Agari: Business Email Compromise the Most Lucrative Form of Email Attack
May23

Agari: Business Email Compromise the Most Lucrative Form of Email Attack

A report from the email security vendor Agari provides new insights into the tactics used by cybercriminal groups to conduct email attacks and the extent of global email fraud. While many email-based attack methods are used, business email compromise (BEC) is the most lucrative for criminals and BEC attacks are the costliest for companies. The Agari report was released days after the FBI published figures on the cost of Internet crime...

Read More
$875,000 Settlement Agreed in W-2 Phishing Scam Lawsuit
May18

$875,000 Settlement Agreed in W-2 Phishing Scam Lawsuit

A class-action lawsuit stemming from a W-2 phishing scam that saw an employee of the respiratory therapy supplier Lincare Inc., send the W-2 Forms of employees to a scammer has been settled for $875,000. As is typical with these types of Business Email Compromise (BEC) attacks, the scammer pretended to be a senior executive and sent an email to an employee of the HR department requesting W-2 information for the company’s employees....

Read More
InfoSec Institute Named in 2018 Gartner Peer Insights Customers’ Choice for Security Awareness CBT
May17

InfoSec Institute Named in 2018 Gartner Peer Insights Customers’ Choice for Security Awareness CBT

The InfoSec Institute has developed an extensive library of training material on cybersecurity and helps security professionals attain qualifications to improve their career prospects. The company has also developed a platform for businesses to use to improve their defenses against phishing attacks and other threats that target employees. The firm’s SecurityIQ training platform combines an extensive library of training material and a...

Read More
ADT Now Offering Cofense Phishing Detection and Response Capabilities to Customers
May17

ADT Now Offering Cofense Phishing Detection and Response Capabilities to Customers

Cofense has announced a new partnership with the security monitoring and interactive home and business automation solution provider ADT. Boca Raton, FL-based ADT is a leading provider of automation and security solutions to enterprises and medium-sized businesses throughout the United States and Canada. The firm helps businesses to detect and respond to cyberthreats in real-time, speeding up the mitigation of attacks to minimize...

Read More
GDPR Phishing Scam Targets Airbnb Customers
May16

GDPR Phishing Scam Targets Airbnb Customers

A GDPR phishing scam has been detected targeting Airbnb customers. The GDPR-themed scam requests customers of the home-sharing website must re-enter their contact information and credit card details in order to comply with the EU’s General Data Protection Regulation that comes into force on May 25, 2018. The scammers are taking advantage of the high volume of emails currently being sent by companies as part of their GDPR compliance...

Read More
Vega Stealer Malware Harvesting Credentials from Web Browsers
May14

Vega Stealer Malware Harvesting Credentials from Web Browsers

A new variant of August Stealer – named Vega Stealer – is being distributed in small phishing campaigns targeting marketing, advertising, and PR firms and the retail and manufacturing industries. While the campaigns are highly targeted, the malware could potentially be used in much more widespread campaigns and become a major threat. Vega Stealer does not have the same range of capabilities as its predecessor, although it does include...

Read More
Cofense Announces Major Expansion of its Technology Alliance Program
May10

Cofense Announces Major Expansion of its Technology Alliance Program

Cofense (Formerly PhishMe) has announced it has made major enhancements to its phishing incident response platform – Cofense Triage – to help its customers reduce dwell time and respond more quickly to phishing attacks. The updates are in addition to more than 10 new technical integrations into its phishing defense platform, which have helped cement its position as the leading provider of human-driven phishing defense solutions. The...

Read More
Does Two-Factor Authentication Protect Businesses from Phishing Attacks?
May08

Does Two-Factor Authentication Protect Businesses from Phishing Attacks?

Two-factor – or multi-factor – authentication is a simple control that makes it harder for unauthorized individuals to gain access to accounts and sensitive data. Rather than just use a single factor for authentication such as a password, an additional factor is required, usually something an individual has. This could be a card reader, which is often used by banks for verifying the identify of an individual who wants to make a...

Read More
2018 Phishing Trends & Intelligence Report
May06

2018 Phishing Trends & Intelligence Report

Security awareness and anti-phishing vendor PhishLabs has released its 2018 Phishing Trends & Intelligence Report. The report shows there has been a marked change in attacks, with enterprises now being targeted rather than individuals. This comes as no surprise as the potential rewards for a successful attack on an enterprise are considerably higher than attacks on individuals. Enterprises are more likely to pay ransom demands...

Read More
Ironscales Announces Introduction of Non-Blocking Cloud-Native API Deployment
May05

Ironscales Announces Introduction of Non-Blocking Cloud-Native API Deployment

Ironscales has announced its automated phishing defense platform can now be used to protect organizations without the need for any physical plugins, thanks to its new non-blocking cloud-native API deployment, which has been made available for all of its anti-phishing modules. The new option is ideally suited to businesses that have moved their email services to the cloud and are looking for an easy-to-implement solution that offers...

Read More
TitanHQ Integrates WebTitan Web Filter into Kaseya IT Complete Suite
May04

TitanHQ Integrates WebTitan Web Filter into Kaseya IT Complete Suite

TitanHQ has announced its powerful web filtering solution – WebTitan – is now fully integrated into the Kaseya IT Complete Suite, making it easier for MSPs to start offering content filtering to their clients. WebTitan is a 100% cloud-based web filtering solution that allows businesses to carefully control the web content their employees can access. In addition to restricting access to productivity-draining and NSFW...

Read More
Wombat Security Releases 2018 Beyond the Phish Report
May03

Wombat Security Releases 2018 Beyond the Phish Report

The Beyond the Phish Report from Wombat Security provides valuable insights into the state of security awareness across different industry sectors. For the report, Wombat Security analyzed the responses to almost 85 million questions and answers collected from employees of its customers across 16 industry sectors. The questions covered 12 different categories including protecting confidential information, safe use of passwords,...

Read More
What are the Most Clicked Phishing Emails?
May02

What are the Most Clicked Phishing Emails?

KnowBe4 has released a quarterly report that reveals the most clicked phishing emails in Q1, 2018 – The emails that are proving to be the most effective at fooling employees into clicking hyperlinks and opening potentially malicious email attachments. The data from the report came from responses to phishing simulation emails delivered through its training platform. The simulated phishing emails mirror messages observed in real world...

