Security News
The proof is in the results: Phishing attacks of just one type - the business email compromise - have caused at least $26 billion in losses in the past five years alone, according to the FBI. The Heart of the Problem. Almost 90% of email attacks manipulate sender identity to fool recipients and initiate social engineering attacks.
A report released on Tuesday by security company GreatHorn illustrates the ebb and flow of these attacks and offers advice on how organizations can fight them. For its report, GreatHorn tracked the volume of COVID-19-related email phishing attacks from January, when the virus began to surface, until June, when many countries and companies slowly started to resume operations.
The proof is in the results: Phishing attacks of just one type - the business email compromise - have caused at least $26 billion in losses in the past five years alone, according to the FBI. The Heart of the Problem. Almost 90% of email attacks manipulate sender identity to fool recipients and initiate social engineering attacks.
Redwood, California-based anti-phishing firm Area 1 Security has raised $25 million in a Series D funding round led by ForgePoint Capital and supported by existing investors Kleiner Perkins, Icon Ventures and Top Tier Capital. Area 1 Security claims to have stopped 42 million phish in 2019, and has thwarted $273 million in BEC fraud in the first five months of 2020.
Now that organizations in some parts of the world are trying to reopen, recent phishing attacks observed by the cyber threat intelligence provider Check Point Research are targeting employees returning to the office. In phishing campaigns observed by Check Point, attackers are deploying emails and malicious files masquerading as COVID-19 training materials.
Working from home is a new 'norm' for many organizations, but the shift toward remote work has been steadily increasing for the past decade. Whether mandatory or not, remote work can pose unwanted security concerns for an organization, so it's important to know how to be equipped to mitigate risk appropriately.
Between the second and third weeks of March 2020, email scams and phishing attacks spiked by an unprecedented 436%. Such was the effect of the COVID-19 pandemic. BEC attacks represent a low percentage of email attacks by volume, but a disproportionally high percentage of overall loss to business.
Targeting the CEO and others in an organization, the attacks spotted by cybersecurity firm Darktrace were detected due to artificial intelligence. A recent phishing attack observed by Darktrace used all of those methods in an attempt to deploy malware.
In a blog post published Thursday, Check Point described the method in which attackers exploited one of Oxford University's mail servers to send the initial email, abused an Adobe Campaign redirection tool, and then used a Samsung domain to take users to a Microsoft Office 365-themed phishing website. Most of the emails observed came from multiple addresses that belonged to legitimate subdomains from different departments at the University of Oxford.
The phishing email leads recipients to a phony BOA landing page in an attempt to steal their banking credentials, according to Armorblox. A blog post published Thursday by security provider Armorblox explains how a recent phishing campaign impersonates Bank of America.