Articles about Phishing

According to a new study, 94 percent of global organizations have experienced email security incidents last year, up two percent from the year before.

The latest Email Security Risk Report from Egress looks at attitudes and approaches to email security, the evolution of risks, and the impact of incidents, based on responses from 500 cybersecurity leaders.

Continue reading →

According to the FIDO (Fast Identity Online) Alliance, passwords are the root cause of more than 80 percent of data breaches. And yet, many organizations -- both big and small -- continue to use this antiquated approach to authentication. In fact, recent research from Yubico, which surveyed more than 16,000 employees across eight countries, found 59 percent of respondents still rely on usernames and passwords as their primary method of authentication.

Why do we continue to see the same old same old, especially when the authentication industry has made such significant strides in not only passwordless but also phishing-resistant authentication? We spoke with Axiad founder and co-CEO Bassam Al-Khalidi to get an answer to this question and find out how companies can make the move to a passwordless, phishing-resistant future. Read on to hear what he had to say.

Continue reading →

A new report from Abnormal Security highlights real-world examples of how AI is being used to carry out cyberattacks.

Generative AI allows scammers to craft unique email content, making detection that relies on matching known malicious text strings infinitely more difficult.

Continue reading →

A new report from Axiad shows that 88 percent of IT professionals feel their company is prepared to defend against a password-based cyberattack, yet 52 percent say their business has fallen victim to one within the last year.

Based on over 200 responses from US IT pros, the study shows 39 percent think phishing is the most feared cyberattack, while 49 percent say it's the attack most likely to happen.

Continue reading →

While we all know email is a big target for attackers, it’s important to remember that email is not the only risk vector. As companies use more tools and features, the risks grow too. Email is just one piece of the puzzle, which is why it is crucial to consider a wide range of employee security behaviors to get a holistic view of your risks. By doing so, you can focus resources more efficiently.

Human Risk Management (HRM) is a vital part of cyber security. Even if you have technological safeguards in place, HRM plays a substantial role in your overall security stance. Here I highlight some of the employee cyber risks that often get overlooked and how we can better keep an eye on them in real time.

Continue reading →

While we all know email is a big target for attackers, it’s important to remember that email is not the only risk vector. As companies use more tools and features, the risks grow too. Email is just one piece of the puzzle, which is why it is crucial to consider a wide range of employee security behaviors to get a holistic view of your risks. By doing so, you can focus resources more efficiently.

Human Risk Management (HRM) is a vital part of cyber security. Even if you have technological safeguards in place, HRM plays a substantial role in your overall security stance. Here I highlight some of the employee cyber risks that often get overlooked and how we can better keep an eye on them in real time.

Continue reading →

We're all familiar with link shortening services, those handy tools that allow you to shrink URLs down to a manageable size to make them easier to share.

Of course in the past these have been used for nefarious purposes too, hiding the true nature of a link to get people to click on phishing or malware messages. Now though researchers at Infoblox have uncovered something even more sinister, the operation of a shady link shortening service made especially for cybercrime.

Continue reading →

It is very nearly Halloween and we are preparing ourselves to encounter a host of terrifying creatures and monsters, all who are patiently waiting to make their appearances this year. However, while those beings are terrifying in their own right, it's the monsters lurking in the  shadows of the digital world that seem to strike more fear.

Malicious actors and menacing threats feel ever present in the news. As the adoption of cloud and on-demand computing services increases, malicious actors are waiting to make their move when enterprises lose control of their data security. Enterprises and their leaders are kept awake wondering where their data is, who has access to it, how it is being used and whether it’s safe. This piece will explore how to mitigate some of the most scary monsters that are haunting organizations the holiday season and beyond.

Continue reading →

A new survey of over 300 cybersecurity professionals from SlashNext looks at cybercriminal behavior and activity on the Dark Web particularly as it relates to leveraging Generative AI tools and chatbots and finds a startling 1,265 percent increase in malicious phishing emails since the launch of ChatGPT in November 2022.

It also shows a 967 percent increase in credential phishing in particular and that 68 percent of all phishing emails are text-based Business Email Compromise (BEC) attacks.

Continue reading →

We've all heard about how AI is being used to improve cyberattacks, by creating better phishing emails for example, but does AI really have the same potential for being sneaky as humans?

New research from IBM X-Force has set out to answer the question, ‘Do the current Generative AI models have the same deceptive abilities as the human mind?’

Continue reading →

As QR codes have become popular, they're used for all kinds of things from mobile payments to access control and even document sharing. The problem is that they can also hide risks so it's no surprise that they're becoming a popular vehicle for phishing.

New analysis from Hoxhunt finds the use of QR codes in 22 percent of attacks on its 'global human risk network' in the first weeks of October 2023.

Continue reading →

In the third quarter of this year, phishing attacks soared by 173 percent compared with the previous three months, and malware was up 110 percent over the same period.

Email security company Vade has released its quarterly Phishing and Malware Report which shows Q3 2023's malware volumes almost set a record for the highest total of any quarter, trailing only Q4 2016's mark of 126.8 million.

Continue reading →

The latest biannual Cyber Threat Intelligence Report from Critical Start reveals the top 10 cyber threats, including a rise in phishing attacks using QR codes are on the rise with bad actors masquerading as Microsoft security notifications.

Since May this year a major campaign has seen emails with a QR code embedded inside a PNG image or a PDF attachment. This has been aimed across industries with the energy sector being hardest hit -- one US energy company received 29 percent of all emails in the campaign.

Continue reading →

A new survey of 205 IT security decision makers highlights mounting concerns over the use of AI, and deepfakes in particular, as 68 percent of respondents express concerns about cybercriminals using deepfakes to target their organisations.

The study from Integrity360 finds 59 percent also agree that AI is increasing the number of cyber attacks, which aligns with the change in attacks that have been noticeable over the past year as 'offensive AI' is being used for tasks such as malware creation.

Continue reading →

A new report into hidden threats from Ivanti finds that one in three employees believe their actions do not impact their organization's security.

The research also shows that Millennial and Gen Z office workers are more likely to have unsafe cybersecurity habits when compared to Gen X and older (those above 40 years of age).

Continue reading →