Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

CISA and the FBI have issued an alert to warn of a voice phishing (vishing) campaign targeting employees of multiple organizations. [Read More]
Authorities in Maryland have issued an advisory about an apparent email phishing scam targeting firearms dealers in the state. [Read More]
Google is preparing to run an experiment in Chrome 86 as part of its fight against URL spoofing. [Read More]
Twitter on Thursday revealed that several employees were targeted with phone spear-phishing in a social engineering attack leading to the recent security incident. [Read More]
A majority of election administrators in the United States have yet to implement cybersecurity controls designed to provide protection against phishing attacks. [Read More]
DeepSource has reset tokens, secrets, private keys, and employee credentials after being informed that its GitHub application was compromised. [Read More]
Digital Shadows has found over 15 billion username and password combinations offered on cybercrime marketplaces, including more than 5 billion unique credentials. [Read More]
Over the past three years, one of the groups operating under the Magecart umbrella has targeted over 570 e-commerce websites and likely made over $7 million. [Read More]
Over the past year, a Russian cybercrime group has launched over 200 business email compromise (BEC) campaigns targeting multinational organizations. [Read More]
A harmless-looking currency converter application downloaded by more than 10,000 users from Google Play was designed to deliver the Cerberus banking Trojan. [Read More]

FEATURES, INSIGHTS // Phishing

rss icon

Torsten George's picture
Vishing is a form of criminal phone fraud, combining one-on-one phone calls with custom phishing sites.
Alastair Paterson's picture
The barriers to entering the field of cybercrime have been significantly lowered, and for modest amounts of money, would-be scammers can buy high-quality phishing tools online.
Torsten George's picture
Most of today’s cyber-attacks are front ended by phishing campaigns. So, what can organizations do to prevent their users from falling for the bait of these attacks?
Laurence Pitt's picture
Many of us are familiar with the two most common types of socially engineered attacks – phishing and spear-phishing – but there are many more to be aware of.
Alastair Paterson's picture
Domain name typo-squatting is an established tactic in the world of cybercrime.
Alastair Paterson's picture
Cybercriminals rely on tried and trusted methods for phishing; as long as there is even a four percent chance that phishing techniques will be successful, they will continue to use them.
Siggi Stefnisson's picture
“Evasive phishing" is not a term much heard, but we all will—and need to—start talking a lot more about it than we have in the past.
Alastair Paterson's picture
BEC is becoming increasingly profitable for threat actors as organizations are making it easy for adversaries to gain access to the valuable information that sits within these inboxes.
Siggi Stefnisson's picture
We should be thinking about how users work, what they do and how it affects the security posture of the business, but does security really start with them?
Devon Kerr's picture
If phishing attacks slip past the first line of defense, security teams need to be able to identify suspicious activity and stop it before hackers can learn enough about their enterprise to execute a full attack.