Articles about Phishing

It is very nearly Halloween and we are preparing ourselves to encounter a host of terrifying creatures and monsters, all who are patiently waiting to make their appearances this year. However, while those beings are terrifying in their own right, it's the monsters lurking in the  shadows of the digital world that seem to strike more fear.

Malicious actors and menacing threats feel ever present in the news. As the adoption of cloud and on-demand computing services increases, malicious actors are waiting to make their move when enterprises lose control of their data security. Enterprises and their leaders are kept awake wondering where their data is, who has access to it, how it is being used and whether it’s safe. This piece will explore how to mitigate some of the most scary monsters that are haunting organizations the holiday season and beyond.

Continue reading →

A new survey of over 300 cybersecurity professionals from SlashNext looks at cybercriminal behavior and activity on the Dark Web particularly as it relates to leveraging Generative AI tools and chatbots and finds a startling 1,265 percent increase in malicious phishing emails since the launch of ChatGPT in November 2022.

It also shows a 967 percent increase in credential phishing in particular and that 68 percent of all phishing emails are text-based Business Email Compromise (BEC) attacks.

Continue reading →

We've all heard about how AI is being used to improve cyberattacks, by creating better phishing emails for example, but does AI really have the same potential for being sneaky as humans?

New research from IBM X-Force has set out to answer the question, ‘Do the current Generative AI models have the same deceptive abilities as the human mind?’

Continue reading →

As QR codes have become popular, they're used for all kinds of things from mobile payments to access control and even document sharing. The problem is that they can also hide risks so it's no surprise that they're becoming a popular vehicle for phishing.

New analysis from Hoxhunt finds the use of QR codes in 22 percent of attacks on its 'global human risk network' in the first weeks of October 2023.

Continue reading →

In the third quarter of this year, phishing attacks soared by 173 percent compared with the previous three months, and malware was up 110 percent over the same period.

Email security company Vade has released its quarterly Phishing and Malware Report which shows Q3 2023's malware volumes almost set a record for the highest total of any quarter, trailing only Q4 2016's mark of 126.8 million.

Continue reading →

The latest biannual Cyber Threat Intelligence Report from Critical Start reveals the top 10 cyber threats, including a rise in phishing attacks using QR codes are on the rise with bad actors masquerading as Microsoft security notifications.

Since May this year a major campaign has seen emails with a QR code embedded inside a PNG image or a PDF attachment. This has been aimed across industries with the energy sector being hardest hit -- one US energy company received 29 percent of all emails in the campaign.

Continue reading →

A new survey of 205 IT security decision makers highlights mounting concerns over the use of AI, and deepfakes in particular, as 68 percent of respondents express concerns about cybercriminals using deepfakes to target their organisations.

The study from Integrity360 finds 59 percent also agree that AI is increasing the number of cyber attacks, which aligns with the change in attacks that have been noticeable over the past year as 'offensive AI' is being used for tasks such as malware creation.

Continue reading →

A new report into hidden threats from Ivanti finds that one in three employees believe their actions do not impact their organization's security.

The research also shows that Millennial and Gen Z office workers are more likely to have unsafe cybersecurity habits when compared to Gen X and older (those above 40 years of age).

Continue reading →

The latest Phishing Threat Trends Report from Egress, based on data from its Egress Defend email security tool, reveals that nearly three-quarters of AI detectors can't tell if a phishing email has been written by a chatbot.

Because they utilize large language models (LLMs), the accuracy of most detector tools increases with longer sample sizes, often requiring a minimum of 250 characters to work. With 44.9 percent of phishing emails not meeting the 250-character limit, and a further 26.5 percent falling below 500, currently AI detectors either won't work reliably or won't work at all on 71.4 percent of attacks.

Continue reading →

Senior executives are 60 percent more likely to click on malicious links than their employees, making them a vulnerable target for hackers, according to a new report.

However, data from SoSafe also reveals that senior managers are more likely to report a suspicious email (20 percent) than employees (eight percent) are, which shows that security awareness among top management is rising.

Continue reading →

Of over 200 IT security decision makers surveyed, data theft is cited as the biggest concern by 55 percent, followed by phishing (35 percent) with ransomware taking third place on 29 percent.

The study from Integrity360 shows that in terms of actual incidents phishing is the most common (46 percent), with data theft second on 27 percent. Ransomware, at only 15 percent, is ranked among the least common incidents being seen by businesses.

Continue reading →

Cyberattacks and data breaches come it many forms, but often at the root of them is a phishing scam.

Exploiting the fact that humans are the weakest link in the security chain, cybercriminals use phishing to trick employees into giving up credentials or other sensitive information that can be used to gain a foothold to carry out a later attack.

Continue reading →

Security researchers at Cofense have noticed a rise in phishing campaigns that use Google's AMP technology to gain trust and evade detection.

Google describes AMP as a "web component framework to easily create user-first experiences for the web". Broken down to its core, AMP is designed to improve the performance of webpages, mostly on mobile, by limiting elements on these pages.

Continue reading →

New research from security behavior change specialist Hoxhunt shows that 66 percent of active participants in security behavior training programs at critical infrastructure organizations detect and report at least one real malicious email attack within a year.

The report -- based on analysis of over 15 million phishing simulations and real email attacks reported in 2022 by 1.6 million people participating in security behavior change programs -- shows the effectiveness of training in making staff more engaged in organizational security.

Continue reading →

A new report reveals the most impersonated brands in phishing attacks for the first half of 2023, with Facebook taking the top slot, followed by Microsoft.

The report from email security company Vade, shows Facebook accounted for 18 percent of all phishing URLs and Microsoft for 15 percent. Taken together these two accounted for more unique phishing URLs than the next top five brands combined (Crédit Agricole, SoftBank, Orange, PayPal and Apple).

Continue reading →