Articles about Phishing

A new and "very aggressive" airline phishing attack was just spotted, and it's one with such a high success rate that even security experts are baffled. It was spotted by Barracuda, and it says that this new attack has a success rate of 90 percent.

The attack combines impersonation, advanced persistent threats and phishing, giving the attackers long-term stealth access to a myriad corporate networks.

Continue reading →

People like getting friend requests on social media, and hackers are using that to launch successful phishing campaigns. This is according to a new report released by phishd by MMR InfoSecurity.

After reviewing simulated attack campaigns targeting almost a million users, phishd by MMR InfoSecurity says that social media is the most effective lure to have victims clicking email links.

Continue reading →

Almost half (47.48 percent) of all phishing attacks in 2016 were aimed at stealing victim's money, and the amount of financial phishing attacks increased by 13.14 percent according to a new report.

The study by Kaspersky Lab analyzed attacks registered in 2016 by the company's heuristic detection technologies.

Continue reading →

According to a new report from security awareness training company Wombat Security, people are starting to get the message on phishing.

When asked, 'What is phishing?', 65 percent of those surveyed in the US answered correctly. Ransomware remains a bit of a mystery for many, however, 52 percent were not even able to hazard a guess in response to 'what is ransomware?'

Continue reading →

We're all looking for ways to save time and effort, so it's hardly surprising that some web browsers offer a feature that automatically fills in online forms with commonly requested personal information. While incredibly useful, the feature can also be exploited to extract data a user might not want to share with a particular website.

Chrome, Opera and Safari all offer to save and automatically fill in details such as name, address, phone number, and so on, and users are ordinarily only aware of the data which is obviously filled in on their behalf. But a web developer shows how it is possible -- and very, very easy -- to use hidden fields to secretly gather all of the information saved in an autofill profile.

Continue reading →

This is one of the many times of year that retailers have sales, coinciding neatly with the time of year when many people are feeling the pinch after splashing out on food and presents. But if you're scouring Amazon for great deals, watch out for sellers who are actually using low prices to lure you into a phishing scam.

One seller going by the name of (among others) Sc-Elegance uses "used, like new" tech products as bait, ultimately directing buyers to a fraudulent site to make payments. Security experts are warning shoppers to be on their guard.

Continue reading →

Phishing has proved to be one of the most profitable techniques for hackers. A new report from cyber security company Imperva reveals that the availability of turnkey services is making it even more effective.

Imperva researchers explored the darknet marketplace to estimate the cost of phishing campaigns and to get a clear picture of the hackers' business model. They discovered phishing-as-a-service (PhaaS) campaigns were easy to buy and low cost.

Continue reading →

However much technology you throw at protecting your organization's systems the weakest link is still the person sitting in front of the endpoint.

No surprise then that social engineering is increasingly the attacker's weapon of choice for gaining access to sensitive systems. Security rating and risk monitoring company SecurityScorecard has put together an infographic showing the five most common attacks and their impact on enterprises.

Continue reading →

We know that phishing is on the increase  and that attacks are becoming ever more sophisticated.

The Anti-Phishing Working Group (APWG) found more than 460,000 unique phishing sites in the second quarter of 2016 alone, up 61 percent over the previous quarter and almost three times the number observed in the fourth quarter of 2015.

Continue reading →

The consequences of a security breach in the healthcare sector can be severe, yet a new survey reveals that healthcare staff are among the most likely to fall victim to social engineering attacks.

The study from SecurityScorecard exposes vulnerabilities across 700 healthcare organizations including medical treatment facilities, health insurance agencies and healthcare manufacturing companies.

Continue reading →

In a rather ironic twist on traditional phishing attacks, customers of American Express are being targeted by a campaign promising them an identity theft and phishing prevention tool.

The phishing emails offer SafeKey use as bait. This is a legitimate program that Amex offers its customers as an additional layer of security to guard against ID theft and phishing.

Continue reading →

After falling victim to a phishing scam in March, Seagate is now being sued by its own employees whose sensitive data was exposed in the leak.

The company's HR department was tricked into providing the operators of the phishing scheme with the personally identifiable information (PII) of 10,000 past and current employees and W-2 forms that include their Social Security numbers along with their wage, salary and tax information.

Continue reading →

There's a reason why cyber attacks use social engineering techniques, it's because the person sitting in front of the screen is usually the weakest link in the security chain.

This is confirmed by the findings of a new report from Wombat Security Technologies which shows that in the last year, the number of organizations that reported being a victim of phishing has increased 13 percent, and 60 percent of enterprises say the rate of phishing attacks has increased overall.

Continue reading →

Phishing attacks continue to get cleverer as the people behind them refine their social engineering techniques. The latest attack uncovered by Comodo Labs targets users of the popular GoDaddy web hosting service.

The scam sends out email from what appears to be [email protected]. Within the body of the phishing email, the user is notified that their email account storage has been maxed out and that incoming emails are being rejected.

Continue reading →

Researchers at Kaspersky Lab have uncovered a new wave of targeted attacks against the industrial and engineering sectors in 30 countries around the world.

Named 'Operation Ghoul' by Kaspersky's researchers, the attacks use spear-phishing emails and malware based on a commercial spyware kit to seek out valuable business-related data stored in their victims' networks.

Continue reading →