Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

Cybercriminals use phishing emails and CSRF exploits to hijack routers in Brazil and redirect victims to fake banking websites. [Read More]
Researchers at Cisco have come across a campaign in which malicious actors sent out bogus Microsoft Volume Licensing Service Center (VLSC) emails in an effort to trick corporate users into installing a piece of malware. [Read More]
By analyzing manual hijacking cases that occurred at Google between 2011 and 2014, researchers determined that there are only 9 incidents per million Google users per day. [Read More]
Phishers continue to turn to shared virtual server hacking, APWG reports. [Read More]
The recent expansion of generic Top-Level Domains (gTLDs) has attracted the attention of cybercriminals who have started abusing them for their malicious operations, researchers warned this week. [Read More]
Attackers are playing on the hype around the crypto-currency Bitcoin to cast a wider phishing net looking for victims. It's not just bank credentials cyber-criminals are looking for. [Read More]
The crash of the Malaysia Airlines flight MH17 in eastern Ukraine on June 17 continues to make headlines, making it a perfect event for cybercriminals to leverage in their malicious campaigns. [Read More]
According to research, financial institutions, payment services and social networks are among the categories of sites most likely to be used in phishing attacks. [Read More]
According to a report from Imperva, 80% of the traffic associated with comment spam is generated by just 28% of attack sources. [Read More]
The new anti-phishing feature currently being tested in the experimental version of Google Chrome does not work as well as intended and poses security risks. [Read More]

FEATURES, INSIGHTS // Phishing

rss icon

Jon-Louis Heimerl's picture
Organizationally, there are things you can do to help avoid becoming a victim, and to minimize damage if you are victimized.
Ram Mohan's picture
The semiannual “Global Phishing Survey” from the Anti-Phishing Working Group (APWG) provides powerful insight into what is happening in phishing worldwide.
Idan Aharoni's picture
Cooperation in the underground economy could enable a fraudster in Russia who masters the art of phishing to team up with another fraudster who already has the infrastructure of cashing out compromised online banking accounts of US banks.
Chris Hinkley's picture
Businesses usually don’t think about social engineering when securing company data. It used to be believed that social engineering was reserved for governments and organizations with enemies. That's not the case anymore.
Ram Mohan's picture
Domain name typo squatting, a decade-old headache for marketing and legal departments, is putting corporate data at risk. But evidence suggests that it is becoming a risk that also needs to be on the CSO's radar.
Irida Xheneti's picture
The risks are real, and growing more complex by the month. That doesn't mean you're powerless to keep your infrastructure and data secure.
Ram Mohan's picture
Cybercriminals have enough information to construct highly targeted phishing attacks. So, how can you mitigate the risk of falling victim to spear-phishing attacks?
Idan Aharoni's picture
Unlike real-world dumpster diving, "electronic dumpster diving" can enable cybercriminals to access all the documents currently held by the user, not just those that were thrown away.
Greg Olsen's picture
These best practices for DKIM can help you get more email delivered and lower the likelihood that a message will be categorized as spam.
Noa Bar-Yosef's picture
An Inside Look at Some of the Strategies and Tactics Cybercriminals Use to Conduct Successful Phishing Attacks