Articles about Phishing

Phishing is one of the major security threats that enterprises now face, but according to new research from Duo Security users are putting 31 percent of organizations at risk of a data breach due to phishing attacks.

Based on feedback from the Duo Insight phishing simulation tool, the company finds that 31 percent of users clicked the link in a phishing email and worse still 17 percent entered their username and password, giving an attacker in a real-world scenario the keys to corporate data.

Continue reading →

Phishing attacks are on the increase and are becoming increasingly sophisticated. This means that older technologies such as blacklisting known phishing sites are struggling to keep up with the threat. The Anti Phishing Working Group detected a 250 percent jump in phishing sites between October 2015 and March 2016.

Fraud protection company Easy Solutions is helping to combat the problem with the public beta launch of its Swordphish predictive phishing and malware risk assessment technology.

Continue reading →

The most common way for malware to get onto a PC is via files downloaded from the web. According to Exploits at the Endpoint: SANS 2016 Threat Landscape Study, 41 percent of people suffered their worst security events from drive by downloads and 80 percent suffered phishing attacks.

Threat protection specialist CheckPoint is launching a new anti-malware and anti-phishing extension for web browsers to address this growth in web-based malware and social engineering attacks.

Continue reading →

Slack is the largest enterprise chat platform in the world with more than 2.7 million daily active users who spend an average of 140 minutes per day using it.

Not surprising then that alert attackers see it as an opportunity to expand their social engineering campaigns. The fact than many people use Slack without the IT team's knowledge creates a further security issue.

Continue reading →

Email is often cited as the technology that made the internet essential for businesses. You would have thought by now that something else would have come along to replace it in our affections, but the popularity of email shows no sign of waning.

A new infographic from email authentication company ValiMail shows that 98.5 percent of people check their email daily and spend as much as six hours doing so.

Continue reading →

Protecting against data breaches is always better than dealing with their aftermath. And since phishing is still one of the most popular attack methods businesses and employees need to be alert to the risks.

Authentication specialist Duo Security is launching a new, free tool to let IT teams run internal phishing simulations and assess their vulnerability to such attacks.

Continue reading →

Out of 300 IT professionals attending the Infosecurity Europe conference, almost half (49 percent) believe their CEO has fallen victim to a targeted phishing attack.

The results have been published in a new paper by unified security management and crowd-sourced threat intelligence company, AlienVault.

Continue reading →

Microsoft has changed the way it displays malware warnings in its search engine Bing to help users distinguish between the various forms of attacks that can appear in its searches.

The company has decided to replace its generic warning for websites that could be potentially dangerous for users, and instead offer separate warnings for sites that are known to contain malware and phishing sites.

Continue reading →

Hotels represent rich pickings for cyber criminals. There's the potential to steal information from large numbers of customers with consequent financial gains.

Researchers at Panda Security have issued a report showing the major attacks targeted against hotel chains in 2015.

Continue reading →

As the April 18 deadline for submitting individual and company tax returns in the US approaches, many people will be rushing to submit their information and this makes it a major opportunity for cyber criminals.

The run up to the deadline is likely to see millions of phishing emails sent to consumers and businesses. These will be trying to grab social security numbers, paycheck stubs, bank accounts, passwords, IDs and other key pieces of personal and professional information, using fake web sites and fraudulent emails that masquerade as official government collection agencies.

Continue reading →

Victims of online fraud are to blame for their misfortune and should not be rewarded with a refund for money they lose. This is the view of UK Metropolitan police commissioner Sir Bernard Hogan-Howe who says that banks should not pay money lost to online fraud as the victims have not taken their security seriously.

Rather than offering refunds to customers, banks should instead be encouraging them to use stronger password, keep antivirus software up to date, and generally be more careful. It's a view that’s certainly going to prove controversial and raises the question of whether the carrot or the stick is the best approach to tackling online fraud.

Continue reading →

Companies seem to get compromised on a regular basis and, for the most part, it's security holes in their systems. But user error can also be blamed in some cases -- an errant click on an email attachment can unleash all matter of headaches for an IT department.

Such seems to be the case now with Seagate as reports are emerging of a loss of employee data that came via a phishing scam.

Continue reading →

Signature-based security could be virtually useless as 97 percent of malware is unique to a specific endpoint says a new report.

This is among the findings of the latest annual Webroot Threat Brief which shows that today's threats are truly global and highly dynamic. Many attacks are staged, delivered, and terminated within a matter of hours, or even minutes, having harvested user credentials and other sensitive information.

Continue reading →

Hackers are constantly seeking new ways to attack systems and gain insider access to data. A new survey from IT security company Balabit reveals the 10 most popular hacking methods to help companies understand how to protect themselves.

The survey of almost 500 IT security practitioners reveals that social engineering is the most popular means of attack. Hackers aim to get a 'low level' insider user account by means of phishing and escalate its privileges.

Continue reading →

According to a new report from security awareness specialist Wombat Security phishing attacks are on the rise and are supported by increasingly aggressive social engineering practices that make them more difficult to prevent.

Organizations surveyed indicated they have suffered malware infections (42 percent), compromised accounts (22 percent), and loss of data (4 percent) as a direct result of successful phishing attacks.

Continue reading →