Articles about Phishing

Cybercriminals are not new, and often neither are their tactics. Despite this, phishing attacks, which incorporate social engineering in emails and messages to persuade people to perform an action that puts organizations at risk, continue to be highly successful. New technologies, such as GenAI, are improving these tactics further and companies must implement a strategic approach built on a solid foundation of identity security to minimize risks.

The most glaring vulnerability within an organization stems from human error. Mistakes such as using weak passwords, reusing credentials across multiple platforms, or falling victim to phishing attacks, can provide malicious actors with an easy gateway into secure systems. Social engineering exploits the natural human inclination to trust, deceive employees into divulging sensitive information or unwittingly granting access. Despite widespread awareness campaigns, these tactics continue to succeed, highlighting the gap between knowledge and practice, which presents a major risk to organizations.

Continue reading →

A new report finds that 76 percent of fraud and risk professionals believe their business has been targeted by AI-driven fraud, with over half reporting this type of fraud happening daily or weekly.

The study, from anti-fraud platform Sift, finds the emergence and increased adoption of AI tools, including publicly available chatbots, enables cybercriminals to conduct scalable fraud attacks against both individuals and businesses.

Continue reading →

The cybersecurity landscape is a constantly changing one, with new threats emerging and old ones evolving. This makes it difficult for organizations to ensure their defenses are up to the task of properly protecting them.

We spoke to Balazs Greksza, threat response lead at Ontinue which recently published its first threat intelligence report, to find out about the latest threats and how organizations can address them.

Continue reading →

Almost three times as many phishing, malicious, deny-listed, and offensive links have been delivered to mobile devices than a year ago, according to a new report from Lookout.

The Lookout Mobile Threat Landscape Report is based on data derived from the Lookout Security Cloud that analyzes data from more than 220 million devices, 325 million apps and billions of web items.

Continue reading →

The last six months has seen a 341 percent increase in malicious emails, including an alarming spike in phishing, BEC, and other message-based attacks fueled by the continued growth of generative AI.

The latest State of Phishing Report from SlashNext finds that since the launch of ChatGPT in November 2022, there has been a 4,151 percent increase in malicious emails sent.

Continue reading →

The latest Email Threat Trends report from VIPRE Security Group identifies the US as the top source of spam emails globally, followed by the UK, Ireland, and Japan. The US, UK, and Canada are the top three countries most subjected to email-based attacks.

Looking at targets, the manufacturing, government, and IT sectors are the most attacked by malicious actors. In Q1 2024, the manufacturing sector suffered 43 percent of email-based attacks, with government (15 percent) and IT (11 percent) trailing well behind. This is a change from Q1 2023, when attackers targeted the financial (25 percent), healthcare (22 percent), and education (15 percent) sectors most often.

Continue reading →

Since the launch of ChatGPT there has been a surge in the number of phishing emails as AI makes it easier to create convincing lures.

Email security specialist SlashNext is fighting AI with AI thanks to the launch of a new generative AI large language model (LLM) to deliver accuracy and precision in spam detection, with claimed near-zero false positive rates.

Continue reading →

As we observe Stress Awareness Month, it's important to recognize the toll that phishing attacks can take on individuals and organizations. These attacks have become increasingly sophisticated and widespread, with a staggering 94 percent of organizations falling victim to successful phishing attacks. As cybercriminals continue to exploit human vulnerabilities through social engineering, the impact on employee stress levels is a growing concern that cannot be ignored.

The constant vigilance required to identify and avoid these attacks, along with the potential consequences of falling victim, can contribute to increased anxiety and decreased productivity in the workplace. Addressing this issue is of paramount importance, to protect both the wellbeing of employees and the security of sensitive information.

Continue reading →

A new report reveals a year-on-year increase of nearly 60 percent in global phishing attacks, fueled in part by the proliferation of generative AI-driven schemes such as voice phishing (vishing) and deepfake phishing.

The report from Zscaler ThreatLabz shows that in 2023 the US (55.9 percent), UK (5.6 percent) and India (3.9 percent) are the top countries targeted by phishing scams. The high level of phishing in the US is attributable to its advanced digital infrastructure, large population of internet-connected users and extensive use of online financial transactions.

Continue reading →

Most incidents of phishing or spoofing on smartphones still happen via email, according to MEF's (Mobile Ecosystem Forum) 9th Annual Trust Study.

The report shows 52 percent of users reporting personal experience of data harm via this channel. Surprisingly, 39 percent of those users still took no preventative measures to protect their online data.

Continue reading →

A new report reveals that millennials are the top targets for phishing attacks, receiving 37.5 percent of phishing emails.

The latest phishing trends report from Egress also highlights the widespread adoption of AI and QR code phishing (quishing). Quishing has risen from 0.8 percent in 2021 to 10.8 percent in 2024, whereas attachment-based payloads halved from 72.7 percent to 35.7 percent in the same period.

Continue reading →

New research from BlueVoyant shows the use of malicious search engine ads is on the rise and poses a significant threat to internet users and companies.

These ads can lead to phishing websites or malware downloads, putting personal, financial and corporate information at risk. For companies, a compromise via phishing can lead to brand reputation damage, financial loss, and loss of customer trust.

Continue reading →

A new report shows that 95 percent of IT leaders say that cyberattacks are more sophisticated than ever and they are unprepared for this new wave of threat vectors.

The survey, of more than 800 IT and security leaders around the world, from Keeper Security reveals that firms are witnessing AI-powered attacks (51 percent), deepfake technology and supply chain attacks (both 36 percent), cloud jacking (35 percent), Internet of Things (IoT) attacks and 5G network exploits (both 34 percent), and fileless attacks (24 percent).

Continue reading →

Kaspersky's annual spam and phishing report, released today, shows its anti-phishing system thwarted over 709 million attempts to access phishing and scam websites in 2023 -- a 40 percent increase over 2022.

There's also been a surge in attacks spread via messaging platforms, including 62,127 phishing attempts on Telegram -- a 22 percent increase from the year before. AI platforms, social media services, and cryptocurrency exchanges are the other most-exploited channels.

Continue reading →

A new report shows that 66 percent of organizations in the UK experienced at least one successful phishing attack in 2023 compared to 91 percent the previous year.

However, the study from Proofpoint shows the negative consequences of attacks have soared, with a 30 percent increase in reports of financial penalties, such as regulatory fines, and a 78 percent increase in reports of reputational damage.

Continue reading →