Beware of New Coronavirus Wiper Malware
Apr03

Beware of New Coronavirus Wiper Malware

A new wiper malware has been detected that uses a similar method to the 2017 NotPetya wiper malware to trash computers by overwriting the Master Boot Record (MBR) to render computers useless. Named Coronavirus, this wiper malware is being used purely for the purpose of sabotage. The malware variant was analyzed by researchers at SonicWall Capture Labs Threat Research. The researchers report that the malware variant is not as...

Read More
Phishing Campaigns Using Offer of Coronavirus Financial Relief as Lure
Apr02

Phishing Campaigns Using Offer of Coronavirus Financial Relief as Lure

Governments around the world are developing financial relief packages to help citizens that have been unable to work due to the coronavirus and are facing extreme financial difficulties, and cybercriminals are taking advantage. Campaigns have been detected that use the offer of financial relief due to the coronavirus pandemic as a lure to trick people into disclosing sensitive information or installing malware. Over the past few...

Read More
Database Containing Extensive Information of 200 Million Americans Exposed Online
Mar24

Database Containing Extensive Information of 200 Million Americans Exposed Online

A database on the Google Cloud platform containing 800 gigabytes of data and over 200 million user records has been misconfigured and was exposed online, according to researchers at CyberNews. The database contained a folder that included detailed information on around 200 million Americans, including full names, phone numbers, email addresses, dates of birth, credit ratings, home addresses, mortgaged property addresses, number of...

Read More
WHO Director-General Impersonated in Spam Campaign Delivering HawkEye Keylogger and Malware Downloader
Mar20

WHO Director-General Impersonated in Spam Campaign Delivering HawkEye Keylogger and Malware Downloader

Another coronavirus-themed phishing campaign has been detected impersonating the World Health Organization (WHO), or more specifically, the Director-General of WHO, Dr. Tedros Adhanom Ghebreyesus. The campaign was identified by security researchers at IBM X-Force Threat Intelligence who report that several waves of spam have already been delivered. The threat actors behind the campaign are using spam emails to distribute a malware...

Read More
Microsoft Announces Takedown of Necurs Botnet
Mar11

Microsoft Announces Takedown of Necurs Botnet

Microsoft has announced it has seized the U.S. command and control infrastructure of the Necurs botnet and has taken steps to prevent the infrastructure from being recreated. The Necurs botnet is one of the largest spamming and malware distribution networks ever created. The botnet consists of more than 9 million zombie devices that have been infected with Necurs malware and are under the control of the botnet operators. The botnet is...

Read More
Several New Coronavirus-Themed Phishing Scams and Malspam Campaigns Detected
Mar09

Several New Coronavirus-Themed Phishing Scams and Malspam Campaigns Detected

Further email campaigns have been detected that are using the novel coronavirus (COVID-19) outbreak as a lure to spread malware, phish for sensitive data, and fool people into making donations to fake charities. The World Health Organization has previously issued a warning that cybercriminals were using its logos in malicious email campaigns and those campaigns have continued. Campaigns have also been detected impersonating the...

Read More
74% of Phishing Sites Now Use HTTPS
Feb27

74% of Phishing Sites Now Use HTTPS

The latest phishing activity trends report from the Anti-Phishing Working Group (APWG) shows a decline in the number of detected phishing sites after the 3-year high seen in Q3, 2019. Between October 2019 and December 2019, 162,155 phishing sites were detected, down from 266,387 in Q3. In Q4, 2019, the number of phishing site detections was closer to the mean level in 2019. An average of 333 brands were impersonated in phishing...

Read More
Phishers’ Favorite Report Reveals Massive Increase in WhatsApp Phishing URLs
Feb26

Phishers’ Favorite Report Reveals Massive Increase in WhatsApp Phishing URLs

The Q4, 2019 Phishers’ Favorite report from email security firm Vade Secure shows PayPal is the most impersonated brand in phishing attacks, making it two successive quarters at the top of the list. In Q4, 2019, Vade Secure detected 11,392 new PayPal phishing URLs at a rate of 124 new URLs a day. While the number of new PayPal URLs fell 31.2% from Q3, 2019, detections are up 23% on this time last year. Second place went to Facebook,...

Read More
Q4 2019 Threat Report Reveals Emotet Dominates Threat Landscape
Feb20

Q4 2019 Threat Report Reveals Emotet Dominates Threat Landscape

The Q4, 2019 Threat Report from cybersecurity firm Proofpoint has confirmed Emotet was the biggest malware threat in 2019, accounting for 37% of all malicious payloads in 2019, even though for several months of 2019 Emotet was inactive. Emotet activity is up considerably from 2018, when it accounted for 28% of malicious payloads for the year. In Q4, 2019, Emotet accounted for 31% of all malicious payloads. Banking Trojans also proved...

Read More
LokiBot Trojan Masquerades as Epic Games Software Installer
Feb19

LokiBot Trojan Masquerades as Epic Games Software Installer

Threat actors behind the LokiBot Trojan, an information stealer and a backdoor that gives attackers access to Windows systems, are using a new tactic to install their Trojan: Impersonation of a legitimate software installer used by EPIC Games, the gaming company behind the hugely popular free-to-play game Fortnite. LokiBot was first identified around 5 years ago and it is constantly tweaked and updated. LokiBot can steal sensitive...

Read More
Fresh Warnings Issued About Coronavirus Phishing Scams
Feb18

Fresh Warnings Issued About Coronavirus Phishing Scams

Fresh warnings have been issued about coronavirus phishing scams that are being conducted to steal sensitive data and spread malware. Multiple threat actors are taking advantage of fear about COVID-19 to conduct attacks, and as February has progressed, the number of COVID-19-themed phishing campaigns has increased dramatically. Earlier this month, the U.S. Federal Trade Commission (FTC) issued an alert warning that cybercriminals were...

Read More
Phishing Attack Results in $2.6 Million Loss for Puerto Rico Government
Feb17

Phishing Attack Results in $2.6 Million Loss for Puerto Rico Government

A Puerto Rican government employee has been duped by a phishing scam and wired more than $2.6 million to an account controlled by the scammers. The money had been allocated for remittance payments and was sent to a seemingly legitimate bank account on January 17, but it was later discovered that the transfer was fraudulent. The Puerto Rico government has managed to freeze some of the funds, and efforts are ongoing to recover the...

