Security News

Coronavirus-themed malicious emails were the standout feature of online naughtiness in the first half of 2020, according to infosec firm F-Secure - though overall volumes of phishing did decrease a touch. Observed attack attempts included an Emotet banking trojan campaign targeting Japan in January after the nation confirmed its first coronavirus infection.

U.S. authorities today announced criminal charges and financial sanctions against two Russian men accused of stealing nearly $17 million worth of virtual currencies in a series of phishing attacks throughout 2017 and 2018 that spoofed websites for some of the most popular cryptocurrency exchanges. Prosecutors say the men then laundered the stolen funds through an array of intermediary cryptocurrency accounts - including compromised and fictitiously created accounts - on the targeted cryptocurrency exchange platforms.

Keepnet Labs has revealed the most vulnerable departments and sectors against phishing attacks, based on a data set of 410 thousand phishing emails, covering a period of one year. Accordingly, 90% of successful cyber attacks occur through email-based attacks.

Jack Wallen shows you how to run a phishing simulation on your employees to test their understanding of how this type of attack works. How do you test those end users? One way is with the GoPhish phishing toolkit.

Researchers have uncovered a phishing attack using a new technique: Attackers are making use of authentication APIs to validate victims' Office 365 credentials - in real time - as they enter them into the landing page. Office 365 requires app registrations to use APIs - but registrations require only an email address, making them seamless for attackers to leverage.

This data is then used to launch phishing attacks against even more people and organizations. So it's hardly surprising that phishing is now responsible for almost one-quarter of all data breaches.

History teaches us that email tricks can work surprisingly well with no text in the message body at all. The email consisted only of an attachment - there was no subject line or message, so the only visible text in the email was the name of the attachment, HAPPY99.

The goal is to concoct phishing emails and landing pages so convincing that they can fool even the most sharp-eyed user. A new phishing campaign described by phishing awareness provider Cofense in a Friday blog post uses several tactics to appear legitimate.

On August 20, 2020 the Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency issued a joint security advisory, warning about an ongoing wave of vishing attacks targeting the US private sector. Vishing is a form of criminal phone fraud, combining one-on-one phone calls with custom phishing sites.

The 2020 Phishing Attack Survey gleaned insights into the phishing landscape in August from 317 IT and cybersecurity professionals in the US, finding that email phishing attacks have become more successful during the COVID-19 pandemic. Despite only 6% of phishing attacks resulting in a breach, 36% of respondents said they were not confident that employees at their organizations would be able to spot and avoid an email phishing attack in real-time.