Articles about Phishing

ChatGPT is very much flavor of the month at the moment, with many companies looking to add the AI technology into their products and Google launching its own alternative, Bard.

The latest to embrace the potential is Logpoint which is launching ChatGPT integration for its Security Orchestration, Automation and Response (SOAR) product.

Continue reading →

Google is using today's Safer Internet Day to announce a number of new security and privacy initiatives.

Among these are new ways to fill out passwords easily and securely in Chrome, more privacy protection for the Google app, improvements to Google Password Manger, and an expansion of SafeSearch to protect against explicit images.

Continue reading →

Web3 platforms have surged in popularity over the years and continue to catch headlines with billion-dollar investments as well as significant downturns. According to McKinsey, despite early funding issues, adoption of Web3 applications has occurred at an exponential pace, which has led to many industry professionals questioning how safe and stable these platforms are.

Web3 platforms are designed to make content hosting more available to individuals, evade censorship, guarantee access to the published content and avoid technical problems like server management, making these platforms attractive for threat actors seeking to host malicious content.

Continue reading →

A new set of zero trust email security solutions from Cloudflare are aimed at protecting employees from multichannel phishing attacks, preventing sensitive data from being exfiltrated via email, and helping businesses speed up and simplify deployments,

Compatible with any email provider, the protection is integrated into Cloudflare's platform, helping to secure all of an organization's applications and data.

Continue reading →

We reported last week on how ChatGPT could be used to offer hints on hacking websites. A new report released today by WithSecure highlights another potential use of AI to create harmful content.

Researchers used GPT-3 (Generative Pre-trained Transformer 3) -- language models that use machine learning to generate text -- to produce a variety of content deemed to be harmful.

Continue reading →

The cybersecurity world never stands still, with threats and the technology to combat them constantly evolving.

That makes predicting what might happen difficult, but we can still extrapolate current trends to get an indication of where things might be headed. Here are some expert predictions for cybersecurity in 2023.

Continue reading →

New research published in November revealed that the severity of inbound cyberthreats increased during holiday months.

The findings, from our Barracuda XDR team' Global Security Operations Center, suggest that cyberattackers may take advantage of IT security professionals being away from the workplace to launch more complex, higher risk attacks -- possibly in the hope that understaffed security departments are less likely to be monitoring the network for threats or equipped to deal with any crisis.

Continue reading →

The Christmas holiday period is a peak time for phisherfolk. Research from Check Point shows 17 percent of all malicious files distributed by email in November were related to orders and shipping around the Black Friday period.

This is expected to be worse still this month as attackers seek to take advantage of shipping and package notifications and more.

Continue reading →

For anyone invested in social media, copyright infringement is a big deal. Users must be able to protect their intellectual property from imposters and opportunists trying to ride their coattails. As such, most platforms invite content owners to report infringement, but this useful function has joined the long list of communication channels cybercriminals exploit.

Trustwave researchers have found criminal gangs are impersonating Instagram’s copyright report emails in phishing campaigns, angling to trick users into sharing their details.

Continue reading →

Hot on the heels of a report showing that 40 percent of business emails have unwelcome content, comes another report revealing that email is now the top way of delivering cyberattacks.

The report from Tessian shows that 94 percent of organizations experienced a spear phishing or impersonation attack, and 92 percent suffered ransomware attacks over email this year.

Continue reading →

Dropbox has revealed details of a phishing attack to which it fell victim. In the attack, a threat actor was able to steal code from the company after gathering employee credentials to GitHub repositories.

The security breach took place in the middle of last month, with GitHub notifying Dropbox of suspicious account activity on October 14. The cloud storage company says that the code that was accessed "contained some credentials -- primarily, API keys -- used by Dropbox developers" but insists that "no one's content, passwords, or payment information was accessed", and that its core apps and infrastructure were unaffected.

Continue reading →

The latest report from email security and threat detection company Vade shows the volume of phishing emails up 31 percent in the last quarter compared to Q2.

Volumes peaked in July (79.2 million), dipping in August (57.5 million), and rebounding in September (67.2 million). If this pace continues through Q4, phishing volumes in the second half of 2022 are set to exceed those reached in the first half (315 million).

Continue reading →

A new report analyzing billions of link-based URLs, attachments and natural language messages in email, mobile and browser channels over six months in 2022, finds more than 255 million phishing attacks -- a 61 percent increase compared to 2021.

The study from messaging security company SlashNext shows earlier security strategies, including secure email gateways, firewalls, and proxy servers are no longer stopping threats, as bad actors increasingly launch these attacks from trusted services and business and personal messaging apps.

Continue reading →

Digital natives aged between 18-39 are the most vulnerable age group for phishing scams, according to new data from security awareness training company SoSafe.

It finds that 18-39 year-olds have an average click rate of 29 percent on phishing emails, which drops to 19 percent among older age groups.

Continue reading →

For many organizations, Microsoft 365 has become their default service for email. But for attackers this makes it attractive as a point of compromise.

New research from cloud and email security specialist Avanan shows that the missed phishing rate for Microsoft Defender is 18.8 percent. A previous analysis in 2020 showed 10.8 percent of phishing emails reaching inboxes, so Defender's missed phishing rates have increased by 74 percent.

Continue reading →