Many Global 2000 companies lack proper domain security

CSC released its third annual Domain Security Report that found three out of four Forbes Global 2000 companies have not adopted key domain security measures—exposing them to high risk of security threats. These companies have implemented less than half of all domain security measures. In addition, lookalike domains are targeting those companies as well—with 75% […]

Continue Reading

Phishing threats are increasingly convincing and evasive

In this Help Net Security video, Tonia Dudley, VP, CISO at Cofense, provides a look at the various changes seen in the phishing threat landscape. Dudley talks about the impact of credential phishing and business email compromise (BEC), which allow cybercriminals to steal substantial amounts of money from global organizations. The post Phishing threats are […]

Continue Reading

Phishing attacks skyrocketing, over 1 million observed

The APWG’s Phishing Activity Trends Report reveals that in the second quarter of 2022, the APWG observed 1,097,811 total phishing attacks — the worst quarter for phishing that APWG has ever observed. The total for June was 381,717 attacks or phishing sites. The number of phishing attacks reported has quadrupled since early 2020 — when […]

Continue Reading

Response-based attacks make up 41% of all email-based scams

Response-based attacks targeting corporate inboxes have climbed to their highest volume since 2020, representing 41 percent of all email-based scams targeting employees, during Q2 of this year. This is according to the latest Quarterly Threat Trends & Intelligence Report from Agari and PhishLabs. From April through June, researchers analyzed hundreds of thousands of phishing and […]

Continue Reading

Phishers steal Office 365 users’ session cookies to bypass MFA, commit payment fraud

A massive phishing campaign has been targeting Office 365 (i.e., Microsoft 365) users in over 10,000 organizations since September 2021 and successfully bypassing multi-factor authentication (MFA) set up to protect the accounts. The attackers use proxy servers and phishing websites to steal users’ password and session cookie. Their ultimate goal is to access finance-related emails […]

Continue Reading

Threat actors increasingly use third parties to run their scams

Abnormal Security released new research that showcases a rising trend in financial supply chain compromise as threat actors impersonate vendors more than ever before. In January 2022, the number of business email compromise (BEC) attacks impersonating external third parties surpassed those impersonating internal employees for the first time and has continued to exceed traditional internal […]

Continue Reading

Phishing reaches all-time high in early 2022

The APWG’s Phishing Activity Trends Report reveals that in the first quarter of 2022 there were 1,025,968 total phishing attacks—the worst quarter for phishing observed to date. This quarter was the first time the three-month total has exceeded one million. There were 384,291 attacks in March 2022, which was a record monthly total. In the […]

Continue Reading