In today’s flexible and fast-paced digital environment, email still remains the backbone of communication for many organizations. Employee email accounts are chock-full of sensitive information from intellectual property to customer data, which makes securing email servers crucial. Data leakage and unauthorized access not only disrupt operations and cost time and money to fix, but they can also damage an organization’s reputation.

Nearly half (46%) of businesses observed an increase in deepfakes and generative AI-related fraud last year, a new report from AuthenticID has found. Additionally, phishing attempts increased by 76% in 2024, and more than 90% of cyberthreats were driven by social engineering. The report also noted a rise in workplace-related fraud, including employee impersonation and account takeover.

Researchers at Cisco Talos warn that a new phishing campaign is targeting users in Germany and Poland in an attempt to deliver several strains of malware, including a new backdoor dubbed “TorNet.” The phishing emails purport to be fake money transfer confirmations from financial institutions or phony order receipts from manufacturing and logistics companies.

Researchers at Zimperium warn that a large phishing campaign is impersonating the US Postal Service (USPS) to target mobile devices with malicious PDF files. The goal of the campaign is to direct users to a spoofed USPS website designed to harvest personal information. “The investigation into this campaign uncovered over 20 malicious PDF files and 630 phishing pages, indicating a large-scale operation,” the researchers write.

Read also: Major hacking forums seized in an international police op, British trio running the OTP.Agency vishing service sentenced, and more.

Microsoft, Apple, and Google were the most commonly impersonated brands in phishing attacks last quarter, according to researchers at Check Point. “Microsoft retained its dominance as the most imitated brand in phishing schemes, accounting for a staggering 32% of all attempts,” Check Point says. “Apple followed with 12%, while Google ranked third. Notably, LinkedIn reentered the list at fourth place, emphasizing the persistent targeting of technology and Social Network brands.

There was some good, bad, and neutral news when it comes to email threats in December 2024, according to new data compiled by Trustwave SpiderLabs’ MailMarshal email security team. Trustwave SpiderLabs’ PageML, which is used in MailMarshal’s Blended Threat Module (BTM), flagged 19 million malicious URLs for VirusTotal, of which 2.2 million detections were only picked up by Trustwave. The team reported that 25% of all incoming spam emails were in fact phishing attacks of some type.

Phishing attacks are the most common security issue for smartphone users, according to a new study by Omdia. The survey found that nearly a quarter (24%) of respondents have fallen victim to a mobile phishing attack. The second most common mobile threat was malware, which is usually delivered via social engineering. The researchers note that phishing attacks reached all the smartphones assessed in the study, regardless of vendor.