Read More
Microsoft Launches Free Windows Defender Chrome Plugin
Apr25

Microsoft Launches Free Windows Defender Chrome Plugin

One of the key selling points of the Microsoft Edge browser its protection against phishing attacks. Microsoft Edge is already the best browser to use to block phishing attacks, with tests conducted by NSS Labs showing Edge to be capable of blocking 99% of phishing and social engineering-based malware attacks. Its closest competitor, Google Chrome, only blocked 87% of attacks, while Firefox blocked just 70%. Both of those browsers...

Read More
Cofense Re-Launches Reseller Channel Program as it Adopts a 100% Indirect Sales Model
Apr25

Cofense Re-Launches Reseller Channel Program as it Adopts a 100% Indirect Sales Model

Cofense, formerly PhishMe, is moving away from direct sales and plans to become a 100% channel focused company. The Leesburg, VA based firm has now taken a step closer to that goal with the relaunch of its its reseller channel program, as the firm aims to expand its 300+ network of global sales partners. The Cofense partner program has proven extremely popular with managed service providers (MSPs) whose clients are realizing the...

Read More
Wombat Security Honored at SC Media Awards
Apr24

Wombat Security Honored at SC Media Awards

Wombat Security, now a division of Proofpoint, helps businesses train employees to become more security aware and recognize potential phishing emails and other email-based cyber threats. The company has developed an extensive training library and CBT platform that businesses can use as the basis of their security awareness programs, along with a phishing simulation program to put the training to the test. The firm was recently honored...

Read More
Agari Named Best Email Security Solution at 2018 SC Media Awards
Apr23

Agari Named Best Email Security Solution at 2018 SC Media Awards

Agari has been honored at this year’s SC Media Awards and has collected a prestigious Professional Award for its email security solution – the Agari Email Trust Platform. The SC Media Awards are the premier cybersecurity awards for the cybersecurity industry. Each year, hundreds of products are assessed by a panel of independent judges drawn from the cybersecurity industry. The nominated solutions are whittled down to five...

Read More
KnowBe4 Issues Alert About Fake Active Shooter Phishing Emails
Apr20

KnowBe4 Issues Alert About Fake Active Shooter Phishing Emails

The recent shootings at schools in the United States have shocked the nation, with educational institutions now on high alert for any recurrences. The news of an active shooter on campus requires an immediate response and is likely to result in panic. It is therefore no surprise that scammers have taken advantage and have been sending fake active shooter alerts via email to schools and colleges. KnowBe4 has recently identified one...

Read More
Security IQ BEC Defense Suite Prepares Businesses for Email Account Compromise Attacks
Apr19

Security IQ BEC Defense Suite Prepares Businesses for Email Account Compromise Attacks

Business email compromise attacks are on the rise, with one recent report suggesting 44% of businesses have suffered an attack. Business Email Compromise (BEC) attacks are now commonplace. Email accounts are compromised, and threat actors use the accounts to send targeted messages to individuals in an organization. Requests are made to have sensitive data sent by email or for wire transfers to be made. Sophisticated social engineering...

Read More
Cofense Triage Update Improves Visibility into Phishing Threats to Improve Response Times
Apr19

Cofense Triage Update Improves Visibility into Phishing Threats to Improve Response Times

The human-driven phishing defense solution provider Cofense has announced its incident response platform – Cofense Triage – has been updated. There have been several major enhancements to the platform that reduce noise and improve visibility into real-time threats, allowing IR teams to accelerate their response to current phishing threats that have made it past the perimeter. The update makes it easier for security teams to respond to...

Read More
Human Factor Cybersecurity Report Released by Proofpoint
Apr18

Human Factor Cybersecurity Report Released by Proofpoint

The human factor continues to be extensively exploited by cybercriminals according to the annual human factor cybersecurity report from Proofpoint. While hacks are still commonplace, cybercriminals are mostly relying on some interaction from employees to steal funds from bank accounts, obtain login credentials and sensitive data, and infect end points and networks with malware and ransomware. The data for the latest report come from...

Read More
Barracuda PhishLine Levelized Programs Offers New Method of Measuring Susceptibility to Phishing Attacks
Apr18

Barracuda PhishLine Levelized Programs Offers New Method of Measuring Susceptibility to Phishing Attacks

Yesterday saw the launch of Barracuda PhishLine Levelized Programs – A new approach developed by Barracuda and PhishLine to determine and improve user resistance to phishing attacks. Most anti-phishing training solutions use click rate metrics to determine resistance and susceptibility to phishing attacks. While this method of testing employees has proven effective, Barracuda Networks points out that there are limits to this approach....

Read More
Multiple Staff Email Accounts Accessed in UnityPoint Health Phishing Attack
Apr17

Multiple Staff Email Accounts Accessed in UnityPoint Health Phishing Attack

It has been discovered that the email accounts of several employees of UnityPoint Health hhave been compromised and accessed by unauthorized people. Access to the staff email accounts was first obtained on November 1, 2017 and went on for a period of three months until February 7, 2018, when the phishing attack was noticed and access to the compromised email accounts was turned off. When the phishing attack was first noticed,...

Read More
44% of Businesses Victims of Account Takeover Attacks
Apr17

44% of Businesses Victims of Account Takeover Attacks

Agari has released figures from recent research that show account takeover attacks are soaring. These phishing attacks involve the use of a compromised email account to fool employees into revealing sensitive information or installing malware. Agari says account takeover attacks have doubled in 2018. Since messages are believed to have been sent from a known individual, many email recipients let their guard down. The effectiveness of...

Read More
Email Account Breach Impacts 4,000 Patients of Texas Health Resources
Apr16

Email Account Breach Impacts 4,000 Patients of Texas Health Resources

Texas Health Resources is sending notifications to ‘fewer than 4,000 patients’ that some of their Private Health Information may have been seen by an unauthorized persons. The Arlington-based health care provider, a supplier to over 1.7 million patients in North Texas, says that the data breach may have happened as early as October 2017, although they did not identify it until January 17, 2018, when law enforcement alerted the the...

