In 2016, American businesses suffered half a billion dollars a year in losses from phishing attacks with the average cost at $1.6 million each. These numbers are alarming evidence that just one click can cause significant financial and reputational damage to your brand. And since studies show that a staggering 30 percent of phishing emails get opened, it’s no wonder that they consistently rank as the top cyberattack vector.

Despite being one of the oldest cyberattacks in the book, phishing remains so popular because it’s a highly effective means of exploiting the weakest link in the cybersecurity chain: humans. To make matters worse, hackers have become much more sophisticated in their techniques: no more poorly written, typo-ridden Viagra spam emails and unclaimed heritage scams. Phishing attacks are now highly targeted, dynamic and "hypermorphic," making them increasingly difficult for both humans and machines to detect.

Continue reading →

The number of data breaches disclosed in the first three months of this year fell to 686 compared to 1,444 breaches reported in the same period of 2017, according to a new report.

This still represents the exposure of some 1.4 billion records, although this figure too is down from 3.4 billion in the same quarter last year.

Continue reading →

The most common infection vectors are still email phishing and drive-by downloads according to the latest threat report from AI security specialist Cylance.

The report provides a real-world glimpse into major cyber threats that affected Cylance’s customer base in 2017. Along with industry trends and analysis, and data from thousands of government entities and organizations of all sizes across 160 countries that have adopted a prevention-first approach to security.

Continue reading →

A new report from mobile security specialist Lookout exposes the growing risk from phishing attacks on mobile devices, with an increase in the number of users clicking on URLs that bypass security controls.

The mobile phishing URL click rate has increased 85 percent year-on-year. 56 percent of Lookout users received and clicked on their mobile device a phishing URL that bypassed existing layers of phishing defense.

Continue reading →

Employees are still falling for social engineering techniques leading them to download malicious files, click phishing links, correspond with hackers, and even share contact information for their colleagues.

Enterprise security specialist Positive Technologies imitated the actions of hackers by sending emails to employees with links to websites, password entry forms, and attachments.

Continue reading →

Attacks such as ransomware are able to bypass legacy security solutions because organizations are neglecting to patch, update, or replace their current products according to a new report.

The study from cyber security company Webroot also shows cryptojacking gaining ground, with over 5,000 websites being compromised with JavaScript cryptocurrency miner CoinHive to mine Monero since September 2017.

Continue reading →

More than half of phishing attacks in 2017 were aimed at getting hold of financial information according to a new report.

Kaspersky Lab's anti-phishing technologies detected more than 246 million user attempts to visit different kinds of phishing pages, with 54 percent being attempts to visit a financial-related website, compared to 47 percent in 2016.

Continue reading →

As children, most of us learned the hard way not to touch a hot stove. The instant searing pain and the lingering bite that followed and lasted for at least a couple days is the bitter reminder that we had messed up. But ask yourself, have you touched a hot stove since?

The lesson learned here still follows us throughout our lives because learning from failure is the quickest path to growth. The first time one falls for a phishing email is no different.

Continue reading →

The healthcare sector is a popular target for phishing attacks, yet it's failing to adopt simple measures like DMARC that could offer protection to both patients and staff.

A new report from cyber security company Agari reveals that fewer than 10 percent NHS Trusts and Boards in the UK have self-certified as using DMARC. Globally 77 percent of healthcare organizations don't have a DMARC policy.

Continue reading →

When securing systems most people's thoughts turn to the technology of firewalls, anti-virus programs and so on. What’s often neglected is the human aspect.

Many breaches are down to poor password practices or falling for phishing emails, things which can be prevented with better education. We spoke to Stephen Burke, founder and CEO of security awareness specialist Cyber Risk Aware to get his views on how awareness training can be used to drive better behavior and make businesses more secure.

Continue reading →

The Adwind cross-platform, malware-as-a-service Trojan has been around since 2012. Spread by phishing emails claiming to be invoices, purchase orders, and requests for quotations, it's aimed at high value targets like finance departments.

While it never completely disappeared in recent years the number of attacks did die down. However, security awareness training company KnowBe4 has noted an upsurge in Adwind emails during October of this year.

Continue reading →

The people behind phishing attacks are always looking for ways to improve their profitability. They quite often re-use material by bundling site resources into a phishing kit, uploading that kit to a server and sending a new batch of emails.

Sometimes though they get careless and leave the kits behind allowing them to be analyzed. Trusted access specialist Duo Security carried out a month-long experiment to track down these abandoned kits.

Continue reading →

As part of Cybersecurity Awareness Month, Google has announced numerous security-related updates including revamped phishing protection. Now the company has also announced what it is referring to as its "strongest security, for those who need it most."

Aimed at protecting people who are most likely to find themselves the target of attacks -- Google suggests journalists and human rights workers as examples -- the new Advanced Protection Program is being made available to anyone who wants to use it. It will protect Gmail, Google Drive and YouTube data with a variety of measures including a physical authentication key.

Continue reading →

We're in the middle of Cybersecurity Awareness Month and Google is taking part. The company has launched two updated protection tools to help keep internet users safe online.

While Google refers to "two new protections," these are really updates rather than completely new offerings. Both the Security Checkup tool and Google Safe Browsing have been updated to make them more personal, and both of them will adapt over time to protect against new threats.

Continue reading →

Phishing is still a key tool for cyber criminals as they seek to insert malware onto machines and to get hold of personal details.

Although most people are aware of the threat there are still some subject lines that are much more likely to deliver results for the phishermen than others, according to security awareness training specialist KnowBe4, which has released its Top 10 Global Phishing Email Subject Lines report for the third quarter of 2017.

Continue reading →