Business Email Compromise Doubles in Incidents and Triples in Cost The latest data from the U.S. government’s Financial Crimes Enforcement Network shows fraud via business email is changing tactics and becoming more effective. Phishing attacks don’t always need to result in the use of malware. In many cases the goal is to commit fraud through [...]
U.S. entities remained the most attractive targets of phishing attacks throughout 2018, with an estimated 84% of the total volume of millions of incidents analyzed during the last year. The top organizations targeted by phishing attacks when taking into account the industry sectors were financial institutions (28,9%), email and online services (24,1%), cloud and file storage (12,6%), [...]
The Notre Dame Cathedral in Paris caught fire and was barely saved from total destruction. Millions of people visit every year and hundreds of millions feel a powerful, and personal, sense of connection to it. Seeing the cathedral burn was a tragedy, and the bad guys were faster than ever to leverage it into misinformation and social engineering. [...]
A recent phishing attack posing as a PDF decoy from a Denver law firm was stealing clients' Office 365 credentials. The phishing bait was hosted in Azure blob storage and contained a Microsoft-issued domain and SSL certificate, making it particularly believable. Since the phishing bait was hosted in Azure blob storage, it had a Microsoft-issued [...]
The attack dubbed “PhishPoint” demonstrates the craftiness and extent cybercriminals will go to in order to harvest Office 365 credentials. This latest attack uses several familiar aspects of Office 365 to lull potential victims into an assumption everything is above board. Here’s how the PhishPoint attack works: The user receives the malicious email –There [...]
What is Angler Phishing? Angler phishing is the practice of masquerading as a customer service account on social media, hoping to reach a disgruntled consumer. About 55% of such attacks last year targeted customers of financial institutions, trying to lure victims into handing over access to their personal data or account credentials. How Angler Phishing Works Angler [...]
Luring users on social media to visit lookalike version of popular websites that pop-up a legitimate-looking Chrome extension installation window is one of the most common modus operandi of cyber-criminals to spread malware. Security researchers are again warning users of a new malware campaign that has been active since at least March this year [...]
The notorious Necurs botnet is one of the oldest and largest spam and phishing delivery systems in existence. It controls millions of machines that the criminal botmasters use to send malicious payloads. Necurs has now adopted a retro trick to make itself more evasive and less likely to have its phishing intercepted by your filters. It's begun [...]
There is a new scam where hackers send you a text that asks you about a password reset on your account, and if you have not sent this request, to text the word STOP. This is a scam. Here is how this scam works. The victim receives a text asking whether they’ve requested a password reset [...]
Small-to-midsize businesses (SMBs) are the preferred target by ransomware operators, due to weaker protection and greater willingness to pay up. Ransomware, the prolific malware that locks down computer files until the victim pays to regain access, remains the fastest-growing cyber threat, targeting users from the regular Joe to entire corporate networks. In a mashup of [...]