Read More
BEC Attacks Account for More Than Half of All Losses to Cybercrime
Feb13

BEC Attacks Account for More Than Half of All Losses to Cybercrime

Business email compromise attacks are the most financially damaging form of cybercrime, according to the 2019 Internet Crime Report from the FBI’s Internet Crime Complaint Center (IC3). In 2019, IC3 received 467,361 complaints about cybercrime and victims of those crimes reported losses of $3.5 billion. BEC attacks only accounted for 23,775 of those attacks (5.08%), yet they resulted in losses of $1.77 billion – 50.57% of all reported...

Read More
UK Community Housing Firm Suffers £932,000 Loss to BEC Scam
Feb05

UK Community Housing Firm Suffers £932,000 Loss to BEC Scam

High Wickham-based Red Kite Community Housing recently announced it has lost £932,000 ($1.2 million) to a business email compromise (BEC) scam. BEC is the leading cause of financial losses due to cybercrime. The attacks involve compromising or spoofing a corporate or vendor’s email account and using the account to send messages to individuals responsible for wire transfers. The scammers arrange fraudulent wire transfers or change the...

Read More
Ashley Madison Extortion Scams Show Repercussions from Data Breaches Can Last Forever
Feb04

Ashley Madison Extortion Scams Show Repercussions from Data Breaches Can Last Forever

Almost five years ago, Ashley Madison experienced a massive data breach. Hackers stole the information from 32 million accounts and the data was dumped online. Included in that data set were names, phone numbers, addresses, credit card details, passwords and other sensitive information. That information was used in a plethora of scams, spam campaigns, and many users suffered fraud as a result. There were even several suicides as a...

Read More
Beware of Coronavirus Themed Phishing Attacks
Jan31

Beware of Coronavirus Themed Phishing Attacks

The novel coronavirus that originated in the province of Wuhan in China has now spread to other countries, with Japan and Thailand the worst affected so far with 14 cases. People are naturally worried about infection and with good reason. More than 200 people are known to have died so far. In Japan, people have been receiving emails warning of new infections in their prefectures. The emails have file attachments that appear to be...

Read More
55% of Organizations Were Successfully Phished in 2019
Jan27

55% of Organizations Were Successfully Phished in 2019

Phishing is the most common method of attacking organizations and it continues to cause problems for IT departments and considerable losses for organizations. A new report from Proofpoint has revealed the extent of phishing and how often the attacks succeed. The data for the report came from a survey of more than 3,500 working adults and 600 cybersecurity professionals in Australia, France, Germany, Japan, Spain, the United States,...

Read More
CISA Warns of Increase in Emotet Malware Activity
Jan24

CISA Warns of Increase in Emotet Malware Activity

The U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning over an increase in Emotet malware activity. The Emotet botnet sprung back to life on January 13, 2020 with largescale spamming campaigns detected spreading the Emotet Trojan. The Emotet Trojan is a modular malware that serves as a banking Trojan, information stealer, and malware downloader. The Trojan can move...

Read More
The Emotet Botnet is Back in Action Sending Spam with New Lures to Fool the Unwary
Jan22

The Emotet Botnet is Back in Action Sending Spam with New Lures to Fool the Unwary

There was a welcome Christmas break from the Emotet botnet, but life has returned to normal and it is well and truly back in action. Millions of malspam emails are now being sent spreading the Emotet Trojan in more than 80 countries. The emails contain attachments that are used to install the information stealing Emotet Trojan. Since Emotet is itself a malware downloader, that may not be the only malicious payload that is deployed....

Read More
TitanHQ’s Web and Email Security Solutions Now Available for Pax8 Partners
Jan22

TitanHQ’s Web and Email Security Solutions Now Available for Pax8 Partners

Pax8, the multi-award-winning cloud distribution company, has formed a new strategic partnership with TitanHQ, the leading provider of cloud-based email and web security solutions for managed service providers serving the SMB market. In order to block an increasingly diverse range of cyberthreats and effectively mitigate risk, a layered approach to security is required. Cybersecurity solutions need to be used to protect mobile...

Read More
Microsoft Takes Down 50 Phishing Domains Used by North Korea-Backed Threat Group
Jan02

Microsoft Takes Down 50 Phishing Domains Used by North Korea-Backed Threat Group

Microsoft has sought help from the courts to take down domains used by the North Korea-backed hacking group, Thallium (APT37). After securing the court order from the U.S. District Court for the Eastern District of Virginia, 50 that were being used by the hacking group to attack the United States have now been seized. Microsoft’s Digital Crimes Unit (DCU) and Threat Intelligence Center (MSTIC) have been tracking the activity of the...

Read More
SpamTitan Scores Big on Business Review Websites
Dec16

SpamTitan Scores Big on Business Review Websites

TitanHQ is the leading provider of cloud-based email security to Managed Service Providers (MSPs) serving the SMB market and its email security solution, SpamTitan, is well loved by SMBs and MSPs alike. SpamTitan is consistently rated highly by end users on the leading business software review sites and is routinely awarded scores in excess of 4.5 out of 5 by end users, with a high percentage giving top marks across all rating...

Read More
Microsoft Issues Warning About Spear Phishing Attacks
Dec03

Microsoft Issues Warning About Spear Phishing Attacks

Phishing attacks have been increasing steadily throughout 2019. Most of the phishing emails being sent are part of large campaigns sent randomly using huge lists of email addresses, but not all. Some of the campaigns are far more targeted and are sent to only a handful of individuals – To individuals in a specific department in a company, for instance. Some of the attacks are even more targeted and are just sent one person. These...

Read More
Google Sent 12,000 Warnings About State-Sponsored Phishing and Hacking Campaigns in Q3, 2019
Nov29

Google Sent 12,000 Warnings About State-Sponsored Phishing and Hacking Campaigns in Q3, 2019

A recent report from Google’s Threat Analysis Group (TAG) has shed light on the extent to which government-sponsored hacking and phishing campaigns are being conducted. In Q3, 2019, Google sent more than 12,000 warnings to users about state-sponsored phishing campaigns. These hacking, phishing, and disinformation campaigns have remained steady over the past two years, with a similar number of warnings issued in the corresponding...

Read More
Phishing Attacks at Highest Level Since 2016
Nov20

Phishing Attacks at Highest Level Since 2016

A new report from the Anti-Phishing Working Group (APWG) shows phishing attacks are occurring at levels not seen since 2016. The quarterly phishing reports from APWG are compiled from data supplied by APWG members such as Agari, MarkMonitor, RIskIQ, and PhishLabs. The reports provide insights into the methods used by phishers and the extent to which businesses and consumers are being attacked. In Q3, 2019, more than 86,000 unique...

