Security News

Beyond automated security tools, there are more people-centric strategies that businesses should adopt to protect themselves against phishing attacks, as described in the 2020 State of the Phish report released Wednesday by the security firm Proofpoint. About 60% of the respondents said their organization faced fewer or about the same number of phishing attacks last year compared with 2018.

According to researchers at the ZeroFOX Alpha Team, the latest version of the group's phishing kit is designed with a number of features that are aimed to steal as much personally identifiable information as possible from users of the popular money-transfer service, including login credentials, geolocation, email address, credit-card information, phone number and more. The researchers were able to intercept traffic between the kit and the C2 server, and gain access to the server panel that 16Shop rents to users.

One of the most advanced phishing kits, known as 16Shop and probably developed by a group known as the Indonesian Cyber Army, has expanded its phish targets from Apple account holders and Amazon to now include PayPal. "In early January 2020," they say, "ZeroFOX Alpha Team obtained a phishing kit from 16Shop that now targets PayPal customers, indicating they are actively adding brands to their phishing kit portfolio."

As you can imagine, the way the hackers got in is supposed to have been by means of phishing attacks. The good news is that most of us have learned to spot obvious phishing attacks these days.

There are ways to protect your company and employees from this type of attack, according to a new report from Barracuda Networks. Through domain impersonation or spoofing, attackers send emails to employees with phony domain names that appear legitimate or create websites with altered names.

There are ways to protect your company and employees from this type of attack, according to a new report from Barracuda Networks. Through domain impersonation or spoofing, attackers send emails to employees with phony domain names that appear legitimate or create websites with altered names.

Social media messages have also effectively tricked users, notably when LinkedIn is the subject-55% were successful, with Facebook following at 28%. "Not surprisingly, LinkedIn email subjects top the social media list for Q4 in a pretty big way. Q4 is a time where people are setting resolutions for the following year, and this often involves a job search. Activity related to LinkedIn tends to spike in this quarter, meaning people are more likely to view and click these emails." Research for the report was gathered through an examination of thousands of email subject lines from simulated phishing tests. KnowBe4 also reviewed "In-the-wild" email subject lines, which added previously received email as an additional incentive to open, as well as company emails reported to IT departments as suspicious.

Social media messages have also effectively tricked users, notably when LinkedIn is the subject-55% were successful, with Facebook following at 28%. "Not surprisingly, LinkedIn email subjects top the social media list for Q4 in a pretty big way. Q4 is a time where people are setting resolutions for the following year, and this often involves a job search. Activity related to LinkedIn tends to spike in this quarter, meaning people are more likely to view and click these emails." Research for the report was gathered through an examination of thousands of email subject lines from simulated phishing tests. KnowBe4 also reviewed "In-the-wild" email subject lines, which added previously received email as an additional incentive to open, as well as company emails reported to IT departments as suspicious.

A phishing campaign apparently aimed at Burisma, the Ukrainian gas company that is at the center of President Donald Trump's impeachment, has been linked by cybersecurity researchers to a hacker group believed to be working on behalf of the Russian government. Area 1 Security, a California-based cybersecurity firm that specializes in anti-phishing solutions, on Monday published a report describing a phishing campaign apparently aimed at Burisma, its subsidiaries and its partners.

A miscreant managed to swipe $2.3m from a Texas school district after staff inadvertently wired large sums of public money to the crook's bank account. The school district did not say exactly how scumbags were able to extract so much money, though telly station CBS Austin reported the money was funneled out in three separate transactions in November.