Read More
Proofpoint Study Shows Impact of Email Fraud on Businesses
Apr10

Proofpoint Study Shows Impact of Email Fraud on Businesses

Proofpoint has published the findings of a recent study investigating the impact of email fraud on businesses. The study reveals the extent to which businesses are affected by email fraud, the typical impact of email fraud on businesses, which individuals are targeted, and the steps that are being taken to reduce risk. There has been an increase in email fraud in recent years, with last year seeing a further surge in attacks. The...

Read More
Cofense Enhances its Industry Leading Security Awareness and Employee Conditioning Solutions
Apr09

Cofense Enhances its Industry Leading Security Awareness and Employee Conditioning Solutions

Cofense, the leading provider of security awareness and employee conditioning solutions for businesses to help them manage phishing risk, has announced it has made several key enhancements to its human phishing defense program including the introduction of more industry firsts. The updates include enhanced analytics and reporting functions that allow administrators to generate boardroom-level quality reports demonstrating the results...

Read More
Warning Over Possible MyFitnessPal Phishing Attacks
Apr09

Warning Over Possible MyFitnessPal Phishing Attacks

A recently discovered cyberattack on Under Armour has raised fears about a wave of MyFitnessPal phishing attacks. On March 25, 2018, Under Armour discovered an unauthorized individual had gained access to the data of 150 million users of MyFitnessPal – including users with website accounts and those who use the MyFitnessPal app. The Under Armour data breach is the largest to be discovered this year in terms of the number of...

Read More
Lazio Football Club Phishing Scam Sees €2 Million Sent to Attackers
Apr06

Lazio Football Club Phishing Scam Sees €2 Million Sent to Attackers

Phishing scams can prove expensive for businesses, as the Italian Serie A football team Lazio is now knows all too well. A recent phishing scam could have cost the club €2 million Euros ($2,461,990). Lazio Football Club transferred in defender Stefan de Vrij from the Dutch club Feyenoord in the summer of 2014 for around €8 million Euros. Not all of that transfer fee was paid in one lump sum. There was one outstanding payment left of...

Read More
Phishing Attack on CareFirst BCBS Impacts 6,800 Plan Members
Apr03

Phishing Attack on CareFirst BCBS Impacts 6,800 Plan Members

CareFirst Blue Cross Blue Shield is alerting 6,800 of its plan members that some of their protected health information has potentially been accessed by unauthorized individuals as a result of a successful phishing attack on one of its employees. Phishing attacks are conducted to gain access to sensitive information such as email credentials. Those credentials are then used to access to sensitive data or conduct further attacks on an...

Read More
Phishing Simulation Certification Program Offered by Cofense
Mar31

Phishing Simulation Certification Program Offered by Cofense

Cofense, the company formerly known as PhishMe, has launched the industry’s first ever phishing simulation certification program. The course covers all of the skills necessary to construct, execute, and sustain phishing simulation and employee security awareness programs. After completing the training, security experts will be awarded with Cofense PhishMe certification which demonstrates their ability to run phishing simulation...

Read More
New Insider Threat Training Modules Released by Wombat Security
Mar28

New Insider Threat Training Modules Released by Wombat Security

Anti-phishing solution provider Wombat Security – now a division of Proofpoint – has released new insider threat training modules to help businesses deal with the threat from within. Insider breaches are a leading cause of data breaches, especially in the US healthcare industry where they share top spot with hacks. Insider threats include simple mistakes made by employees, negligence, and malicious actions taken to cause harm to...

Read More
European Phishing Response Trends Report Shows EU Firms Unprepared for Phishing Attacks
Mar27

European Phishing Response Trends Report Shows EU Firms Unprepared for Phishing Attacks

A new report from Cofense (formerly PhishMe) has revealed the majority of EU firms do not feel they are well prepared to deal with phishing attacks. Phishing is a major threat to businesses of all sizes. Enterprises and SMBs must deal with spray and pray campaigns as well as targeted phishing attacks on their organization and highly targeted spear phishing attacks on specific groups of employees. The data for the European Phishing...

Read More
Cofense Report Reveals Latest Malware Delivery and Attack Trends
Mar23

Cofense Report Reveals Latest Malware Delivery and Attack Trends

The 2018 Malware Review from security awareness and anti-phishing solution provider Cofense (Formerly PhishMe) looks at malware trends over the past 12 months and makes predictions about malware delivery and attack trends in 2018. The 2018 Cofense Malware Review, titled A Look Back and a Look Forward, was compiled after analyzing millions of phishing and spam emails gathered from multiple sources over the past year. The report has a...

Read More
1,049 Patients of RoxSan Pharmacy Notified of 2015 Email Breach
Mar20

1,049 Patients of RoxSan Pharmacy Notified of 2015 Email Breach

1,049 patients of Beverly Hills, CA-based RoxSan Pharmacy have been warned that some of their protected health information has been shared with a business associate through an unencrypted email. The notification letters were sent to affected people during February, although the incident happened on January 20, 2015. Commenting in a recent press release, RoxSan stated that affected individuals are being contatced in “as timely a manner...

Read More
Primary Health Care Experiences Multiple Email Hacks
Mar20

Primary Health Care Experiences Multiple Email Hacks

A non-profit network of community health centers in Des Moines, Marshalltown and Ames, IA, Primary Health Care Inc. has reported that hackers gained access to the email accounts of four workers and may have viewed or downloaded patients’ PHI. A press release issued by Primary Health Care and published a substitute breach notice to its website on March 16, 2018 outlining that the breach occurred on February 28, 2017. The breach was...

Read More
Infosec Institute Training Library Now Includes More Than 1,200 Training Resources
Mar16

Infosec Institute Training Library Now Includes More Than 1,200 Training Resources

The Infosec Institute, developer of the SecurityIQ phishing awareness training platform, has been steadily increasing its training modules to help businesses, non-profits, and educational institutions improve the security awareness of employees and train staff on cybersecurity and compliance. The latest update to the training library sees five new modules added covering the Criminal Justice Information System (CJIS). The five new...

Read More
Two Thirds of Indian Companies Have been Targeted with Ransomware
Mar15

Two Thirds of Indian Companies Have been Targeted with Ransomware

Sophos has published a new State of Enterprise Security Report that provides insight into the main threats faced by organizations around the world. The report was based on a survey conducted on 2,700 IT managers based in 10 countries (USA, UK, Canada, France, Germany, India, South Africa, Japan, Mexico, and Australia). One of the key points from the report is the extent to which Indian businesses are being attacked and just how...

