All organizations wrestle with chronic phishing attacks that are the primary vectors through which malicious actors breach systems and spread malware. Most phishing attackers deliver their payloads on networks by crafting spoofed emails that look like they come from legitimate, authoritative senders. Those look-alike emails instead derive from domains deployed solely for malicious purposes. It’s…

Between late March and mid-April 2020, IBM X-Force Incident Response and Intelligence Services (IRIS) uncovered a phishing campaign targeting small businesses that appears to originate from the U.S. Government Small Business Administration (SBA.gov). The emails, which contain subjects and attachments related to the need for small businesses to apply for disaster relief loans or provide…

9,050,064,764 credentials have been recovered throughout 2019 which came from a total of 640 unique data breaches and include email addresses connected to plaintext passwords and usernames with plaintext passwords, SpyCloud reveals. That means, on average, each of these data breaches gave criminals more than 14 million sets of login credentials. Because people often reuse…

Nearly 90 percent of global organizations were targeted with BEC and spear phishing attacks in 2019, reflecting cybercriminals’ continued focus on compromising individual end users, a Proofpoint survey reveals. Seventy-eight percent also reported that security awareness training activities resulted in measurable reductions in phishing susceptibility. The report examines global data from nearly 50 million simulated…

Despite a nearly four-month absence, the return of Emotet within the last two weeks of September accounted for nearly 12 percent of all malicious email samples in Q3, delivering millions of messages with malicious URLs or attachments, Proofpoint found. Emotet returns, organizations need to react “Emotet’s return to the threat landscape and the latest sextortion…

The number of phishing attacks continued to rise into the autumn of 2019, according to APWG. The total number of phishing sites detected in July through September 2019 was 266,387. This was up 46 percent from the 182,465 seen in the second quarter of 2019, and almost double the 138,328 seen in Q4 2018. “This…

Phishing attacks continued to rise into the summer of 2019 with cybercrime gangs’ focus on branded webmail and SaaS providers remaining very keen, according to the APWG report. The report also documents how criminals are increasingly perpetrating business email compromise (BEC) attacks by using gift card cash-out schemes. The number of phishing attacks observed in…