Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

Over the past week, Google has observed over 18 million malware and phishing emails related to COVID-19 being sent out every day. [Read More]
GitHub has warned users that they may be targeted in a sophisticated phishing campaign that the company has dubbed Sawfish. [Read More]
Financial phishing has increased in frequency and accounted for more than half of all phishing detections last year, Kaspersky says. [Read More]
The number of COVID-19-themed attacks has increased significantly over the past couple of months, but they represent only a fraction of daily threats, security firms say. [Read More]
NASA is seeing a significant increase in cyberattacks, including phishing and malware attacks, while its employees work remotely due to the coronavirus outbreak. [Read More]
A Magecart Group 7 skimmer identified earlier this year has the ability to create iframes to steal payment data. [Read More]
IBM and FireEye have spotted a campaign that relies on fake “COVID-19 Payment” emails to deliver the Zeus Sphinx banking trojan to people in the US, Canada and Australia. [Read More]
Google says it has seen a drop in the number of warnings sent for potential government-backed phishing or malware attempts last year, mainly due to improved protection systems. [Read More]
The official website of kitchen products maker Tupperware was hacked and the attackers planted malicious code designed to steal visitors’ payment card information. [Read More]
University of Utah Health revealed last week that it discovered unauthorized access to some employee email accounts, along with a malware infection on one of its workstations. [Read More]

FEATURES, INSIGHTS // Phishing

rss icon

Alastair Paterson's picture
The barriers to entering the field of cybercrime have been significantly lowered, and for modest amounts of money, would-be scammers can buy high-quality phishing tools online.
Torsten George's picture
Most of today’s cyber-attacks are front ended by phishing campaigns. So, what can organizations do to prevent their users from falling for the bait of these attacks?
Laurence Pitt's picture
Many of us are familiar with the two most common types of socially engineered attacks – phishing and spear-phishing – but there are many more to be aware of.
Alastair Paterson's picture
Domain name typo-squatting is an established tactic in the world of cybercrime.
Alastair Paterson's picture
Cybercriminals rely on tried and trusted methods for phishing; as long as there is even a four percent chance that phishing techniques will be successful, they will continue to use them.
Siggi Stefnisson's picture
“Evasive phishing" is not a term much heard, but we all will—and need to—start talking a lot more about it than we have in the past.
Alastair Paterson's picture
BEC is becoming increasingly profitable for threat actors as organizations are making it easy for adversaries to gain access to the valuable information that sits within these inboxes.
Siggi Stefnisson's picture
We should be thinking about how users work, what they do and how it affects the security posture of the business, but does security really start with them?
Devon Kerr's picture
If phishing attacks slip past the first line of defense, security teams need to be able to identify suspicious activity and stop it before hackers can learn enough about their enterprise to execute a full attack.
Josh Lefkowitz's picture
Even organizations with the most robust defense solutions and advanced automated technologies cannot effectively combat threats such as BEC without the adequate support and nuanced expertise of humans.