Read More
Top Healthcare Security Threats Revealed in HIMSS Survey Results
Mar12

Top Healthcare Security Threats Revealed in HIMSS Survey Results

HIMSS has released the findings of its 2017 healthcare cybersecurity survey, which gives us valuable insights into the state of cybersecurity in the healthcare sector and names the top healthcare security threats. The HIMSS 2018 cybersecurity survey was carried out on 239 respondents from the healthcare sector between December 2017 and January 2018. The findings of the survey were revealed at the HIMSS 2018 Conference &...

Read More
Popcorn Training Acquired by KnowBe4
Mar09

Popcorn Training Acquired by KnowBe4

Security awareness training and phishing simulation platform provider KnowBe4 has announced it has acquired the South African training company Popcorn Training. The acquisition will see the South African company’s 52 training modules incorporated into the KnowBe4 training library. Popcorn Training is an award-winning training firm with a global customer base. The firm is known for developing engaging training content and has developed...

Read More
Future of Cybersecurity Scholarship Program Launched by PhishLabs
Mar07

Future of Cybersecurity Scholarship Program Launched by PhishLabs

PhishLabs, a leading provider of security awareness training and anti-phishing solutions for enterprises, has announced the launch of a new ‘Future of Cybersecurity’ Scholarship Program. The aim of the scholarship program is to help talented individuals further their studies in the field of cybersecurity, one of the most in demand areas of the IT industry. There is currently a major shortage of skilled cybersecurity professionals and...

Read More
InfoSec Institute Launches Security Awareness Training Program for Healthcare
Mar06

InfoSec Institute Launches Security Awareness Training Program for Healthcare

The cybersecurity awareness training solution provider the InfoSec Institute has announced it has launched a new security awareness training program for healthcare teams – the first such program to be developed specifically for the healthcare industry in the United States. The training material is available through the company’s SecurityIQ AwareEd training platform, which now contains the largest interactive security awareness...

Read More
Cofense Wins Multiple 2018 Info Security PG Global Excellence Awards
Mar05

Cofense Wins Multiple 2018 Info Security PG Global Excellence Awards

Cofense (formerly PhishMe) has been recognized once again for its anti-phishing solutions and will collect multiple Info Security PG Global Excellence Awards next month. Info Security PG is the leading information security research and advisory guide for the IT industry. The Info Security PG Global Excellence Awards recognize the best products and services in the field of IT security. Now in their 14th year, the awards not only...

Read More
HHS’ Office for Civil Rights Offers Anti-Phishing Advice for Healthcare Organizations
Mar04

HHS’ Office for Civil Rights Offers Anti-Phishing Advice for Healthcare Organizations

The Department of Health and Human Services’ Office for Civil Rights has issued anti-phishing advice for healthcare organizations. The warning and advice comes after several major phishing attacks in healthcare. The risk from phishing is greater than ever before and healthcare organizations are being extensively targeted. If technical controls are not implemented and the workforce is not trained to recognize phishing attacks, data...

Read More
Proofpoint’s Acquisition of Wombat Security Technologies has now been Completed
Mar01

Proofpoint’s Acquisition of Wombat Security Technologies has now been Completed

In early February, Proofpoint announced it was to acquire the security awareness and phishing simulation platform provider Wombat Security Technologies for $225 million in cash. Today, Proofpoint has confirmed that the acquisition has now been completed. The acquisition will see Wombat Security’s phishing simulation platform, its security awareness computer-based training content, and its phishing reporting tool incorporated into the...

Read More
PhishMe Rebranding as Cofense Reflects Company’s Extensive Range of Products and Services
Feb26

PhishMe Rebranding as Cofense Reflects Company’s Extensive Range of Products and Services

PhishMe has long been a strong brand name associated with phishing defense technology and training. Over the years the company has expanded its products and services, and now the time has come for a change to the brand name to better reflect the company’s position, products, and services. PhishMe started life on February 27, 2007 when Co-Founders Aaron Higbee (CTO) and Royht Belani (CEO) were searching for a company name and...

Read More
Phishing Attack on Sutter Health Business Associate Impacts Patients
Feb26

Phishing Attack on Sutter Health Business Associate Impacts Patients

Sutter Health is contacting certain patients to advise them that their protected health information may have been exposed in a phishing attack on the legal firm Salem and Green, one of its business associates. It is thought that the attack took place on or around October 11, 2017, a phishing email was received by a worker at Salem and Green. The worker responded and, in doing so, allowed the attackers access to their email account....

Read More
PhishLabs Research Reveals Extent of Cybercriminals’ Abuse of HTTPS
Feb23

PhishLabs Research Reveals Extent of Cybercriminals’ Abuse of HTTPS

The Q3 2017 phishing Activity Trends Report from the Anti Phishing Working Group has revealed the extent to which cybercriminals are abusing the Hypertext Transfer Protocol Secure (HTTPS) protocol in phishing campaigns. Websites using HTTPS encrypt the connection between the website and browser to prevent man-in-the-middle attacks. There has been a major transition from HTTP to HTTPS by online retailers and other businesses to provide...

Read More
Sophos Launches Phish Threat 2.0
Feb22

Sophos Launches Phish Threat 2.0

Sophos has launched a new version of its Phish Threat simulator. Phish Threat 2.0 is an enterprise-class phishing simulation platform that allows businesses to run their own internal phishing campaigns to test the effectiveness of their security awareness programs and discover how susceptible their employees are to phishing threats. Training employees to be more security aware is now an essential element of any cybersecurity strategy....

Read More
Ironscales Phishing Threat Technology Recognized for Spear Phishing Protection Capabilities
Feb22

Ironscales Phishing Threat Technology Recognized for Spear Phishing Protection Capabilities

Ironscales, a provider of an automated phishing protection, detection and response platform has had its advanced spear phishing threat technology recognized as a key innovation in the spear phishing market by the global market research and consulting firm Markets&Market in its recent spear phishing market report. The company’s technology was developed specifically to identify and block advanced spear phishing threats that often...

