Security News

According to a Tuesday report by Cofense, which analyzed millions of emails related to various attacks, 57 percent were phishing emails aiming to steal victim usernames and passwords. The remainder of malicious emails were utilized in business email compromise attacks or for malware delivery.

Researchers are warning of recent phishing attacks targeting at least 10,000 Microsoft email users, pretending to be from popular mail couriers - including FedEx and DHL Express. Both scams have targeted Microsoft email users and aim to swipe their work email account credentials.

Researchers from GreatHorn report they have observed a nearly 6,000-percent jump in attacks using "Malformed URL prefixes" to evade protections and deliver phishing emails that look legit. Typosquatting is a common phishing email tactic where everyday business names are mispelled, like "Amozon.com" - to try and trick unobservant users into clicking.

Email security company GreatHorn is warning of a new form of phishing attack that makes malicious messages more likely to get through filters and harder for the average person to detect by sight. Email scanning programs, GreatHorn said in a blog post, aren't configured to detect these kinds of attacks because they don't fit known bad criteria.

Microsoft is adding new security warnings to the Security and Compliance Center default alert policies to inform IT admins of detected phishing attempts abusing Microsoft Forms in their tenants. It has recently been made available for personal use to anyone with a Microsoft account after previously being available only to business users with Microsoft 365 Personal and Microsoft 365 Family subscriptions.

Researchers from Google and Stanford University have analyzed the patterns of more than 1.2 billion email-based phishing and malware attacks targeting Gmail users, and found that most attack campaigns are short-lived and sent to fewer than 1,000 targets. Users in North America are targeted the most, they found, with 42% of the observed attacks targeted users in the United States, 10% hitting people in the United Kingdom, and 5% aimed at users in Japan.

The Internal Revenue Service has warned US tax professionals of identity thieves actively targeting them in a series of phishing attacks attempting to steal Electronic Filing Identification Numbers. Scammers started this ongoing phishing campaign right before the US tax season with the end goal of stealing both client data and tax preparers' identities.

Google has revealed earlier this week that Gmail users from the United States are the most popular target for email-based phishing and malware attacks. After inspecting phishing and malware campaigns blocked by Gmail within five months, Google found that 42% of all targets were from the US, with the next two most targeted users being from the UK and Japan.

Security biz Proofpoint and its subsidiary Wombat Security Technologies have sued Facebook and its Instagram subsidiary to prevent the seizure of internet domain names used for security testing. It sets up domain names that incorporate trademarked terms, like Facebook and Instagram, or fragments of those terms that have similar looking domain names.

Australian users are, for example, at a higher risk of being targeted that U.S.-based users, and older people are more likely to be targeted than youngsters. The researchers have analyzed over 1.2 billion email-based phishing and malware attacks against Gmail users and have singled out some interesting findings.