Using fake social media profiles is a common technique among hackers in order to gain the confidence of targets and direct them to credential stealing sites.

For security and penetration testing teams to replicate this is time consuming as often people have profiles across multiple sites. Ethical hacking specialist Trustwave is using a new tool called Social Mapper that can correlate profiles across multiple sites and make analyzing a person's online presence easier.

Researchers at Kaspersky Lab have detected a new wave of spear phishing attacks disguised as legitimate procurement and accounting letters, that have hit more than 400 industrial organizations.

The emails have targeted approximately 800 employee PCs, mostly in Russian companies, with the goal of stealing money and confidential data from the organizations, which could then be used in new attacks.

We all like to think that we're smart enough not to fall for phishing emails, yet a surprising number of people do get caught out by them.

A new report from security awareness training company KnowBe4 looks at the most successful phishing emails in the second quarter of 2018. The results show that hackers are playing into users' commitment to security, by using clever subject lines that deal with passwords or security alerts.

Phisherfolk love to try to trick people into thinking they are a major brand in order to get them to reveal passwords or personal data.

New research from Vade Secure reveals that in the second quarter of this year Microsoft has supplanted Facebook as the most spoofed brand. The social network drops two places to third, behind perennial phishing favorite PayPal.

As the FIFA World Cup tournament enters its second week, cybercriminals are using a phishing campaign to trick fans into opening an infected attachment.

Emails identified by Check Point attempt to lure would-be victims into downloading a schedule of fixtures and a result tracker, but doing so will prove to be an own goal.

In 2016, American businesses suffered half a billion dollars a year in losses from phishing attacks with the average cost at $1.6 million each. These numbers are alarming evidence that just one click can cause significant financial and reputational damage to your brand. And since studies show that a staggering 30 percent of phishing emails get opened, it’s no wonder that they consistently rank as the top cyberattack vector.

Despite being one of the oldest cyberattacks in the book, phishing remains so popular because it’s a highly effective means of exploiting the weakest link in the cybersecurity chain: humans. To make matters worse, hackers have become much more sophisticated in their techniques: no more poorly written, typo-ridden Viagra spam emails and unclaimed heritage scams. Phishing attacks are now highly targeted, dynamic and "hypermorphic," making them increasingly difficult for both humans and machines to detect.

The number of data breaches disclosed in the first three months of this year fell to 686 compared to 1,444 breaches reported in the same period of 2017, according to a new report.

This still represents the exposure of some 1.4 billion records, although this figure too is down from 3.4 billion in the same quarter last year.

The most common infection vectors are still email phishing and drive-by downloads according to the latest threat report from AI security specialist Cylance.

The report provides a real-world glimpse into major cyber threats that affected Cylance’s customer base in 2017. Along with industry trends and analysis, and data from thousands of government entities and organizations of all sizes across 160 countries that have adopted a prevention-first approach to security.

A new report from mobile security specialist Lookout exposes the growing risk from phishing attacks on mobile devices, with an increase in the number of users clicking on URLs that bypass security controls.

The mobile phishing URL click rate has increased 85 percent year-on-year. 56 percent of Lookout users received and clicked on their mobile device a phishing URL that bypassed existing layers of phishing defense.

Employees are still falling for social engineering techniques leading them to download malicious files, click phishing links, correspond with hackers, and even share contact information for their colleagues.

Enterprise security specialist Positive Technologies imitated the actions of hackers by sending emails to employees with links to websites, password entry forms, and attachments.

Attacks such as ransomware are able to bypass legacy security solutions because organizations are neglecting to patch, update, or replace their current products according to a new report.

The study from cyber security company Webroot also shows cryptojacking gaining ground, with over 5,000 websites being compromised with JavaScript cryptocurrency miner CoinHive to mine Monero since September 2017.

More than half of phishing attacks in 2017 were aimed at getting hold of financial information according to a new report.

Kaspersky Lab's anti-phishing technologies detected more than 246 million user attempts to visit different kinds of phishing pages, with 54 percent being attempts to visit a financial-related website, compared to 47 percent in 2016.

As children, most of us learned the hard way not to touch a hot stove. The instant searing pain and the lingering bite that followed and lasted for at least a couple days is the bitter reminder that we had messed up. But ask yourself, have you touched a hot stove since?

The lesson learned here still follows us throughout our lives because learning from failure is the quickest path to growth. The first time one falls for a phishing email is no different.

The healthcare sector is a popular target for phishing attacks, yet it's failing to adopt simple measures like DMARC that could offer protection to both patients and staff.

A new report from cyber security company Agari reveals that fewer than 10 percent NHS Trusts and Boards in the UK have self-certified as using DMARC. Globally 77 percent of healthcare organizations don't have a DMARC policy.

When securing systems most people's thoughts turn to the technology of firewalls, anti-virus programs and so on. What’s often neglected is the human aspect.

Many breaches are down to poor password practices or falling for phishing emails, things which can be prevented with better education. We spoke to Stephen Burke, founder and CEO of security awareness specialist Cyber Risk Aware to get his views on how awareness training can be used to drive better behavior and make businesses more secure.