Read More
Ron’s Pharmacy Services Patients Receive Email Account Breach Alerts
Feb13

Ron’s Pharmacy Services Patients Receive Email Account Breach Alerts

San Diego, CA-based Ron’s Pharmacy Services has found that an employee’s email account containing limited protected health information has been logged onto by an unknown individual. Unusual activity was noticed on the employee’s email account during October 3, 2017 resulting in an investigation; however, it was not until December 21, 2017 that it was revealed that an unauthorized individual had obtained messages in the email...

Read More
Agari Reveals 90% of Brands Extremely Vulnerable to Phishing and Fraud
Feb12

Agari Reveals 90% of Brands Extremely Vulnerable to Phishing and Fraud

A joint research study conducted by Agari and Farsight Security has been published this month that shows almost every domain is vulnerable to phishing and domain name spoofing due to the failure to adopt the Domain Message Authentication Reporting & Conformance (DMARC) email authentication standard. Globally, fewer than 1% of domains are protected by DMARC, which helps domain owners prevent abuse of their brands. An analysis of...

Read More
PhishMe (now Cofense) Named Winner in Five Categories at the 2018 Cybersecurity Excellence Awards
Feb09

PhishMe (now Cofense) Named Winner in Five Categories at the 2018 Cybersecurity Excellence Awards

It has been an impressive start to the year for PhishMe (now Cofense). The company has already picked up a 2018 Stevie Award for customer service and now the Leesburg, VA-based provider of human phishing defense solutions has been named a winner in five categories at the 2018 Cybersecurity Excellence Awards. The Cybersecurity Excellence Awards program honors companies and individuals in the field of cybersecurity that have...

Read More
Proofpoint Acquires Wombat Security Technologies for $225 Million
Feb07

Proofpoint Acquires Wombat Security Technologies for $225 Million

Sunnyvale, CA-based cybersecurity firm Proofpoint has announced it has acquired the phishing simulation and security awareness company Wombat Security Technologies. The deal is for $225 million in cash and is expected to close in Q1, 2018. Proofpoint is already a major player in the cybersecurity market providing advanced threat protection, encryption, data loss prevention, email security and many other digital security services to...

Read More
FBI Issues Warning About Internet Crime Complaint Center Phishing Scams
Feb06

FBI Issues Warning About Internet Crime Complaint Center Phishing Scams

The FBI has spent the past few months investigating reports of Internet Crime Complaint Center phishing scams. IC3 has been impersonated in several campaigns that attempt to convince people to reveal sensitive information that can be used to drain bank accounts and steal identities. The FBI has identified three email templates that are being used by scammers to obtain sensitive information from victims. In some cases, victims have...

Read More
Poor DMARC Adoption in Retail Industry Placing Customers at Risk
Feb01

Poor DMARC Adoption in Retail Industry Placing Customers at Risk

A recent study conducted by the email analytics firm 250ok has revealed DMARC adoption in retail is particularly poor and the lack of email validation is placing consumers at risk. SPF – or Sender Policy Framework to give it its full name – is an email validation system that helps businesses to detect attempts to spoof their domains. Domain spoofing is a common tactic used by cybercriminals to fool email recipients into thinking an...

Read More
Google Security Checkup Emails Raise Concern Due to Similarity to Phishing Emails
Jan30

Google Security Checkup Emails Raise Concern Due to Similarity to Phishing Emails

Google security checkup emails have been hitting inboxes over the past few days. The purpose of the emails is to get Google email account holders to check their security settings as potential vulnerabilities have been discovered – Vulnerabilities that could potentially be exploited by malicious actors to take control of users’ email accounts and view potentially sensitive information contained therein. The Google security emails may...

Read More
PhishMe (now Cofense) Report Shows How Phishing Susceptibility Rates Can be Deceiving
Jan26

PhishMe (now Cofense) Report Shows How Phishing Susceptibility Rates Can be Deceiving

A new enterprise phishing resiliency and defense report from PhishMe confirms phishing campaigns increased by 65% in 2017. As PhishMe  (now Cofense) explains in the report, the rise in phishing attacks is easy to explain. Phishing attacks are an easy and low-cost way for hackers to make money. For businesses, the danger of phishing is clear. A typical phishing attack on a mid-sized company costs $1.6 million to resolve, according to...

Read More
Knowbe4 Identifies Industry Most Susceptible to Phishing Attacks
Jan25

Knowbe4 Identifies Industry Most Susceptible to Phishing Attacks

Security awareness and phishing training firm Knowbe4 has published a new report that identifies the industry most susceptible to phishing attacks. For the report, Knowbe4 analyzed data from more than 6 million users and 11,000 organizations using its phishing email simulation service. Figures include a baseline taken prior to the provision of security awareness training, 90 days following training and phishing email simulations, and...

Read More
New Necurs Botnet Phishing Campaign Spreads Dridex Banking Trojan
Jan24

New Necurs Botnet Phishing Campaign Spreads Dridex Banking Trojan

The operators of the Necurs botnet have launched several phishing campaigns in the past few days that are being used to spread the Dridex banking Trojan. Malware and cryptocurrency miners are also being sent in large scale campaigns. New tactics are being used to ensure infection and avoid detection. The latest Dridex malware campaign was launched in the past few days and targets customers of major US and European banks. When users...

Read More
Beware of W2 Phishing Scams This Tax Season
Jan23

Beware of W2 Phishing Scams This Tax Season

Employers are being warned to be wary of W2 phishing scams this tax season. The past two years have seen hundreds of employers scammed into disclosing the W2 forms of their employees. The credentials on the forms were subsequently used to file false tax returns. This year is likely to be no different. Last year, accounts department and payroll staff were targeted with W2 phishing scams, using an attack method termed business email...

Read More
Threat from Phishing at an All Time HIgh
Jan22

Threat from Phishing at an All Time HIgh

The 2018 State of the Phish Report from Wombat Security Technologies confirms the threat from phishing is at an all-time high. Fortunately, employees do appear to be getting better at recognizing phishing emails. The data for the latest State of the Phish Report comes from an analysis of millions of phishing email simulations using the Wombat platform, along with quarterly surveys on more than 10,000 information security professionals...

Read More
Phishing Attack Sees School District Network Crippled by Emotet Malware
Jan21

Phishing Attack Sees School District Network Crippled by Emotet Malware

Employees of the Rockingham County Schools District in North Carolina have inadvertently disabled their entire network after falling for phishing emails. Several employees opened malicious Microsoft Word documents that resulted in multiple copies of Emotet malware being installed. Emotet malware is a computer Trojan that steals financial information first by injecting code into the networking stack, then installing itself in software...

