As email usage expands annually, so do email-borne threats, with three-quarters of IT security leaders anticipating a severe email security incident in the next 12 months.
A joint cybersecurity alert warned that hackers breached multiple federal agencies via remote monitoring and management software in a widespread helpdesk-themed phishing campaign.
The FBI warned that hackers are using search engine ads for phishing and spreading malware to unsuspecting users by impersonating legitimate businesses and services.
Cyber attacks are using better research and personalization to find a way to take advantage of the senior level or C-Suite — and cybersecurity operations are falling behind in combatting these whaling attacks.
Suspected Russian and Turkish attackers accuse account owners of copyright infringement, direct them to phishing pages to compromise accounts before demanding ransom from hacked Instagram account owners to restore access.
EA introduced new security measures to prevent account takeover attacks after hackers successfully breached high-profile players’ accounts via phishing and social engineering attacks.
Historically, to become a successful hacker, you had to have the knowledge and skills to create your own attacks from scratch. However, all that has changed with the proliferation of the underground market for phishing-as-a-service.
With emails bypassing defenses, humans are left as organizations’ last line of defense against phishing attacks. But it’s unreasonable to expect each employee to be a cybersecurity expert and identify these attacks every time.
A dark web forum recruited affiliates in a phishing campaign targeting YouTube creators with cookie stealing malware to hijack their accounts and stream cryptocurrency scams.
US government employees will soon be required to use a stronger measure of multi-factor authentication to access their work accounts. Aimed at putting an end to phishing, the measure is phasing out less secure forms of authentication.