Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

Organizations are getting better at detecting breaches, but attackers are also working on improving their tactics and techniques [Read More]
Israel-based anti-phishing firm IRONSCALES raises $6.5 million. Money will be used to expand sales and expedite R&D for its technologies [Read More]
Account takeover study conducted by Google shows that phishing poses the greatest threat to users, followed by keyloggers and third-party breaches [Read More]
Cybersecurity firm Proofpoint on Tuesday announced that it has agreed to acquire messaging security firm Cloudmark for $110 million in cash. [Read More]
The Russia-linked threat group known as Fancy Bear has abused Google’s Blogspot service in phishing attacks [Read More]
Security researchers hunted down more than 3,200 unique phishing kits, tracked the actors behind the kits, and identified kit re-use across sites, [Read More]
Security awareness training and simulated phishing firm KnowBe4 raises $30 million in Series B funding round [Read More]
China-linked cyber espionage group uses recently patched .NET vulnerability in attacks aimed at a US shipbuilding firm and a university with military ties [Read More]
I recent attack reminds us that DMARC can prevent phishing from genuine domains, but cannot prevent phishing from lookalike domains. [Read More]
A Middle Eastern threat group has been using a Flash Player zero-day vulnerability to deliver FinFisher spyware [Read More]

FEATURES, INSIGHTS // Phishing

rss icon

Marc Solomon's picture
Many continue to click on links or attachments sent via email without taking any steps to verify the origin of the email or the validity of the link or attachment. It only takes one click to for an attacker to establish a foothold in the target’s systems.
Jon-Louis Heimerl's picture
For a month, I kept all of my spam, then looked at the subject matter, where it was from and tried to analyze some additional characteristics of the spam.
Jon-Louis Heimerl's picture
Social engineering attacks can happen at any time. Here are some strategies you can use to help reduce the chances of a successful social engineering/phishing attack you or your organization.
Jon-Louis Heimerl's picture
What do you do when your organization has been victimized by a phishing attack? If you wait until you are actually under an attack it is too late.
Jon-Louis Heimerl's picture
Organizationally, there are things you can do to help avoid becoming a victim, and to minimize damage if you are victimized.
Ram Mohan's picture
The semiannual “Global Phishing Survey” from the Anti-Phishing Working Group (APWG) provides powerful insight into what is happening in phishing worldwide.
Idan Aharoni's picture
Cooperation in the underground economy could enable a fraudster in Russia who masters the art of phishing to team up with another fraudster who already has the infrastructure of cashing out compromised online banking accounts of US banks.
Chris Hinkley's picture
Businesses usually don’t think about social engineering when securing company data. It used to be believed that social engineering was reserved for governments and organizations with enemies. That's not the case anymore.
Ram Mohan's picture
Domain name typo squatting, a decade-old headache for marketing and legal departments, is putting corporate data at risk. But evidence suggests that it is becoming a risk that also needs to be on the CSO's radar.
Irida Xheneti's picture
The risks are real, and growing more complex by the month. That doesn't mean you're powerless to keep your infrastructure and data secure.