Read More
New Phishing Campaign Detected Targeting Office 365 Administrators
Nov19

New Phishing Campaign Detected Targeting Office 365 Administrators

PhishLabs has identified an ongoing phishing campaign targeting Office 365 administrators. The aim of the campaign is to obtain Office 365 admin credentials. Phishers face several challenges. Their own domains are likely to have a low trust score, which makes it easy for antispam solutions to identify their messages as malicious. To get around this issue, they need to obtain the credentials for a legitimate email account on a clean...

Read More
TitanHQ Releases SpamTitan Version 7.06 and New RESTapi
Nov18

TitanHQ Releases SpamTitan Version 7.06 and New RESTapi

On November 12, 2019, TitanHQ released a new version of its award-winning anti-phishing and anti-spam solution, SpamTitan. SpamTitan v7.06 includes a new RESTapi to help clients and partners ensure seamless integrations. The latest version of SpamTitan has already been applied for users of the cloud-based spam filtering service. Users of the software solution, SpamTitan Gateway, have had the new version downloaded, although they will...

Read More
Fortinet Threat Landscape Report Confirms Increase in Malware-as-a-Service Edge Surface Attacks
Nov14

Fortinet Threat Landscape Report Confirms Increase in Malware-as-a-Service Edge Surface Attacks

The recently released Fortinet Threat Landscape Report for Q3, 2019 shows hackers are targeting edge services and malware-as-a-service continues to grow in popularity. While there are many methods of delivering malware, email remains the most common delivery vector, being implicated in 90% of malware attacks. Businesses are realizing the importance of implementing powerful email security solutions to block email threats. End users are...

Read More
CISA Issues Warning About Holiday Season Scams
Nov12

CISA Issues Warning About Holiday Season Scams

‘Tis the season to be jolly, especially if you are a scammer. In the run up to holiday season, cybercriminals go into overdrive and are ready and waiting to take advantage of the millions of online shoppers looking to secure a bargain. Holiday season scams are plentiful, highly varied, convincing, and often successful. This year, the U.S. government is warning consumers to be on high alert for holiday season scams that aim to obtain...

Read More
Highly Convincing Phishing Scam Uses Fake WebEx Client to Deliver RAT
Nov11

Highly Convincing Phishing Scam Uses Fake WebEx Client to Deliver RAT

A new phishing scam has been detected that uses a WebEx meeting request as a lure to get business users to download a remote access Trojan that masquerades as the WebEx client (WebEx.exe). The campaign was detected by Alex Lanstein and shared on Twitter. The meeting request is a carbon copy of a genuine WebEx meeting notification email. As with the real meeting requests, the email contains a Join Meeting button, which the user needs...

Read More
Ministry of Justice Phishing Scam Uses Subpoena Notification as Lure
Nov07

Ministry of Justice Phishing Scam Uses Subpoena Notification as Lure

A new phishing campaign has been detected that uses subpoenas from the UK Ministry of Justice as a lure to get users to click a link that triggers the download of a malicious Word document that installs the Predator the Thief information stealer. As with countless other phishing campaigns, the emails use fear and urgency to get users to take action. The emails appear to have been sent from a Ministry of Justice email account, include...

Read More
Office 365 Phishing Scam Uses Offer of a Pay Rise as a Lure
Nov05

Office 365 Phishing Scam Uses Offer of a Pay Rise as a Lure

A new phishing scam has been detected targeting Office 365 users which attempts to convince employees to visit a website hosting a phishing form using an offer of a pay rise as a lure. According to Cofense, the emails used in the campaign spoof a company’s HR department and appear to have been sent internally. This is achieved through the manipulation of the nickname that is displayed by the mail client. The emails contain a link to a...

Read More
Proofpoint Acquires ObserveIT in $225 Million Deal
Nov05

Proofpoint Acquires ObserveIT in $225 Million Deal

The Sunnydale, CA-based cybersecurity firm Proofpoint has announced it has entered into a definitive agreement to acquire the data loss prevention (DLP) and insider threat management firm ObserveIT for $225 million. For several months there has been speculation that Proofpoint will be moving into DLP to better protect its clients from sophisticated cyberattacks and insider threats. The announcement has confirmed that that those...

Read More
7.5 Million Adobe Creative Cloud Users Warned of Data Breach
Oct28

7.5 Million Adobe Creative Cloud Users Warned of Data Breach

Adobe has announced that a vulnerability has exposed the private information of approximately 7.5 million Adobe Creative Cloud users. The information was contained in an Elasticsearch database, which could be accessed by anyone via a web browser without any authentication required. Fortunately, only basic customer information was exposed. No financial information or passwords were stored in the database, only basic information about...

Read More
TitanHQ Enjoys Record Breaking Growth in MSP Business
Oct23

TitanHQ Enjoys Record Breaking Growth in MSP Business

It has been a busy quarter for TitanHQ. Q3, 2019 has been the busiest ever month for MSP growth in the Irish cybersecurity company’s 20-year history. From humble beginnings selling spam filtering appliances to businesses in its native Ireland, TitanHQ developed its own cybersecurity solutions for SMBs and managed service providers serving the SMB market and is now a global brand and the leading provider of cloud-based email security...

Read More
Gartner Peer Insights Customers’ Choice for Email Security for 2019
Oct23

Gartner Peer Insights Customers’ Choice for Email Security for 2019

The Lexington, MA-based email security company Mimecast has been named a Gartner Peer Insights Customers’ Choice for Email Security for 2019. Gartner Peer Insights is a review platform for IT products and services where users of software and services can submit reviews of their experiences with the solutions. The platform includes more than 215,000 verified customer reviews in 340 markets. When sufficient numbers of reviews are...

Read More
Phorpiex Botnet Sending 30,000 Sextortion Emails an Hour
Oct18

Phorpiex Botnet Sending 30,000 Sextortion Emails an Hour

Sextortion may be nothing new, but it has certainly proven popular with cybercriminals in recent months. Sextortion emails threaten to expose sordid details of the activities of their victims unless payment is made. One of the most common scams claims that the sender of the email is a hacker who has hijacked the victim’s webcam and recorded footage of a user viewing pornography. The supposed hacker claims to have also recorded the...

