Collaborate Disseminate
Companies are losing money to criminals who are launching Business Email Compromise (BEC) attacks as a more remunerative line of business than retail-accounts phishing, APWG reveals. High-ticket BEC attacks Agari reported average wire transfer loss fro… Continue reading Phishing gangs mounting high-ticket BEC attacks, average loss now $80,000
Security experts are poring over thousands of new Coronavirus-themed domain names registered each day, but this often manual effort struggles to keep pace with the flood of domains invoking the virus to promote malware and phishing sites, as well as non-existent healthcare products and charities. As a result, domain name registrars are under increasing pressure to do more to combat scams and misinformation during the COVID-19 pandemic. Continue reading Sipping from the Coronavirus Domain Firehose
Many U.S. government Web sites now carry a message prominently at the top of their home pages meant to help visitors better distinguish between official U.S. government properties and phishing pages. Unfortunately, part of that message is misleading and may help perpetuate a popular misunderstanding about Web site security and trust that phishers have been exploiting for years now. Continue reading US Government Sites Give Bad Security Advice
The total number of phishing sites detected by the Anti-Phishing Working Group (APWG) worldwide in October through December 2019 was 162,155, following the all-time-high of 266,387 attacks recorded in July through September 2019. Most menacing, however… Continue reading Almost three-quarters of all phishing sites now use SSL protection
Late last year saw the re-emergence of a nasty phishing tactic that allows the attacker to gain full access to a user’s data stored in the cloud without actually stealing the account password. The phishing lure starts with a link that leads to the real login page for a cloud email and/or file storage service. Anyone who takes the bait will inadvertently forward a digital token to the attackers that gives them indefinite access to the victim’s email, files and contacts — even after the victim has changed their password. Continue reading Tricky Phish Angles for Persistence, Not Passwords
Using a real Office 365 account at a legitimate company to send out lures helps phishers evade email defenses. Continue reading Office 365 Admins Targeted in Ongoing Phishing Scam
This is your Shared Security Weekly Blaze for June 3rd 2019 with your host, Tom Eston. In this week’s episode: US cities are being rampaged with ransomware, mobile phishing attacks on the rise, and do you know what your iPhone is doing while you … Continue reading Ransomware Rampage, Mobile Phishing Attacks, iPhone App Ad Trackers
Would your average Internet user would be any more vigilant against phishing scams if he or she faced the real possibility of losing their job after falling for one too many of these emails? Recently, I met someone at a conference who said his employer had in fact terminated employees for such repeated infractions. As this was the first time I’d ever heard of an organization actually doing this, I asked some phishing experts what they thought (spoiler alert: they’re not fans of this particular teaching approach). Continue reading Should Failing Phish Tests Be a Fireable Offense?
Users of Software-as-a-Service (SaaS) and webmail services are being targeted with increasing frequency, according to the APWG Q1 2019 Phishing Activity Trends Report. The category became the biggest target in Q1, accounting for 36 percent of all phish… Continue reading Phishing targeting SaaS and webmail services increased to 36% of all phishing attacks
According to the APWG’s new Phishing Activity Trends Report, after spiking in the spring, phishing has been taking place at a steady pace — but phishers are using new techniques to carry out their attacks – and obfuscate their origins – to make the mos… Continue reading Cybercrime gangs continue to innovate to hide their crimes