Security News
Email phishing attacks work by spoofing or referencing well-known topics that the attackers hope will arouse fear or concern or interest on the part of the recipients. To compile its "Q2 2020 Top-Clicked Phishing Report," KnowBe4 examined tens of thousands of email subject lines from simulated phishing tests as well as "In-the-wild" email messages that employees received and reported to their IT departments as suspicious.
Researchers at Armorblox recently spotted a pair of savvy campaigns leveraging Amazon: A credential-phishing attempt using a purported Amazon delivery order failure notice; and a voice phishing attempt also using Amazon delivery order. Both are examples of the ever-more sophisticated phishing efforts being developed by fraudsters that are aimed at gaming traditional email security efforts, researchers said.
In this type of phishing campaign, attackers trick people into giving a malicious app consent to access sensitive data, says Microsoft. A more specialized type of campaign known as consent phishing aims to grab sensitive data not by snagging your password but by tricking you into giving the necessary permissions to a malicious app.
Microsoft has taken legal action to seize web domains being used to launch coronavirus-themed phishing attacks. "Microsoft's Digital Crimes Unit first observed these criminals in December 2019, when they deployed a sophisticated, new phishing scheme designed to compromise Microsoft customer accounts," said the mega-corp in a blog post this week.
A new phishing campaign spotted by Abnormal Security attempts to trick people with a phony Twitter security notification. A new phishing campaign analyzed by the security provider Abnormal Security shows how the attackers are taking advantage of Twitter users to steal account credentials.
The proof is in the results: Phishing attacks of just one type - the business email compromise - have caused at least $26 billion in losses in the past five years alone, according to the FBI. The Heart of the Problem. Almost 90% of email attacks manipulate sender identity to fool recipients and initiate social engineering attacks.
A report released on Tuesday by security company GreatHorn illustrates the ebb and flow of these attacks and offers advice on how organizations can fight them. For its report, GreatHorn tracked the volume of COVID-19-related email phishing attacks from January, when the virus began to surface, until June, when many countries and companies slowly started to resume operations.
The proof is in the results: Phishing attacks of just one type - the business email compromise - have caused at least $26 billion in losses in the past five years alone, according to the FBI. The Heart of the Problem. Almost 90% of email attacks manipulate sender identity to fool recipients and initiate social engineering attacks.
Redwood, California-based anti-phishing firm Area 1 Security has raised $25 million in a Series D funding round led by ForgePoint Capital and supported by existing investors Kleiner Perkins, Icon Ventures and Top Tier Capital. Area 1 Security claims to have stopped 42 million phish in 2019, and has thwarted $273 million in BEC fraud in the first five months of 2020.
Now that organizations in some parts of the world are trying to reopen, recent phishing attacks observed by the cyber threat intelligence provider Check Point Research are targeting employees returning to the office. In phishing campaigns observed by Check Point, attackers are deploying emails and malicious files masquerading as COVID-19 training materials.