Read More
Business Email Compromise Attacks Increased by 269% in Q2, 2019
Oct09

Business Email Compromise Attacks Increased by 269% in Q2, 2019

Figures from Mimecast show there has been a sharp rise in business email compromise (BEC) attacks in Q2, 2019. Compared to Q1, 2019, BEC attacks increased by 269% in Q2. Business email compromise attacks involve the use of a compromised business email account to conduct attacks on employees within the organization or their customers. The latter are now much more common than CEO fraud attacks, which involve impersonating the CEO and...

Read More
Agari Announces Fall 2019 Release of its Secure Email Cloud Email Security Solution
Sep26

Agari Announces Fall 2019 Release of its Secure Email Cloud Email Security Solution

Agari has announced the Fall 2019 release of its AI-powered email security solution, Secure Email Cloud. The latest updates include new features to improve protection against advanced email security threats. The Agari Secure Email Cloud leverages threat intelligence gathered from trillions of emails which is used to keep inboxes free from phishing and spear phishing emails. The solution also provides protection against business email...

Read More
SpamTitan Named Leader in G2 Crowd 2019 Summer Grid Report for Cloud Email Security
Sep19

SpamTitan Named Leader in G2 Crowd 2019 Summer Grid Report for Cloud Email Security

The independent business software review platform, G2 Crowd, has named SpamTitan leader in cloud email security in its Grid Summer 2019 Report. This is the third consecutive quarter where SpamTitan has been named leader in cloud-based email security, and this quarter is joined by Proofpoint Email Security Protection and Barracuda Email Security Gateway. The G2 Crowd Grid reports rate companies based on market presence and customer...

Read More
New IRS Tax Refund Phishing Campaign Distributes Amadey Botnet
Sep19

New IRS Tax Refund Phishing Campaign Distributes Amadey Botnet

A new phishing campaign has been detected targeting U.S. taxpayers offering fake tax refunds. The emails spoof the Internal Revenue Service (IRS) and claim that the recipient is entitled to claim a tax refund. The emails include a “Login Right here” button for users to click to arrange their tax refund together with a one-time password. If the button is clicked, the user will be directed to a spoofed IRS login page where the password...

Read More
New Distribution Agreement Between GFI Software and Infinigate
Sep18

New Distribution Agreement Between GFI Software and Infinigate

GFI Software has announced it has signed a new distribution agreement with Infinigate, one of Europe’s largest Value Added Distributors. GFO Software already has distribution agreements with Infinigate covering Germany, the Netherlands, Scandinavia, and the United Kingdom. The new agreement will cover France and is expected to see GFI Software solutions pushed to customers throughout the country. “We have established successful...

Read More
Emotet is Back in Action and Delivering TrickBot and Ryuk Ransomware
Sep18

Emotet is Back in Action and Delivering TrickBot and Ryuk Ransomware

It has been all quiet on the Emotet front for the past four months, but the infamous botnet is back with a vengeance. A large-scale spam campaign has been detected that is distributing the versatile Emotet banking Trojan via malicious Word macros. The malspam campaign was detected by researchers at Malwarebytes who identified an uptick in command and control server activity and an email campaign distributing malicious messages in...

Read More
Don’t Neglect the Human Factor – Employee Security Awareness Training is Essential
Sep13

Don’t Neglect the Human Factor – Employee Security Awareness Training is Essential

Cybercriminals are attacking businesses by exploiting the weakest link in the security chain – Employees. Attacks exploiting the human factor are far easier to pull off that attempting to find remote code execution vulnerabilities. They are also much quicker and less resource-heavy than brute force attacks. A single phishing email can be all it takes for malware to be installed on a network or for account credentials and sensitive...

Read More
Proofpoint Partners with CrowdStrike to Better Protect Endpoints and Email Systems from Cyberattacks
Sep05

Proofpoint Partners with CrowdStrike to Better Protect Endpoints and Email Systems from Cyberattacks

Proofpoint has announced it has formed a strategic partnership with CrowdStrike to help joint customers improve endpoint security and defend against email -based cyberattacks. CrowdStrike is a leading provider of cloud-delivered endpoint security and Proofpoint has developed a suite of solutions that provide protection from advanced threats and helps identify and address compliance risks. The partnership will initially see...

Read More
43% of UK SMEs Have Experienced an Email Impersonation Attack in the Past 12 Months
Sep04

43% of UK SMEs Have Experienced an Email Impersonation Attack in the Past 12 Months

43% of UK small and medium-sized enterprises (SMEs) in the United Kingdom have experienced a business email compromise (BEC) or email impersonation attack in the past 12 months, according to a new study by data analytics firm, CybSafe. For the study, CybSafe surveyed 250 IT decision makers from SMEs in the United Kingdom and asked about the cybersecurity incidents they had experienced and the measures they have put in place to thwart...

Read More
Google Docs Phishing Campaign Bypasses Email Security Solutions to Deliver TrickBot Trojan
Sep03

Google Docs Phishing Campaign Bypasses Email Security Solutions to Deliver TrickBot Trojan

A phishing campaign has been detected that uses Google Docs to bypass email security solutions and ensure the emails are delivered to end users’ inboxes. The campaign was detected by security researchers at Cofense, who found the emails were bypassing Proofpoint’s email security gateway solution and were not identified as malicious. The scammers use a legitimate Google account to send emails that link to a document on Google Docs. The...

Read More
Phishing Campaign Uses Fake Resumes Used to Deliver Quasar RAT
Aug29

Phishing Campaign Uses Fake Resumes Used to Deliver Quasar RAT

Fake resumes are being used in a phishing campaign targeting HR departments which delivers Word documents containing a malicious macro that downloads the Quasar Remote Access Trojan (RAT), according to Cofense researchers. The Quasar RAT is an open source malware available on GitHub. The malware is used by many APT groups for espionage, network exploitation, logging keystrokes, stealing passwords, recording webcam footage, and taking...

Read More
Multi-Factor Authentication Stops 99.9% of Automated Cyberattacks
Aug28

Multi-Factor Authentication Stops 99.9% of Automated Cyberattacks

A new report from Microsoft suggests 99.9% of all automated cyberattacks on Microsoft platforms and other online services are blocked by multi-factor authentication, highlighting the importance of this security measure for stopping data breaches. Microsoft says that there are more than 300 million fraudulent sign-in attempts to Microsoft cloud services every day and that figure is steadily growing. There are also around 167 million...