Read More
Sophos Warns Users About Fake Antivirus Apps
Jan20

Sophos Warns Users About Fake Antivirus Apps

Sophos has alerted users to the risk of downloading fake antivirus apps. The firm has also released a new white paper on a specific antivirus app called Super Antivirus 2018. According to the report, the app has been downloaded 50,000 times, presumably by users who are concerned about security. While the app does appear to be scanning the mobile device on which it is installed, all the app really offers is the illusion of security....

Read More
Cofense PhishMe Simulator Named 2018 SC Media Award Finalist for Third Consecutive Year
Jan19

Cofense PhishMe Simulator Named 2018 SC Media Award Finalist for Third Consecutive Year

The finalists for the 2018 SC Media Awards have been announced, and for the third successive year, PhishMe has been recognized. Cofense PhishMe Simulator, a phishing email simulation platform that can be used to test resilience to phishing attacks, has been named a finalist in the Best IT Security-Related Training Program category. SC Media one of the most well-respected cybersecurity news outlets in the world. For the past 25 years,...

Read More
Phishing Emails Pushing Fake Meltdown and Spectre Patches
Jan18

Phishing Emails Pushing Fake Meltdown and Spectre Patches

The recently disclosed microprocessor vulnerabilities – Meltdown and Spectre – have had software and hardware firms working hard to develop patches. Cybercriminals have also been busy developing phishing campaigns that push fake Meltdown and Spectre patches. It should not come as a surprise that cybercriminals are capitalizing on the rush to secure computers and patch the vulnerabilities. The vulnerabilities can potentially be...

Read More
PhishLabs Poll Shows Many Employers Do Not Ask Staff to Report Suspicious Emails
Jan17

PhishLabs Poll Shows Many Employers Do Not Ask Staff to Report Suspicious Emails

A recent online poll conducted by the anti-phishing solution provider PhishLabs has revealed a considerable cybersecurity gap exists at many organizations. While most companies now have solutions in place to block spam and malicious emails, those solutions rarely block every unwanted email. Many spam emails are still delivered. Some of those emails will contain malware and links to phishing websites. It is for this reason that it is...

Read More
DMARC Adoption by Federal Agencies Increases 38% in 30 Days
Jan16

DMARC Adoption by Federal Agencies Increases 38% in 30 Days

A new report from Agari suggests the decision made by the Department of Homeland Security (DHS) to make DHS adoption by federal agencies mandatory is having a positive impact. However, the deadline for compliance is fast approaching and the majority of federal agencies have still not implemented DMARC. Prior to the DHS directive (BOD 18-01), relatively few government agencies were using DMARC to secure their domains. The DHS directive...

Read More
PhishMe Publishes South Africa Phishing Response Trends Report
Jan15

PhishMe Publishes South Africa Phishing Response Trends Report

A new South Africa phishing response trends report from PhishMe includes worrying statistics for CISOs and CIOs in South Africa. The threat from phishing is greater in South Africa than many other countries, but companies are struggling to deal with the threat. For the report, PhishMe looked at the technologies and strategies used by IT security decision makers in South Africa to deal with phishing attacks. The report reveals 90% of...

Read More
Florida Agency for Health Care Administration Hit by Phishing Attack
Jan11

Florida Agency for Health Care Administration Hit by Phishing Attack

An unauthorized individual has gained access to a single email account of a staff member at the Agency for Health Care Administration in Florida using a phishing scam. The staff member was sent, and responded to, a malicious phishing email on November 15, 2017 and shared login details that permitted the attacker to remotely access his/her email account and, potentially, the protected health information of up to 30,000 Medicaid...

Read More
Half of Users Click Links Sent by Unknown Senders
Jan08

Half of Users Click Links Sent by Unknown Senders

A new report from Komodo security suggests that until at least 2020, phishing will remain the most commonly used tactic of conducting advanced attacks on businesses, for a very good reason. 50% of the time those attacks are successful. The worrying statistic comes from research conducted at Friedrich Alexander University in Germany in 2016, which suggests one in two computer users routinely click hyperlinks in emails from unknown...

Read More
Bronson Healthcare Group Phishing Attack Impacts 8,256 Patients
Jan06

Bronson Healthcare Group Phishing Attack Impacts 8,256 Patients

A recent Bronson Healthcare Group phishing attack has resulted in a hacker gaining access to the protected health information (PHI) of 8,256 patients. The attack allowed the hacker to gain access to the health system’s email system, which contained the names, medications, and treatment information of patients. No Social Security numbers or patients’ financial information was compromised, and its electronic medical record system was...

Read More
PhishLine Bought by Barracuda Networks
Jan03

PhishLine Bought by Barracuda Networks

The phishing simulation and security awareness training company PhishLine has been bought by Barracuda Networks. Barracuda Networks is expanding its phishing defense solutions and is planning on creating a comprehensive anti-phishing platform that includes data protection, gateway security, AI-based threat intelligence, security awareness training and phishing simulation exercises. Barracuda already offers its customers a broad range...

Read More
Cyberattacks on Hospitals on the Rise: 78% of Providers Attacked in 2017
Dec20

Cyberattacks on Hospitals on the Rise: 78% of Providers Attacked in 2017

There has been an increase in cyberattacks on hospitals in 2017, according to a recent Mimecast survey. The survey was conducted on 76 healthcare IT professionals in the United States. 78% said they had experienced a cyberattack in the past 12 months. Cyberattacks on hospitals take many forms. Hackers often take advantage of poor patching policies and misconfigured servers and databases, although email is the primary attack vector....

Read More
PhishMe Reaches 10 Million User Milestone
Dec17

PhishMe Reaches 10 Million User Milestone

Anti-phishing solution provider PhishMe has announced it has reached another impressive milestone. Its PhishMe Reporter solution has now been installed on more than 10 million workstations. Organizations can deploy a host of phishing defenses to prevent malicious emails from reaching inboxes; however, even advanced spam filters will not block 100% of phishing emails. There will always be some malicious emails that slip through the...

