Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

A new piece of malware dubbed Brolux has been used to target online banking users in Japan. Chinese cybercriminals could be behind the attacks. [Read More]
The news that Raytheon is acquiring Websense has been leveraged by malicious actors to target Websense employees with malware-carrying emails. [Read More]
PhishMe, a company that helps organizations teach security awareness by educating employees on how to identify Phishing attacks, has raised $13 million in Series B funding. [Read More]
Sending spoofed emails from .gov domains allows spammers to bypass SPF/DKIM email verification systems. [Read More]
Cybercriminals use phishing emails and CSRF exploits to hijack routers in Brazil and redirect victims to fake banking websites. [Read More]
Researchers at Cisco have come across a campaign in which malicious actors sent out bogus Microsoft Volume Licensing Service Center (VLSC) emails in an effort to trick corporate users into installing a piece of malware. [Read More]
By analyzing manual hijacking cases that occurred at Google between 2011 and 2014, researchers determined that there are only 9 incidents per million Google users per day. [Read More]
Phishers continue to turn to shared virtual server hacking, APWG reports. [Read More]
The recent expansion of generic Top-Level Domains (gTLDs) has attracted the attention of cybercriminals who have started abusing them for their malicious operations, researchers warned this week. [Read More]
Attackers are playing on the hype around the crypto-currency Bitcoin to cast a wider phishing net looking for victims. It's not just bank credentials cyber-criminals are looking for. [Read More]

FEATURES, INSIGHTS // Phishing

rss icon

Bill Sweeney's picture
As data moves online, social engineering techniques have become far more personalized, technologically advanced and ultimately successful.
James Foster's picture
Monitoring social media is a daunting task. Enterprises must have risk management plans in place to monitor, identify, combat and remediate social media-based threats.
Torsten George's picture
For all the benefits that social media networks provide, organizations must recognize that they present a double-edged sword when it comes to security.
Marc Solomon's picture
Many continue to click on links or attachments sent via email without taking any steps to verify the origin of the email or the validity of the link or attachment. It only takes one click to for an attacker to establish a foothold in the target’s systems.
Jon-Louis Heimerl's picture
For a month, I kept all of my spam, then looked at the subject matter, where it was from and tried to analyze some additional characteristics of the spam.
Jon-Louis Heimerl's picture
Social engineering attacks can happen at any time. Here are some strategies you can use to help reduce the chances of a successful social engineering/phishing attack you or your organization.
Jon-Louis Heimerl's picture
What do you do when your organization has been victimized by a phishing attack? If you wait until you are actually under an attack it is too late.
Jon-Louis Heimerl's picture
Organizationally, there are things you can do to help avoid becoming a victim, and to minimize damage if you are victimized.
Ram Mohan's picture
The semiannual “Global Phishing Survey” from the Anti-Phishing Working Group (APWG) provides powerful insight into what is happening in phishing worldwide.
Idan Aharoni's picture
Cooperation in the underground economy could enable a fraudster in Russia who masters the art of phishing to team up with another fraudster who already has the infrastructure of cashing out compromised online banking accounts of US banks.