Read More
IRS Warns of Phishing Scam Targeting Taxpayers and Tax Professionals
Aug27

IRS Warns of Phishing Scam Targeting Taxpayers and Tax Professionals

The Internal Revenue Service (IRS) has issued a warning to U.S. taxpayers and tax professionals about a new nationwide phishing campaign that is spreading keylogging malware. The emails appear to have been sent by the IRS and alerts taxpayers and tax professionals to an issue with their electronic tax returns. Users are required to click the link in the email to access information about their tax refund. The emails include a hyperlink...

Read More
Study Highlights Risk of Lateral Phishing Attacks
Aug21

Study Highlights Risk of Lateral Phishing Attacks

Phishing is the use of impersonation to trick another person into disclosing sensitive information. Phishing can take place over the Internet, telephone, or via text message, but email is the most common attack vector. There are many reasons for compromising email accounts and a variety of tactics are used depending on the end goal. With Business Email Compromise (BEC) the aim is to gain access to the CEO’s email account and use it to...

Read More
New Threat Intelligence Report Provides Insights into Email-Based Malware Attacks
Aug08

New Threat Intelligence Report Provides Insights into Email-Based Malware Attacks

A new report has been released that contains an analysis of the most common malware threats that are delivered via email, the most targeted industry sectors, and some of the tactics and techniques cybercriminals are using to infiltrate business networks. For its Threat Intelligence Report: Black Hat Edition 2019, Mimecast analyzed more than 67 billion emails that its email security solution rejected from more than 160 billion messages...

Read More
TitanHQ Partners with Leading UK MSP, OneStopIT
Aug05

TitanHQ Partners with Leading UK MSP, OneStopIT

TitanHQ has announced it has partnered with one of the leading managed service providers in the UK, OneStopIT. Edinburgh-based OneStopIT was formed in 2003 to help small- and medium-sized businesses implement enterprise-grade IT solutions and best practices at an affordable price. Under the new partnership, OneStopIT will be offering its customers protection from email threats with SpamTitan Email Security, web-based threat protection...

Read More
U.S. Utilities Targeted in Phishing Campaign Spreading New RAT
Aug05

U.S. Utilities Targeted in Phishing Campaign Spreading New RAT

U.S. utilities are being targeted in a phishing campaign distributing a new malware variant called LookBack. The spear phishing campaign impersonates a U.S. engineering licensing board and lures recipients into opening an attached Word document. The emails impersonate the U.S. National Council of Examiners for Engineering and Surveying (NCEES) and claim that the recipient has failed an NCEES examination. Further information about the...

Read More
Phishing Campaign Targets Administrator Credentials with Office Alerts
Jul22

Phishing Campaign Targets Administrator Credentials with Office Alerts

A new phishing campaign has been identified which uses Office 365 admin alerts as a lure to get administrators to click and disclose their login credentials. A hacker can use phishing emails to obtain Office 365 credentials and gain access to an employee’s email account. That account can be used to send further phishing emails to contacts and colleagues. The hacker also has access to sensitive data in emails and email attachments. If...

Read More
Phishing Campaign Uses Fake Office 365 Site to Download Trickbot Trojan
Jul19

Phishing Campaign Uses Fake Office 365 Site to Download Trickbot Trojan

The Trickbot Trojan is being distributed via a new fake Office 365 phishing website. The website is virtually identical to official Microsoft Office 365 site, complete with a realistic looking URL – get-office365[.]live. Nothing appears untoward on the site. Even all the URLs point to webpages on Microsoft domains. However, a few seconds after landing on the site a popup warning will appear from either the Chrome Update Center...

Read More
Phishing Campaign Uses SHTML Files to Redirect Users to Malicious Websites
Jul19

Phishing Campaign Uses SHTML Files to Redirect Users to Malicious Websites

A novel new phishing campaign has been detected that uses an unusual method of directing users to malicious websites that harvest credentials. Phishing campaigns typically use embedded hyperlinks in the message body. Advanced email security solutions can detect and assess the URLs to determine whether they are malicious. To get around this, hyperlinks are often hidden in documents or macros or scripts are hidden in other types of...

Read More
$301 Million Lost to BEC Scams Every Month
Jul18

$301 Million Lost to BEC Scams Every Month

The number of successful Business Email Compromise (BEC) scams has increased significantly over the past two years, according to a new financial trend analysis report from FinCEN. BEC scams involve gaining access to a business email account and using that account to send a request to the payroll or accounts department requesting a wire transfer be made. In order for the scam to work, the compromised account must belong to someone who...

Read More
2019 Beyond the Phish Report Reveals Employees Have Significant Cybersecurity Knowledge Gaps
Jul12

2019 Beyond the Phish Report Reveals Employees Have Significant Cybersecurity Knowledge Gaps

A survey conducted by the Sunnyvale, CA-based cybersecurity company Proofpoint has revealed end users are unsure how to protect sensitive data and lack the skills to identify phishing threats. For the latest Beyond the Phish report, Proofpoint analyzed the responses to almost 130 million cybersecurity questions in 14 categories. The survey was conducted on employees in 16 industries across 20 different department classifications. The...

Read More
City of Griffin Wires $800,000 to BEC Scammers
Jul10

City of Griffin Wires $800,000 to BEC Scammers

A business email compromise attack on the city of Griffin, GA, has resulted in two payments totaling $800,000 being made to accounts controlled by the scammers. Business email compromise (BEC) attacks are scams in which the email account of a company is compromised and used to send a request to the finance department or a third party to make a fraudulent wire transfer payment. Access to the email is usually gained with a spear...

Read More
TA505 Hacking Group Spam Campaigns Distributing Gelup Downloader and FlowerPippi Backdoor
Jul05

TA505 Hacking Group Spam Campaigns Distributing Gelup Downloader and FlowerPippi Backdoor

Several recent spam campaigns have been linked to the hacking group TA505. The campaigns distribute a malware downloader – AndroMut or Gelup – and the FlowerPippi backdoor. Security researchers at Trend Micro and Proofpoint have detected campaigns attacking targets in Argentina, Japan, India, the Philippines, and the Middle East. The malware downloader is installed via a malicious attachment sent in spam emails. TA505 attaches a...

Read More
Phishing-as-a-Service Helping to Fuel Increase in Phishing Attacks
Jul02

Phishing-as-a-Service Helping to Fuel Increase in Phishing Attacks

If a task is time consuming or difficult, there is usually someone willing to offer it as a service. That can now be said of phishing. There are a growing number of criminals offering phishing-as-a-service to help wanna-be criminals conduct phishing campaigns. At the basic level, phishing is a relatively straightforward way of attacking an organization. It is also low cost and requires little in the way of hacking skill. That said,...