Read More
IRS Phishing Scam Targets Hotmail Users
Dec16

IRS Phishing Scam Targets Hotmail Users

A new IRS phishing scam has been detected that targets tax professionals and taxpayers who hold Hotmail email accounts. The scam has prompted the Internal Revenue Service to issue a warning to Hotmail users to be wary of emails that request personal and financial information. Each year, cybercriminals target tax payers and attempt to get them to reveal their personal information and Social Security numbers, which are used to file...

Read More
Soaring Value of Bitcoin Triggers Rise in Phishing Attacks on Bitcoin Wallets
Dec12

Soaring Value of Bitcoin Triggers Rise in Phishing Attacks on Bitcoin Wallets

Over the past few days, the value of Bitcoin has soared from $11,000 to more than $17,500, prompting hackers to increase the number of phishing attacks on Bitcoin wallets. While investors are cashing in on the surge in value, so too are attempts to steal Bitcoin. The purpose of the phishing attacks on Bitcoin wallets is simple. Get investors to reveal their account credentials and Bitcoin wallets can be plundered. There is also no...

Read More
Rise in HTTPS Phishing Websites Detected
Dec07

Rise in HTTPS Phishing Websites Detected

The past few years have seen many businesses transition from HTTP to HTTPS websites, but HTTPS phishing websites have similarly increased. A green padlock next to the URL indicates the website is secure and traffic between the browser and website is encrypted, but it does not mean the website is legitimate. All HTTPS means is the connection between the user and the website is secure and any data transferred between the two cannot be...

Read More
IronScales Raises $6.5 Million in Series A Funding
Dec06

IronScales Raises $6.5 Million in Series A Funding

Tel Aviv-based anti-phishing company IronScales has raised $6.5 million in Series A funding, bringing total equity funding to more than $8 million. IronScales has enjoyed continued double-digit growth over the past three years and has invested heavily in its threat detection, incident response, and threat intelligence sharing technologies. The company has recently been rated as one of the top ten companies to watch by Momentum...

Read More
DMARC Adoption Study Reveals Healthcare Industry Lags Behind Other Industry Sectors
Dec03

DMARC Adoption Study Reveals Healthcare Industry Lags Behind Other Industry Sectors

A recent DMARC adoption study by Agari has revealed the healthcare industry lags behind most other industry sectors on email authentication. Most of the top healthcare firms in the United States are failing to protect their customers and partners from phishing threats. Domain-based message authentication, reporting and conformance (DMARC) protects domains and stops domain abuse by phishers. While DMARC is highly effective at...

Read More
Most Successful Phishing Scams Revealed by PhishMe
Dec02

Most Successful Phishing Scams Revealed by PhishMe

What are the most successful phishing scams? Warnings about undelivered parcels? Security alerts that require users’ immediate attention? Documents that has been shared by contacts? According to a recent analysis by anti-phishing solution provider PhishMe, the most successful phishing scams, which have almost a 20% success rate, involve the use of entertainment-based triggers to get users to take the desired action. For its analysis,...

Read More
Medical College of Wisconsin Phishing Attack Affects 9,500 Patients
Nov29

Medical College of Wisconsin Phishing Attack Affects 9,500 Patients

The exposure of approximately 9,500 patients’ protected health information at the Medical College of Wisconsin has been caused by a phishing attack. The attackers were able to gain access to several staff members’ email accounts, which included a variety of sensitive information of patients and some faculty employees. The types of data in the accessed email accounts included names, addresses, medical record numbers, dates of birth,...

Read More
MediaPro Launches New Travel Security Awareness Training Course
Nov28

MediaPro Launches New Travel Security Awareness Training Course

Organizations can train their employees to be more security aware in the office, but when it comes to business trips, employees face additional security risks. Training employees to be more security aware when travelling can help them to avoid risky behaviors that could potentially lead to malware infections or the accidental disclosure of sensitive information. To help businesses deal with the added risks that come from business...

Read More
Warning Issued by IRS About Christmas Phishing Scams
Nov28

Warning Issued by IRS About Christmas Phishing Scams

Each year there is a wave of Christmas phishing scams during the holiday season, as cybercriminals attempt to steal sensitive information to enable them to file fraudulent tax returns. This year is likely to be no different. Last year saw a major increase in Christmas phishing scams, and the prospect of another barrage of phishing emails has prompted the IRS to issue a warning to consumers to be alert to new, sophisticated email scams...

Read More

Sophos Helps Consumers Avoid Phishing Scams When Shopping Online

Holiday season is a busy time for cybercriminals just as it is for online shoppers, so how can you avoid phishing scams when shopping online this festive season? Sophos has recently offers tips for consumers to help them avoid phishing scams when shopping online, highlighting some of the common tactics used by scammers, and how to recognize phishing websites and scam emails. One of the most common ways that scammers fool victims is...

Read More
Suspected UPMC Susquehanna Phishing Attack Exposes 1,200 Patients’ PHI
Nov23

Suspected UPMC Susquehanna Phishing Attack Exposes 1,200 Patients’ PHI

A network of hospitals and medical centers in Williamsport, Wellsboro and Muncy in Pennsylvania, called UPMC Susquehannam has revealed that the protected health information of 1,200 patients has possibly been accessed by unauthorized people. Access to patient information is thought to have been obtained after an worker replied to a phishing email. While information regarding the breach date have not been published, UPMC Susquehanna...

Read More
Phishing is the Biggest Security Threat in Australia
Nov22

Phishing is the Biggest Security Threat in Australia

The biggest security threat in Australia for businesses is phishing, according to a recent survey of IT professionals by anti-phishing solution provider PhishMe. The survey was conducted on IT professionals from a wide range of industry sectors including healthcare, finance, retail, manufacturing, high-tech, services, transportation, telecoms, and consumer services. The survey revealed that 89% of IT professionals that took part in...

Read More
KnowBe4 Highlights Six Cybersecurity Trends for 2018 to be Aware Of
Nov17

KnowBe4 Highlights Six Cybersecurity Trends for 2018 to be Aware Of

Security awareness training and anti-phishing vendor KnowBe4 has identified six cybersecurity trends for 2018 that all organizations need to be aware of. The cybersecurity predictions have been made by security experts who have been monitoring the rise in cyberattacks and phishing incidents over the past 12 months. There have been several growing threats throughout 2017 which are likely to continue to cause problems for unprepared...

