Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

Snapchat on Friday was targeted by a phishing attack that resulted in some payroll information of its employees being inadvertently revealed. [Read More]
Cybercriminals behind the Dridex botnet have ramped up their email campaign activity following a short holiday season break, researchers at FireEye Labs say. [Read More]
The Dridex banking Trojan has been updated with a new attack methodology that leverages a similar redirection attack scheme used by the Dyre Trojan, IBM X-Force researchers warn. [Read More]
A security flaw in the popular single-sign-on (SSO) and password management service LastPass could allow a bad actor conducting a phishing attack to fully compromise user’s accounts, researcher Sean Cassidy has discovered. [Read More]
The black market for IP addresses is thriving given that a cybercriminal stealing a large IP address block can generate thousands of dollars per month. [Read More]
Hackers breached the systems of anti-adblocking service PageFair and used the access to deliver malware [Read More]
A new piece of malware dubbed Brolux has been used to target online banking users in Japan. Chinese cybercriminals could be behind the attacks. [Read More]
The news that Raytheon is acquiring Websense has been leveraged by malicious actors to target Websense employees with malware-carrying emails. [Read More]
PhishMe, a company that helps organizations teach security awareness by educating employees on how to identify Phishing attacks, has raised $13 million in Series B funding. [Read More]
Sending spoofed emails from .gov domains allows spammers to bypass SPF/DKIM email verification systems. [Read More]

FEATURES, INSIGHTS // Phishing

rss icon

Jon-Louis Heimerl's picture
Organizationally, there are things you can do to help avoid becoming a victim, and to minimize damage if you are victimized.
Ram Mohan's picture
The semiannual “Global Phishing Survey” from the Anti-Phishing Working Group (APWG) provides powerful insight into what is happening in phishing worldwide.
Idan Aharoni's picture
Cooperation in the underground economy could enable a fraudster in Russia who masters the art of phishing to team up with another fraudster who already has the infrastructure of cashing out compromised online banking accounts of US banks.
Chris Hinkley's picture
Businesses usually don’t think about social engineering when securing company data. It used to be believed that social engineering was reserved for governments and organizations with enemies. That's not the case anymore.
Ram Mohan's picture
Domain name typo squatting, a decade-old headache for marketing and legal departments, is putting corporate data at risk. But evidence suggests that it is becoming a risk that also needs to be on the CSO's radar.
Irida Xheneti's picture
The risks are real, and growing more complex by the month. That doesn't mean you're powerless to keep your infrastructure and data secure.
Ram Mohan's picture
Cybercriminals have enough information to construct highly targeted phishing attacks. So, how can you mitigate the risk of falling victim to spear-phishing attacks?
Idan Aharoni's picture
Unlike real-world dumpster diving, "electronic dumpster diving" can enable cybercriminals to access all the documents currently held by the user, not just those that were thrown away.
Greg Olsen's picture
These best practices for DKIM can help you get more email delivered and lower the likelihood that a message will be categorized as spam.
Noa Bar-Yosef's picture
An Inside Look at Some of the Strategies and Tactics Cybercriminals Use to Conduct Successful Phishing Attacks