Read More
QR Code Phishing Scam Targets Cofense Customers
Jun28

QR Code Phishing Scam Targets Cofense Customers

A new phishing campaign has been detected that uses QR codes to hide the hyperlink to a phishing webpage. Not only does this tactic bypass security solutions that search for potentially malicious URLs, by using a QR code the recipient must switch from the business network to their mobile phone to view the document. The corporate network may have a web filter, sandboxes, and other cybersecurity protections to prevent users from...

Read More
Agari Announces Summer 2019 Release of its Secure Email Cloud Email Security Solution
Jun27

Agari Announces Summer 2019 Release of its Secure Email Cloud Email Security Solution

Agari has announced the Summer 2019 release of its email security solution, Secure Email Cloud. The Summer release includes major code upgrades and new features to enhance protection against email security threats such as phishing, spear phishing, business email compromise, and zero-day threats. The latest release also provides improved insights into email-based threats targeting companies in the APAC region. One of the main upgrades...

Read More
Malspam Campaign Delivers Nanocore and Loki Bot Malware in ISO Files
Jun25

Malspam Campaign Delivers Nanocore and Loki Bot Malware in ISO Files

In April, several different malspam campaigns were intercepted which attempted to deliver Nanocore and Loki Bot malware concealed inside small ISO image files of between 1MB and 2MB. Prior to executing ISO files, it used to be necessary to use a program to mount them. However, most modern computers can execute the files on request and will automatically mount the images and display the contents. Security awareness training will no...

Read More
Free GandCrab Ransomware Decryptor Released for Versions 5.0 and 5.2
Jun18

Free GandCrab Ransomware Decryptor Released for Versions 5.0 and 5.2

Bitdefender has released a decryption tool that can be used to recover files encrypted by all GandCrab ransomware variants, including 5.0 and 5.2. Three decryptors have previously been developed for specific GandCrab ransomware versions. However, as soon as a decryptor was developed, a new version of the ransomware was released. GandCrab ransomware was one of the most widely used ransomware variants in 2018. Since it was first...

Read More
Netflix Phishing Scam Targets Users in Ireland
Jun16

Netflix Phishing Scam Targets Users in Ireland

Netflix users in Ireland are being warned to be wary of a new Netflix-themed phishing scam that attempts to get users to reveal sensitive information under the ruse of correcting an error in their account. The emails include Netflix branding and at first glance appear to be a genuine communication from the online streaming service. The emails start with “Dear customer” and explain that an error has been detected in the user’s Netflix...

Read More
GandCrab Ransomware Gang to Retire Within a Month
Jun03

GandCrab Ransomware Gang to Retire Within a Month

The cybercriminal gang behind GandCrab ransomware will be retiring in a month and their operation will be shut down. The gang announced on a popular hacking forum where the ransomware has previously been advertised that the ransomware-as-a-service operation will soon be no more and that ‘all the good come to an end.’ According to the post, the ransomware has been earing around $2.5 million a week and the gang claims around $2 billion...

Read More
Emotet was the Biggest Email Threat in Q1
May31

Emotet was the Biggest Email Threat in Q1

A new report from Proofpoint has confirmed Emotet was the biggest email-based threat in the first quarter of 2019. The popularity of the malware is not surprising. While Emotet was once just a banking Trojan, it can now be used to deliver other malware variants and can even distribute itself automatically by sending copies of itself via spam email on a compromised device. Emotet is now classed as a botnet, as it is being used to...

Read More
TrickBot Trojan Now Using URL Redirects to Fool End Users and Cybersecurity Solutions
May21

TrickBot Trojan Now Using URL Redirects to Fool End Users and Cybersecurity Solutions

The Trickbot banking Trojan is one of the biggest cyber threats faced by businesses. Trickbot is primarily a banking Trojan that is used to obtain login credentials to online bank accounts. The malware can also steal from Bitcoin wallets and harvest email credentials and steal other sensitive data. The malware is one of the most active banking Trojans in use, second only to Emotet. The malware is primarily distributed via spam and...

Read More
International Law Enforcement Operation Shuts Down Goznym Malware Gang
May17

International Law Enforcement Operation Shuts Down Goznym Malware Gang

The international criminal gang behind the infamous Goznym malware has been disbanded following a complex law enforcement investigation in Bulgaria, Germany, Georgia, Moldova, Ukraine, and the United States. The investigation has resulted in indictments for ten defendants, five of whom have been apprehended: Two in Germany, one in Bulgaria, one in Moldova, and the alleged leader of the gang in Georgia. Five Russian nationals involved...

Read More
DHS Cybersecurity and Infrastructure Security Agency Issues Guidelines for O365 Migrations
May14

DHS Cybersecurity and Infrastructure Security Agency Issues Guidelines for O365 Migrations

The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has issued a set of guidelines and best practices to help organizations migrate to Microsoft Office 365 and avoid introducing vulnerabilities that could make it easier for cybercriminals to conduct attacks and gain access to Office 365 accounts. There has been a major increase in the number of organizations that have transitioned to...

Read More
Antivirus Tool Used by Dharma Ransomware to Hide Malicious Activity
May10

Antivirus Tool Used by Dharma Ransomware to Hide Malicious Activity

Security researchers at Trend Micro have discovered the threat actors behind Dharma ransomware are using a legitimate AV tool to hide the malicious activities of their ransomware. Dharma ransomware first surfaced in 2016 and has since been used in many attacks on businesses, in particular attacks on healthcare organizations in the United States. The ransomware variant is distributed via spam email which contains a link to a web page...

Read More
Verizon 2019 Data Breach Investigations Report Reveals Latest Cyberattack Trends
May08

Verizon 2019 Data Breach Investigations Report Reveals Latest Cyberattack Trends

Verizon has released its 2019 Data Breach Investigations Report. The annual report provides an in-depth analysis of global data breaches, new cyberattack trends, and an overview of the current threat landscape. This is the 12th consecutive year that Verizon has produced the report and this year’s instalment is most extensive DBIR report released to date.  Verizon now collects data from 73 sources and included 41,686 reported security...

Read More
Popular Mail Clients Vulnerable to Digital Signature Spoofing Attacks
May01

Popular Mail Clients Vulnerable to Digital Signature Spoofing Attacks

Digital signatures confirm the sender of an email is genuine, that an email is authentic, and has not been intercepted and altered in transit. However, vulnerabilities have been identified in the implementation of digital signature technology in several popular email clients which could be exploited in digital signature spoofing attacks. Were that to happen, the recipient of an email would likely believe the communication is genuine...

