In a rather ironic twist on traditional phishing attacks, customers of American Express are being targeted by a campaign promising them an identity theft and phishing prevention tool.

The phishing emails offer SafeKey use as bait. This is a legitimate program that Amex offers its customers as an additional layer of security to guard against ID theft and phishing.

After falling victim to a phishing scam in March, Seagate is now being sued by its own employees whose sensitive data was exposed in the leak.

The company's HR department was tricked into providing the operators of the phishing scheme with the personally identifiable information (PII) of 10,000 past and current employees and W-2 forms that include their Social Security numbers along with their wage, salary and tax information.

There's a reason why cyber attacks use social engineering techniques, it's because the person sitting in front of the screen is usually the weakest link in the security chain.

This is confirmed by the findings of a new report from Wombat Security Technologies which shows that in the last year, the number of organizations that reported being a victim of phishing has increased 13 percent, and 60 percent of enterprises say the rate of phishing attacks has increased overall.

Phishing attacks continue to get cleverer as the people behind them refine their social engineering techniques. The latest attack uncovered by Comodo Labs targets users of the popular GoDaddy web hosting service.

The scam sends out email from what appears to be support@godaddy.com. Within the body of the phishing email, the user is notified that their email account storage has been maxed out and that incoming emails are being rejected.

Researchers at Kaspersky Lab have uncovered a new wave of targeted attacks against the industrial and engineering sectors in 30 countries around the world.

Named 'Operation Ghoul' by Kaspersky's researchers, the attacks use spear-phishing emails and malware based on a commercial spyware kit to seek out valuable business-related data stored in their victims' networks.

Phishing is one of the major security threats that enterprises now face, but according to new research from Duo Security users are putting 31 percent of organizations at risk of a data breach due to phishing attacks.

Based on feedback from the Duo Insight phishing simulation tool, the company finds that 31 percent of users clicked the link in a phishing email and worse still 17 percent entered their username and password, giving an attacker in a real-world scenario the keys to corporate data.

Phishing attacks are on the increase and are becoming increasingly sophisticated. This means that older technologies such as blacklisting known phishing sites are struggling to keep up with the threat. The Anti Phishing Working Group detected a 250 percent jump in phishing sites between October 2015 and March 2016.

Fraud protection company Easy Solutions is helping to combat the problem with the public beta launch of its Swordphish predictive phishing and malware risk assessment technology.

The most common way for malware to get onto a PC is via files downloaded from the web. According to Exploits at the Endpoint: SANS 2016 Threat Landscape Study, 41 percent of people suffered their worst security events from drive by downloads and 80 percent suffered phishing attacks.

Threat protection specialist CheckPoint is launching a new anti-malware and anti-phishing extension for web browsers to address this growth in web-based malware and social engineering attacks.

Slack is the largest enterprise chat platform in the world with more than 2.7 million daily active users who spend an average of 140 minutes per day using it.

Not surprising then that alert attackers see it as an opportunity to expand their social engineering campaigns. The fact than many people use Slack without the IT team's knowledge creates a further security issue.

Email is often cited as the technology that made the internet essential for businesses. You would have thought by now that something else would have come along to replace it in our affections, but the popularity of email shows no sign of waning.

A new infographic from email authentication company ValiMail shows that 98.5 percent of people check their email daily and spend as much as six hours doing so.

Protecting against data breaches is always better than dealing with their aftermath. And since phishing is still one of the most popular attack methods businesses and employees need to be alert to the risks.

Authentication specialist Duo Security is launching a new, free tool to let IT teams run internal phishing simulations and assess their vulnerability to such attacks.

Out of 300 IT professionals attending the Infosecurity Europe conference, almost half (49 percent) believe their CEO has fallen victim to a targeted phishing attack.

The results have been published in a new paper by unified security management and crowd-sourced threat intelligence company, AlienVault.

Microsoft has changed the way it displays malware warnings in its search engine Bing to help users distinguish between the various forms of attacks that can appear in its searches.

The company has decided to replace its generic warning for websites that could be potentially dangerous for users, and instead offer separate warnings for sites that are known to contain malware and phishing sites.

Hotels represent rich pickings for cyber criminals. There's the potential to steal information from large numbers of customers with consequent financial gains.

Researchers at Panda Security have issued a report showing the major attacks targeted against hotel chains in 2015.

As the April 18 deadline for submitting individual and company tax returns in the US approaches, many people will be rushing to submit their information and this makes it a major opportunity for cyber criminals.

The run up to the deadline is likely to see millions of phishing emails sent to consumers and businesses. These will be trying to grab social security numbers, paycheck stubs, bank accounts, passwords, IDs and other key pieces of personal and professional information, using fake web sites and fraudulent emails that masquerade as official government collection agencies.