Read More
Contacts Stolen and Spear Phishing Emails Sent by Ursnif Trojan
Nov17

Contacts Stolen and Spear Phishing Emails Sent by Ursnif Trojan

The financial sector banking Trojan Ursnif, one of the most commonly experienced banking Trojans, has before been used to attack banking institutions. However, it seems the individuals behind the malware have expanded their horizons, with cyberattacks now being carried out on a wide variety of groups across many different sectors, including healthcare. The new strain of the Ursnif Trojan was found by researchers at security firm...

Read More
Wombat Security Technologies Ranks #135 on Deloitte Technology Fast 500 List
Nov16

Wombat Security Technologies Ranks #135 on Deloitte Technology Fast 500 List

Deloitte has released its latest Technology Fast 500 List – A list of the fastest growing companies in the technology, life sciences, and telecommunications sectors in North America. For the third straight year, the anti-phishing vendor Wombat Security Technologies has been included in the list and has ranked in the top 150 companies in the United States. This year, the impressive 840% growth has seen Wombat Security Technologies rank...

Read More
PhishMe Included in 2017 Deloitte Technology Fast 500 List
Nov12

PhishMe Included in 2017 Deloitte Technology Fast 500 List

The 2017 Deloitte’s Technology Fast 500 has been published – a list of the top 500 fastest growing companies in the United States in the media, tech, telecoms, energy tech, and life sciences industries. For the third consecutive year, anti-phishing solution provider PhishMe has been included in the Deloitte Technology Fast 500 list. This year, in the overall rankings, PhishMe was ranked 200, and achieved position 114 in the software...

Read More
PhishLabs Launches New Phishing Threat Monitoring and Forensics Service
Nov10

PhishLabs Launches New Phishing Threat Monitoring and Forensics Service

The Charleston, South Carolina-based anti-phishing solution provider PhishLabs has launched a new Phishing Threat Monitoring & Forensics Service, which helps to identify phishing emails that have evaded spam filtering technologies. Even with a wide range of technologies in place to catch and quarantine phishing emails, some messages evade detection and are delivered to inboxes. This is why security awareness training for...

Read More
InfoSec Institute Launches New Phishing Defense Tool
Nov10

InfoSec Institute Launches New Phishing Defense Tool

The security awareness training company, the InfoSec Institute, has launched a new phishing defense tool called PhishDefender, which the firm claims can reduce phishing susceptibility to 0%. PhishDefender allows administrators to automatically set security controls based on real-time learner data, adjusting controls automatically based on the level of risk. PhishDefenser has been added to the firms SecurityIQ security awareness...

Read More
MediaPro Included in 2017 Gartner Magic Quadrant for Security Awareness
Nov09

MediaPro Included in 2017 Gartner Magic Quadrant for Security Awareness

Bothell, WA-based learning services company MediaPro has been named one of the leaders in the 2017 Gartner Magic Quadrant for Security Awareness Computer-Based Training. The company has been recognized for completeness of vision and ability to execute. This is the fourth consecutive year that the firm has earned the accolade and has made the Leaders Quadrant. Gartner explained that the company offers “one of the most flexible...

Read More
PhishLine Partners with Pipeline Security and Moves into the Japanese Market
Nov06

PhishLine Partners with Pipeline Security and Moves into the Japanese Market

Milwaukee-based security awareness training and anti-phishing vendor PhishLine has announced a new partnership with the Tokyo-based firm Pipeline Security. It is hoped that this new partnership will help PhishLine improve its footprint in east Asia and fortify its presence in the Japanese security market. Pipeline Security is a well-respected security firm that serves many top-tier businesses in Japan, offering a range of security...

Read More
Study Reveals Extent to Which Combosquatting is Used by Hackers
Nov02

Study Reveals Extent to Which Combosquatting is Used by Hackers

The use of combosquatting is on the rise, although until recently, the extent to which combosquatting was being used by cybercriminals was not known. However, a new study that examined more than 468 billion DNS records has revealed the practice is far more common than typosquatting. More than 100 times as common in fact. What is Combosquatting? Combosquatting is the use of a trademark in combination with another word in a domain. For...

Read More
Inky Awarded Cyber Start-Up Company of the Year Award
Nov01

Inky Awarded Cyber Start-Up Company of the Year Award

A new player in the anti-phishing arena, Inky, has received a Cyber Start-up Company of the Year Award at the inaugural Infosecurity North America conference in Boston. Inky was one of four start-ups pitching a panel of four venture capitalist judges for the award. The company and its innovative anti-phishing solution won over the judges. Inky has developed a new phishing defense solution called Phish Fence. Phish Fence is a platform...

Read More
PhishMe Recognized as Leader by Gartner: Added to Magic Quadrant for Security Awareness CBT
Oct31

PhishMe Recognized as Leader by Gartner: Added to Magic Quadrant for Security Awareness CBT

For the second consecutive year, PhishMe has been included in the Leader’s Magic Quadrant for Security Awareness CBT by Gartner, recognizing the commitment and capabilities of the company and the excellence of its anti-phishing solution and security awareness training program. 12 vendors were assessed for the 2017 Magic Quadrant for Security Awareness CBT for the ability to execute and for completeness of vision. PhishMe was ranked...

Read More
KnowBe4 Secures $30 Million Investment in Series B Funding Round
Oct31

KnowBe4 Secures $30 Million Investment in Series B Funding Round

Anti-phishing solution provider KnowBe4 has secured $30 million of growth capital in its latest series B funding round, bringing its total financing up to $44 million. The latest round of funding was led by a new investor – Goldman Sachs Growth Equity. The additional capital will primarily be used to fuel growth in international markets, with some funds used for product development. The new investment comes after impressive third...

Read More
New Matrix Ransomware Malvertising Campaign Detected
Oct30

New Matrix Ransomware Malvertising Campaign Detected

A new Matrix ransomware malvertising campaign has been detected. The campaign uses malicious adverts to direct users to a site hosting the Rig exploit kit. Flash and IE vulnerabilities are exploited to download the malicious file-encrypting payload. The new Matrix ransomware malvertising campaign was detected by security researcher Jérôme Segura. Matrix ransomware is not a new threat, having first been detected in late 2016. The...

Read More