Read More
Latest Phishing Attack Trends Revealed
Apr26

Latest Phishing Attack Trends Revealed

Proofpoint has released its Q4 2018 quarterly threat analysis which reveals the latest phishing attack trends and provides an insight into the types of individuals being targeted in email attacks. Email attacks on businesses are conducted for a variety of reasons, most commonly to fool employees into installing malware or ransomware, to obtain login credentials, or convince employees to make fraudulent wire transfers or divulge...

Read More
FBI’S 2018 Internet Crime Report Shows Massive Increase in BEC Attack Losses
Apr24

FBI’S 2018 Internet Crime Report Shows Massive Increase in BEC Attack Losses

The Federal Bureau of Investigation’s Internet Crime Complaint Center (IC3) has released its 2018 Internet Crime Report which shows there was a dramatic rise in losses due to cybercrime in 2018. In 2018, IC3 received 351,936 complaints involving more than $2.7 billion in losses. That represents an increase in losses of more than 92% compared to 2017. 2018 accounted for 36% of all losses from the past five years and complaints about...

Read More
Phishing Attacks Increased by 40.9% in 2018
Apr17

Phishing Attacks Increased by 40.9% in 2018

The 2019 Phishing Trends and Intelligence Report from PhishLabs shows there was a 40.9% increase in phishing attacks in 2018. Attacks increased steadily during Q1 and continued at a high level in Q2 and Q3, with a decline in attacks in Q4. The analysis of attacks shows the tactics used by cybercriminals are constantly changing. New types of attacks were detected in 2018 which exploited changes in the digital landscape. Targets also...

Read More
DHS and FBI Issue Warning About New North Korean Hoplight Trojan
Apr16

DHS and FBI Issue Warning About New North Korean Hoplight Trojan

The U.S Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) have both issued advisories about a new Trojan called Hoplight which is being used by the Lazarus APT group. Lazarus is a North Korea-backed hacking group, also known as Hidden Cobra, Zinc, and Nickel Academy. The hacking group primarily uses spear phishing to install malware on high value targets. The group is primarily concerned with...

Read More
Microsoft Confirms Support Agent’s Credentials were Compromised and Customers’ Email Data Potentially Accessed
Apr16

Microsoft Confirms Support Agent’s Credentials were Compromised and Customers’ Email Data Potentially Accessed

Microsoft has experienced a data breach that has lasted at least three months. During that time, hackers were able to access affected users’ email addresses, email subject lines, folder names, and email contacts. The breach affected certain users of its web email services: Hotmail, MSN, and Outlook. A Microsoft support agent’s account details were compromised on January 1, 2019 which allowed the attackers to gain access to information...

Read More
SpamTitan Leading Secure Email Gateway Solution According to G2 Crowd
Apr15

SpamTitan Leading Secure Email Gateway Solution According to G2 Crowd

Selecting the best business security software can be a headache. Even when business leaders know exactly what they want from a software solution, choosing the right product can be difficult. After determining that a software solution ticks all the boxes and has all the required features, many businesses discover that it is a nightmare to use. When it comes to security software it is important to choose a solution that’s user friendly...

Read More
A Quarter of Phishing Emails Bypass Office 365 Anti-Phishing Defenses
Apr12

A Quarter of Phishing Emails Bypass Office 365 Anti-Phishing Defenses

Microsoft Office 365 default anti-phishing defenses are bypassed by a quarter of all phishing emails, according to new research from cybersecurity firm Avanan. Avanan conducted a study of 52 million emails which had been assessed by Office 365 Exchange Online Protection (EOP). 25% of phishing emails were determined to be non-malicious and were delivered to inboxes. In addition, a further 5.3% of emails were delivered as they had been...

Read More
Two New Sextortion Scam Detected: Thousands Demanded to Prevent Further Action
Apr04

Two New Sextortion Scam Detected: Thousands Demanded to Prevent Further Action

2018 has seen a major increase in sextortion scams and large volumes of mails are still being sent. While there are many types of sextortion scams, two of the most common involve spoofed emails from law enforcement agencies and emails from hackers who claim to have installed malware which has recorded users via their webcams. Both of these types of scam claim the user has been caught visiting questionable or illegal pornographic...

Read More
Beware of Tax Season Phishing Scams
Apr04

Beware of Tax Season Phishing Scams

Cybercriminals have stepped up their efforts to scam U.S. taxpayers into divulging their sensitive information and installing malware. Many elaborate tax season phishing scams have been detected in 2019. Phishing scams are common during tax season. Tax-themed phishing emails are sent which contain a hyperlink that directs the recipient to a website where they are asked to enter information such as their name, address, DOB, and Social...

Read More
Webinar: New DMARC and Sandboxing Features of SpamTitan Email Security Solution Explained
Mar28

Webinar: New DMARC and Sandboxing Features of SpamTitan Email Security Solution Explained

Cybercriminals are launching ever more sophisticated attacks on businesses, which require more powerful cybersecurity solutions to protect against attacks. One of the most common methods of attack is email and this is an area where security defenses often fall short. Even with robust perimeter defenses, cybercriminals can gain access to business networks by targeting the weakest link: Employees. Phishing attacks are becoming more...

Read More
Agari Announces Spring 2019 Release of its Secure Email Cloud Email Security Solution
Mar22

Agari Announces Spring 2019 Release of its Secure Email Cloud Email Security Solution

Agari has announced the Spring 2019 release of its AI-powered email security solution, Secure Email Cloud. The latest round of updates includes enhanced Brand Indicators for Message Identification (BIMI) management and introduces the Continuous Detection and Response Mobile App, which was announced at the 2019 RSA Conference. BIMI is an industry standard that allows brand logos to be inserted into receiver inbox messages to help end...

Read More
New Report Identifies Latest Spear Phishing Trends
Mar21

New Report Identifies Latest Spear Phishing Trends

Researchers at email security firm Barracuda have conducted a study to identify current spear phishing trends and the tactics most commonly used to attack businesses and obtain sensitive information. Spear phishing is a highly targeted form of phishing. Campaigns tend to involve low numbers of emails that have been carefully crafted for attacks on a particular industry, company, or individual. Targets are usually researched, and...

Read More
Healthcare Employees Vulnerable to Phishing Attacks
Mar14

Healthcare Employees Vulnerable to Phishing Attacks

The healthcare industry appears to have more than its fair share of phishing attacks. Barely a week goes by without a major phishing attack being reported by a healthcare provider in the United States. Healthcare organizations are targeted by cybercriminals as they hold valuable data. Healthcare records contain information that can be used for multiple types of fraud and the records sell for big bucks on darknet marketplaces....

