Articles about Phishing

A new report from phishing protection specialist Bolster identifies 24 separate nation-state threat actor groups attempting to exploit rising political tensions across the US to interfere with the 2024 presidential elections.

Attackers are leveraging AI to automate mass spam campaigns, and also to reply in real-time. This targeting and interactivity at scale increases their chances of gaining access to more sensitive data. The influx of election-themed spam is a significant cyber threat, causing widespread confusion among citizens and undermining trust in legitimate election communications.

Continue reading →

Almost half (49 percent) of all detected spam emails are attributed to business email compromise (BEC) scams, with the CEO, followed by HR and IT, being the most common targets according to a new report.

The research from VIPRE Security Group puts a more sinister complexion on this trend, revealing that a full 40 percent of the BEC emails uncovered were AI-generated, and in some instances, AI likely created the entire message.

Continue reading →

Of course all companies are vulnerable to email threats, but analysis by Barracuda of targeted email attacks over the past year, reveals that organizations are vulnerable in different ways, according to their size.

Lateral phishing -- where attacks are sent to mailboxes across the organization from an already compromised internal account -- makes up just under half (42 percent) of targeted email threats against organizations with 2,000 employees or more, but just two percent of attacks against companies with up to 100 employees.

Continue reading →

Email security tools such as Secure Email Gateways (SEGs) often encode URLs that are embedded in emails. This enables the security appliance to scan the URL before the recipient visits the website.

But when SEGs detect URLs in emails that have already been SEG encoded they don't scan the URL. A new report from Cofense reveals that threat actors are making use of this to avoid detection.

Continue reading →

Cybercriminals are abusing legitimate URL protection services to hide malicious URLs in phishing emails, according to a new Threat Spotlight from Barracuda Networks.

Researchers have observed phishing attacks taking advantage of three different URL protection services to mask their phishing URLs. The services are provided by trusted, legitimate brands. To date, these attacks have targeted hundreds of companies.

Continue reading →

Only 61 percent of manufacturing businesses have adopted DMARC, with 19 percent of the total manufacturers analyzed having adopted the most stringent 'p=reject' DMARC policy.

New research from email security provider EasyDMARC, which surveyed almost 5,000 global manufacturing companies, finds 43 percent of those with DMARC use a low-security DMARC policy that allows suspicious emails to reach inboxes but enables reporting on such activity.

Continue reading →

Half of respondents say that they would not feel free from repercussions if they reported a cybersecurity mistake within their organization.

A new survey from ThinkCyber Security also shows that a quarter of cybersecurity professionals doubt their colleagues change their behavior with current security awareness training, and 60 percent admit they only get training once every few months or even just once a year.

Continue reading →

Cybercriminals are not new, and often neither are their tactics. Despite this, phishing attacks, which incorporate social engineering in emails and messages to persuade people to perform an action that puts organizations at risk, continue to be highly successful. New technologies, such as GenAI, are improving these tactics further and companies must implement a strategic approach built on a solid foundation of identity security to minimize risks.

The most glaring vulnerability within an organization stems from human error. Mistakes such as using weak passwords, reusing credentials across multiple platforms, or falling victim to phishing attacks, can provide malicious actors with an easy gateway into secure systems. Social engineering exploits the natural human inclination to trust, deceive employees into divulging sensitive information or unwittingly granting access. Despite widespread awareness campaigns, these tactics continue to succeed, highlighting the gap between knowledge and practice, which presents a major risk to organizations.

Continue reading →

A new report finds that 76 percent of fraud and risk professionals believe their business has been targeted by AI-driven fraud, with over half reporting this type of fraud happening daily or weekly.

The study, from anti-fraud platform Sift, finds the emergence and increased adoption of AI tools, including publicly available chatbots, enables cybercriminals to conduct scalable fraud attacks against both individuals and businesses.

Continue reading →

The cybersecurity landscape is a constantly changing one, with new threats emerging and old ones evolving. This makes it difficult for organizations to ensure their defenses are up to the task of properly protecting them.

We spoke to Balazs Greksza, threat response lead at Ontinue which recently published its first threat intelligence report, to find out about the latest threats and how organizations can address them.

Continue reading →

Almost three times as many phishing, malicious, deny-listed, and offensive links have been delivered to mobile devices than a year ago, according to a new report from Lookout.

The Lookout Mobile Threat Landscape Report is based on data derived from the Lookout Security Cloud that analyzes data from more than 220 million devices, 325 million apps and billions of web items.

Continue reading →

The last six months has seen a 341 percent increase in malicious emails, including an alarming spike in phishing, BEC, and other message-based attacks fueled by the continued growth of generative AI.

The latest State of Phishing Report from SlashNext finds that since the launch of ChatGPT in November 2022, there has been a 4,151 percent increase in malicious emails sent.

Continue reading →

The latest Email Threat Trends report from VIPRE Security Group identifies the US as the top source of spam emails globally, followed by the UK, Ireland, and Japan. The US, UK, and Canada are the top three countries most subjected to email-based attacks.

Looking at targets, the manufacturing, government, and IT sectors are the most attacked by malicious actors. In Q1 2024, the manufacturing sector suffered 43 percent of email-based attacks, with government (15 percent) and IT (11 percent) trailing well behind. This is a change from Q1 2023, when attackers targeted the financial (25 percent), healthcare (22 percent), and education (15 percent) sectors most often.

Continue reading →

Since the launch of ChatGPT there has been a surge in the number of phishing emails as AI makes it easier to create convincing lures.

Email security specialist SlashNext is fighting AI with AI thanks to the launch of a new generative AI large language model (LLM) to deliver accuracy and precision in spam detection, with claimed near-zero false positive rates.

Continue reading →

As we observe Stress Awareness Month, it's important to recognize the toll that phishing attacks can take on individuals and organizations. These attacks have become increasingly sophisticated and widespread, with a staggering 94 percent of organizations falling victim to successful phishing attacks. As cybercriminals continue to exploit human vulnerabilities through social engineering, the impact on employee stress levels is a growing concern that cannot be ignored.

The constant vigilance required to identify and avoid these attacks, along with the potential consequences of falling victim, can contribute to increased anxiety and decreased productivity in the workplace. Addressing this issue is of paramount importance, to protect both the wellbeing of employees and the security of sensitive information.

Continue reading →