Articles about Phishing

Despite training and other efforts to combat the problem, phishing is still proving a remarkably effective tactic for cyber criminals according to a new report.

The study by cloud business applications company Intermedia shows that while 70 percent of office workers say that their organization regularly communicates with employees about cyber threats as a means of prevention, there are significant gaps between confidence and effectiveness.

Continue reading →

With over 100 million monthly subscribers, it's not surprising that Office 365 is a popular target when it comes to attempting to steal credentials.

A new report from Barracuda Networks looks at how phishers are sending out authentic-looking emails purporting to be from Microsoft asking users to reactivate their accounts.

Continue reading →

Both users and their endpoint devices are the primary target for cyber criminals with phishing being the most prevalent threat according to a new report.

The study from research and education specialist the SANS Institute finds security professionals rate phishing at 72 percent, spyware at 50 percent, ransomware at 49 percent, and Trojans at 47 percent as being the top threats today.

Continue reading →

Buying a house is the biggest purchase most people make, with large amounts of money involved it’s not surprising that these transactions are attractive to cyber criminals.

Security specialist Barracuda Networks has released an analysis of a recent mortgage spear phishing attempt where an attacker attempted to divert a payment.

Continue reading →

Email phishing scams continue to strike a huge number of businesses, in spite of much more improved cyber-security policies, new research has revealed.

The latest Email Security Risk Assessment from Mimecast discovered that ambitious hackers are also increasingly targeting C-level executives and impersonating those in senior leadership positions in order to trick employees into transferring money or valuable IP data. The report found that there had been a 400 percent rise in so-called impersonation attacks in just the last three months of the year.

Continue reading →

Google has updated Gmail with a number of new security features aimed at businesses that require better protection against malware and phishing scams.

The company announced today that it is bringing early phishing detection to its email service by using machine learning along with click-time warnings for malicious links found in emails as well as unintended external reply warnings.

Continue reading →

The UK's ActionFraud cyber crime reporting center is warning customers of BT’s internet services of a phishing scam claiming to protect against WannaCry-style attacks.

The emails claim that BT has launched preventative measures to protect data on an international scale and try to get recipients to click on a link to a 'security upgrade'.

Continue reading →

E-signature and security firm DocuSign has confirmed a data breach in which attackers gained access to a database containing customer email addresses. The company says that no other data was revealed in the security breach, but it led to a large phishing campaign.

Attackers used the stolen email addresses to spam people with emails containing an infected Microsoft Word document. The company insists that its core service remains secure, but coming in the wake of the WannaCry ransomware attack, people around the world are on high alert.

Continue reading →

The Sednit group believed to have been involved in interference with the French election was also responsible for a phishing attack that used President Trump to lure in victims. Security firm ESET analyzed a phishing email with an attachment named Trump's_Attack_on_Syria_English.docx and found that it had the hallmarks of the well-known group.

The document was engineered to infect victims' computers with the Seduploader tool, and it did this by exploiting two vulnerabilities, one in Microsoft Word, and one in Windows. Sednit -- previously known as APT28, Fancy Bear, and Sofacy -- took advantage of a recently discovered Remote Code Execution vulnerability in Word (CVE-2017-0262) as well as a security hole in Windows (CVE-2017-0263) in executing the attack.

Continue reading →

Gmail users will now be protected from phishing attacks on their Android phones thanks to a new update from Google. The company is rolling out a new security feature similar to that found in the web version of Gmail, warning people when an email contains a suspicious link.

For now, the update is only rolling out to Android users, and Google has not indicated whether it will make its way to iOS in due course or not. The update comes just shortly after a phishing scam emerged in which recipients were encouraged to click on a link to open files purporting to be stored on Google Docs.

Continue reading →

Part of the art of making a phishing attack successful is having a domain name that looks sufficiently similar to a legitimate one not to arouse suspicion in the target.

Research by threat intelligence specialist DomainTools has uncovered over 300 registered domains using the names of five of the UK's top high street banks.

Continue reading →

A new and "very aggressive" airline phishing attack was just spotted, and it's one with such a high success rate that even security experts are baffled. It was spotted by Barracuda, and it says that this new attack has a success rate of 90 percent.

The attack combines impersonation, advanced persistent threats and phishing, giving the attackers long-term stealth access to a myriad corporate networks.

Continue reading →

People like getting friend requests on social media, and hackers are using that to launch successful phishing campaigns. This is according to a new report released by phishd by MMR InfoSecurity.

After reviewing simulated attack campaigns targeting almost a million users, phishd by MMR InfoSecurity says that social media is the most effective lure to have victims clicking email links.

Continue reading →

Almost half (47.48 percent) of all phishing attacks in 2016 were aimed at stealing victim's money, and the amount of financial phishing attacks increased by 13.14 percent according to a new report.

The study by Kaspersky Lab analyzed attacks registered in 2016 by the company's heuristic detection technologies.

Continue reading →

According to a new report from security awareness training company Wombat Security, people are starting to get the message on phishing.

When asked, 'What is phishing?', 65 percent of those surveyed in the US answered correctly. Ransomware remains a bit of a mystery for many, however, 52 percent were not even able to hazard a guess in response to 'what is ransomware?'

Continue reading →