Read More
1 in 61 Delivered Emails Contains a Malicious URL
Mar08

1 in 61 Delivered Emails Contains a Malicious URL

A new report from Mimecast has revealed cybercriminals are increasingly using malicious URLs in phishing emails to obtain credentials and deliver malware. Mimecast’s figures show there has been a 126% increase in delivered emails that contain malicious URLs between August 2018 and February 2019. The company has analyzed more than 28.4 million emails that had been determined to be safe by email security solutions and were delivered to...

Read More
New Microsoft Report Details 2018 Phishing Trends
Mar06

New Microsoft Report Details 2018 Phishing Trends

Microsoft’s latest Security Intelligence Report provides information on 2018 phishing trends, the changing tactics of cybercriminals, and ransomware, cryptojacking and malware attack statistics. 2018 Ransomware Trends 2017 saw ransomware attacks dominated the threat landscape; however, as the year progressed ransomware started to fall out of favor with cybercriminals and that trend continued throughout 2018. While ransomware attacks...

Read More
IRS Launches 2019 Campaign to Raise Awareness of Tax Scams with Phishing Warning
Mar05

IRS Launches 2019 Campaign to Raise Awareness of Tax Scams with Phishing Warning

The IRS has launched its annual campaign to raise awareness of tax scams that are highly prevalent during tax season. The Dirty Dozen campaign details 12 common tax scams that taxpayers, tax professionals and businesses need to be aware of and take steps to avoid. In the run up to the deadline for submitting 2018 tax returns, cybercriminals increase their efforts to obtain the personal information of taxpayers. The information can be...

Read More
WinRAR Vulnerability Actively Exploited in the Wild to Install Backdoor
Feb27

WinRAR Vulnerability Actively Exploited in the Wild to Install Backdoor

The 19-year old WinRAR vulnerability that was recently identified by Check Point is being exploited in the wild to install a backdoor that allows remote access. An updated version of WinRAR was released in January to correct the flaw, but many users have yet to update to the latest version of the file compression tool. In January it was estimated that around 500 million individuals worldwide had a vulnerable version of WinRAR...

Read More
Businesses Targeted in Ongoing Credential-Stealing Separ Malware Phishing Attack
Feb21

Businesses Targeted in Ongoing Credential-Stealing Separ Malware Phishing Attack

An ongoing phishing campaign is targeting businesses and distributing the information-stealing Separ malware. The campaign has mostly concentrated on businesses in South East Asia and the Middle East, although some businesses in North America have also been attacked. The Separ information stealer has been in use since September 2017, with earlier versions of the info-stealer dating back to 2013. The latest campaign, which uses an...

Read More
GandCrab Ransomware Decryptor Developed for Versions 5.0.4 to 5.1
Feb20

GandCrab Ransomware Decryptor Developed for Versions 5.0.4 to 5.1

A free GandCrab ransomware decryptor has been released that works for the latest version of the ransomware. Files encrypted by versions 1, 4, early versions of 5, and versions 5.0.4 to 5.1 can now be decrypted without paying the ransom. GandCrab ransomware was first detected in January 2018 and went on to become the biggest ransomware threat of 2018. In addition to encrypting local files on an infected device, GandCrab ransomware can...

Read More
Trickbot Trojan Updated to Obtain VNC, PuTTY, and RDP Credentials
Feb19

Trickbot Trojan Updated to Obtain VNC, PuTTY, and RDP Credentials

The Trickbot banking Trojan has been updated with a new module which is capable of obtaining VNC, PuTTY, and remote desktop credentials. The latest variant of Trickbot is being distributed in a tax season-themed phishing campaign involving emails that offer help with recent changes to the U.S. tax code to reduce tax bills. The emails appear to have been sent by the accounting organization Deloitte and have a tax incentive-related...

Read More
FINRA Issues Phishing Warning to Brokerage Firms
Feb19

FINRA Issues Phishing Warning to Brokerage Firms

The Financial Industry Regulatory Authority (FINRA) has issued a warning to brokerage firms about a new phishing campaign. The scam involves spam emails which appear to have been sent from a credit union alerting the brokerage firm to potential money laundering by one of their clients. The email messages appear to have been sent by a BSA-AML compliance officer at a legitimate Indiana-based credit union and contain details of the...

Read More
Emotet Threat Actors Now Distributing Trojan via XML Files Masked as Word Documents
Feb15

Emotet Threat Actors Now Distributing Trojan via XML Files Masked as Word Documents

At least one cybercriminal group distributing the Emotet Trojan has started using a new tactic to infect end users with the malware. The malware is now being delivered using XML files disguised as Word documents, with the malware installed via embedded macros. The Emotet Trojan is one of the most rapidly evolving malware variants. The malware is regularly updated with new functions and the methods used to distribute the malware and...

Read More
Mac Users Targeted with New Shlayer Malware Variant
Feb15

Mac Users Targeted with New Shlayer Malware Variant

A new Shlayer malware variant has been detected that infects Mac computers and disables macOS Gatekeeper security software. The latest version of the malware was identified by researchers at Carbon Black and appears to only target MacOS versions from 10.10.5 to 10.14.3. Shlayer malware is distributed via fake Flash Player updates. Warnings are generated when visiting websites advising the user that their Flash Player is out of date...

Read More
Phishing Campaign Leverages Google Translate to Steal Google and Facebook Credentials
Feb11

Phishing Campaign Leverages Google Translate to Steal Google and Facebook Credentials

A phishing campaign has been detected that abuses Google Translate to make the phishing webpage appear to be an official login page for Google. The phishing emails in the campaign are similar to many other campaigns that have been run in the past. The messages have the subject “Security Alert” with a message body virtually identical to the messages sent by Google when a user’s Google account has been accessed from an unfamiliar device...

Read More
Investigation of Corporate Phishing Incidents Costs $4.86 Million Per Year
Feb08

Investigation of Corporate Phishing Incidents Costs $4.86 Million Per Year

New figures from email security company Agari show organizations are now spending $4.86 million a year triaging, investigating, and responding to phishing incidents. The Agari Q1 2019 Email Fraud & Identity Deception Trends report shows that on average, organizations are now having to investigate around 23,000 phishing incidents a year. Approximately half of the emails reported to security teams by employees are false positives,...

Read More