Email inboxes still the weakest link in security perimeters

Over one-third of all security incidents start with phishing emails or malicious attachments sent to company employees, according to F-Secure. The single most common source of breaches analyzed in the report was attackers exploiting vulnerabilities in an organization’s Internet facing services, which accounted for about 21 percent of security incidents investigated by F-Secure’s incident responders. Phishing and […]

Phishing schemes net hackers millions of dollars from Fortune 500

Fortune 500 companies are losing millions of dollars due to new and sophisticated phishing scams conducted by cyberattackers, IBM has discovered. On Wednesday, researchers from IBM’s X-Force Incident Response and Intelligence Services (IRIS) team said the Business Email Compromise (BEC) scheme is currently active and is successfully targeting Accounts Payable (AP) teams at Fortune 500 […]

Phishing emails: The ticking time bomb in your inbox

With 3.7 billion users worldwide, who collectively send 269 billion messages every day, email remains the backbone of business communications. Even as other methods of collaboration find their way into the office, from instant messaging and social networking to chat-based applications like Slack, email is the primary way that many of us interact with our […]

How tricked 50,000 Snapchat users to sharing their login credentials

In late July, Snap’s director of engineering emailed the company’s team in response to an unfolding privacy threat. A government official from Dorset in the United Kingdom had provided Snap with information about a recent attack on the company’s users: a publicly available list, embedded in a phishing website named, that listed 55,851 Snapchat […]

Bitcoin thieves use Google AdWords to target victims

Researchers have uncovered a Bitcoin-stealing cybercriminal gang that has stolen millions of dollars by exploiting Google AdWords. On Wednesday, cybersecurity experts from Cisco Talos revealed that with the help of the Ukraine Cyberpolice, the team has been able to track and monitor the group over the past six months. In a blog post, researchers Jeremiah […]

Lazarus Group Attacks Banks, Bitcoin Users in New Campaign

The Lazarus Group has been discovered behind a new cyberattack campaign dubbed HaoBao targeting banks and Bitcoin users via spear phishing lures that deliver a new cryptocurrency scanner that hunts for Bitcoin wallets. The attack campaign uses spear-phishing emails impersonating job recruiters, a tactic previously seen from the group – widely believed by researchers to […]

This phishing trick steals your email and then fools your friends into downloading malware

There’s been a spike in the number of cyber-attacks that hijack ongoing email conversations and turn them into a vehicle for delivering malware. Conversation-hijacking attacks are when hackers manage to infiltrate legitimate email threads between people, and use highly-customised phishing techniques to make it look as if the victim is the one sending messages back and […]

Credential phishing kits target victims differently depending on location

There is a new attack vector in town – the customization of phishing kits. In a recent case uncovered by PhishMe Intelligence, a phishing kit was crafted to target residents of specific regions using either TrickBot or Locky. Instead of determining what malware to deploy, this kit determined what personal information to collect from its victims. […]

Phishing attacks: How hunting down fake websites is making life harder for hackers

Cybercriminals are finding it more difficult to maintain the malicious URLs and deceptive domains used for phishing attacks for more than a few hours because action is being taken to remove them from the internet much more quickly. That doesn’t mean that phishing — one of the most common means of performing cyber-attacks — is […]

BEC scams surge, cybercriminals target nearly all organizations

96 percent of organizations have received business email compromise (BEC) emails during the second half of 2017, according to Agari. “BEC is a particularly effective attack vector because its lack of payload makes it nearly impossible for conventional email security solutions to detect and prevent,” said Markus Jakobsson, chief scientist, Agari. “At its core, business email compromise […]