adapt over time to protect against new threats.

Continue reading →

Phishing is still a key tool for cyber criminals as they seek to insert malware onto machines and to get hold of personal details.

Although most people are aware of the threat there are still some subject lines that are much more likely to deliver results for the phishermen than others, according to security awareness training specialist KnowBe4, which has released its Top 10 Global Phishing Email Subject Lines report for the third quarter of 2017.

Continue reading →

Microsoft is opening itself up to submissions from the public, making it possible for people to provide information about malicious websites. A new page on the Windows Defender Security Intelligence (WDSI) website gives anyone the opportunity to pass on details of phishing sites and other malicious pages directly to Microsoft.

The WDSI portal is described by Microsoft as being in preview, so it's possible that what you see now may change over time.

Continue reading →

In the wake of the recent breach at credit agency Equifax it's only natural that people are keeping a close eye on their bank statements and credit reports.

Of course the bad guys know this too and a new report by Barracuda Networks looks at an email attack that is impersonating a 'secure message' from financial institutions.

Continue reading →

Threat detection company RiskIQ has released the latest of its quarterly reports into threat trends, this one looking at phishing.

It finds that in the second quarter of 2017 there were 39,320 unique phishing domains, down from 45,025 back in the first quarter. However, there were 316 targeted phishing brands in Q2 -- up 15.7 percent from the 273 brands targeted in Q1.

Continue reading →

Every month, almost 1.5 million new phishing websites are created. This is according to a new report by Webroot, showing just how big of an industry phishing really is.

The Webroot Quarterly Threat Trends Report says that 1.385 million new phishing sites are created every month. May was the busiest of them all, with 2.3 million sites created.

Continue reading →