Articles about Phishing

Businesses should expect to see a spike in potential cyberattacks starting with Black Friday and Cyber Monday and continuing throughout the holiday shopping season, according to a new report.

The report from predictive security specialist Carbon Black shows that global organizations encountered a 57.5 percent increase in attempted cyberattacks during the 2017 holiday shopping season.

Continue reading →

There has been an increase in the use of .com extensions in phishing emails that target financial service departments, according to a new analysis.

In October alone, anti-phishing company Cofense Intelligence analyzed 132 unique samples with the .com extension, compared to only 34 samples analyzed in the nine months before. Four different malware families were utilized.

Continue reading →

People are often the weakest link in the IT security chain and hackers are keen to exploit this with ever more sophisticated attacks.

Predictive email defense specialist Vade Secure is launching a new anti-phishing solution that helps security operations centers identify and block targeted phishing attacks.

Continue reading →

A new survey of cybersecurity decision-makers shows that most companies lack adequate safeguards against phishing threats and many don't fully understand the risks or how widespread the threat is.

The survey from phishing site detection company SlashNext reveals that 95 percent of respondents underestimate how frequently phishing is used at the start of attacks to successfully breach enterprise networks.

Continue reading →

Which subject lines make a person most likely to click a link in a phishing email? Security awareness training company KnowBe4 has analyzed data from simulated phishing tests and 'in the wild' emails to find out.

The most successful lines play on user's desire to remain secure with subjects relating to password checks the most clicked. On social media, messages about tagging or new profile views are most likely to be clicked.

Continue reading →

Security awareness training company KnowBe4 is launching a new version of its platform using artificial intelligence to identify evolving risks.

It includes a Virtual Risk Officer that helps security or IT professionals identify risks at the user, group or organizational level, resulting in better decision making for their security awareness plans.

Continue reading →

A new report from risk rating organization SecurityScorecard finds that the retail industry is the second lowest performer in terms of application security.

SecurityScorecard continually monitors more than 200,000 businesses across the world and the report compares the average grade of the retail industry to other vertical markets.

Continue reading →

A survey of more than 400 full-time employees in the US shows that, despite having a general understanding of security risks, people still tend towards unsafe behavior.

The study by Spanning Cloud Apps finds many are under-prepared for the increasing sophistication and instance of ransomware and phishing attacks. More than half (55 percent) admit to clicking links they don't recognize, 59 percent say they would allow a colleague to use their work computer and 34 percent are unable to identify an insecure eCommerce site.

Continue reading →

According to a new FBI report, businesses lost more than $676 million as a result of email fraud in 2017 -- up 88 percent from the year before. Clearly, businesses are losing the war against email scammers, as phishing attacks have become increasingly sophisticated and widespread.

Phishing is a method of social engineering (i.e. deception) used to gain access to a social media account, bank account or another protected resource. Hackers typically use an email or text message to trick the user into providing login information. Once the user reveals a username and password, the attacker will hijack the account. The outcome can be as devastating as a fully drained bank account. Frankly, all individuals and businesses should take phishing seriously.

Continue reading →

New figures from Kaspersky Lab show that more than a third (35.7 percent) of phishing attempts in the second quarter of 2018 attempts were related to financial services via fraudulent banking or payment pages.

The IT sector was second hardest hit, with 13.83 percent of attacks targeting technology companies, a 12.28 percent increase compared to Q1.

Continue reading →

Using fake social media profiles is a common technique among hackers in order to gain the confidence of targets and direct them to credential stealing sites.

For security and penetration testing teams to replicate this is time consuming as often people have profiles across multiple sites. Ethical hacking specialist Trustwave is using a new tool called Social Mapper that can correlate profiles across multiple sites and make analyzing a person's online presence easier.

Continue reading →

Researchers at Kaspersky Lab have detected a new wave of spear phishing attacks disguised as legitimate procurement and accounting letters, that have hit more than 400 industrial organizations.

The emails have targeted approximately 800 employee PCs, mostly in Russian companies, with the goal of stealing money and confidential data from the organizations, which could then be used in new attacks.

Continue reading →

We all like to think that we're smart enough not to fall for phishing emails, yet a surprising number of people do get caught out by them.

A new report from security awareness training company KnowBe4 looks at the most successful phishing emails in the second quarter of 2018. The results show that hackers are playing into users' commitment to security, by using clever subject lines that deal with passwords or security alerts.

Continue reading →

Phisherfolk love to try to trick people into thinking they are a major brand in order to get them to reveal passwords or personal data.

New research from Vade Secure reveals that in the second quarter of this year Microsoft has supplanted Facebook as the most spoofed brand. The social network drops two places to third, behind perennial phishing favorite PayPal.

Continue reading →

As the FIFA World Cup tournament enters its second week, cybercriminals are using a phishing campaign to trick fans into opening an infected attachment.

Emails identified by Check Point attempt to lure would-be victims into downloading a schedule of fixtures and a result tracker, but doing so will prove to be an own goal.

Continue reading →