Resecurity is tracking a cybercriminal gang called “GXC Team” that develops and sells tools to facilitate online banking theft and social engineering attacks. In November, the gang began selling a tool that uses artificial intelligence to craft fraudulent invoices for use in business email compromise (BEC) attacks. The invoices can hijack business transactions by replacing banking information contained in legitimate invoices.

Yes, passkeys are phishing-resistant because they are built on the WebAuthn standard which is an authentication standard that uses public key cryptography to authenticate a user’s identity before they’re able to log in to their account. Continue reading to learn more about what makes passkeys phishing-resistant, plus the additional benefits of signing in to your accounts with passkeys over passwords.

Researchers at Scam Sniffers have found that phishing attacks stole nearly $295 million worth of cryptocurrency from 324,000 victims in 2023, CryptoSlate reports. The cryptocurrency is stolen by malware delivered via phishing sites. “Wallet Drainers, a type of malware related to cryptocurrency, has achieved significant success over the past year,” the researchers write.

Last year was a ground-breaking year for cybersecurity advancements and attacks, with new developments making headlines globally. As threats become more complex and innovative, cybersecurity experts need to stay abreast with themes and patterns within the latest attacks. As we look forward through 2024, we asked experts from our threat intelligence, product management, and customer service teams at Egress to share their predictions for what’s to come in 2024 in this dynamic landscape.

As people have grown comfortable with e-commerce and email correspondence, the techniques of scammers have become increasingly sophisticated and hard to detect. Many of us have heard of phishing attacks, in which bad actors coerce people into handing over sensitive information. These are usually carried out by impersonating a trusted third party – and overwhelmingly through email (Deloitte, 2020).

A newly-discovered technique misusing SMTP commands allows cybercriminals to pass SPF, DKIM and DMARC checks, empowering impersonated emails to reach their intended victim. Earlier this month, Timo Longin, security researcher with cybersecurity consulting firm SEC Consult published details on what is now referred to as SMTP Smuggling.

Threat actors constantly improve their tactics and are always on the hunt for technical or social vulnerabilities they can exploit. The pandemic-induced Great Resignation, massive layoffs, continuous company restructuring, and upcoming holidays make this a very busy time of changes in the labor force. Due to this upheaval, employees are always on the lookout for any updates from their Human Resources (HR) department, as HR often sends updates or notifications via company-wide email.

Life is full of problems. A product manager's life is that, and more! But it’s also the very reason we have been able to contribute to many, many awesome products. Since becoming a product manager, I’ve learned that the problems worth solving aren't always easy to spot and you have to do some sifting, rejecting and re-framing to get to the good stuff.

Following the release of the Phishing Threat Trends Report, we recently hosted the Human Risk Summit, a virtual gathering of top industry leaders to discuss human risk in cybersecurity.