Analysis of nearly a year’s worth of emails brings insight into exactly what kinds of malicious content are being used, who’s being impersonated, and who’s being targeted. I love data built on statistically relevant data samples, as the larger the data set, the more relevant and representative of an entire industry, country, or world it is. One such report is Hornetsecurity’s just released Cyber Security Report 2024.

Phishing, already a serious, ever-present threat, is getting even more pernicious thanks to ChatGPT, which enables threat actors to craft more realistic emails. Clearly, organizations need a way to fight back that recognizes the depth of the threat, including by employing managed detection and response services.

As the holiday season approaches, so does the annual surge in online shopping and holiday package tracking. Unfortunately, this joyous time has also become a prime hunting ground for cybercriminals. In a concerning development, cybersecurity experts are sounding the alarm about a new weapon in the phishing attackers' arsenal: generative artificial intelligence (AI).

First ever insight into those annoying spam calls provides enlightening detail into how many calls are there, where are they coming from, and how much time is wasted dealing with them. It’s sort of the new normal - never answer your phone if you don’t know the caller and let it go to voicemail. Why? Because of the proliferation of spam calls that nobody wants to receive. But just how bad is it? Global communications provider, Truecaller, released its’ first Monthly U.S.

Surveys, unfortunately, show that the vast majority of organizations do little to no security awareness training. The average organization, if it does security awareness training, does it once annually, likely as part of a compliance program. It is not enough We know from customer data collected, involving many tens of millions of records, over 10 years, that the more frequently an organization does training and simulated phishing, the better able their staff is able to spot phishing attacks.

QR code phishing, most commonly referred to as “quishing,” is a type of phishing attack that tricks users into scanning QR codes to steal personal information such as login credentials or credit card numbers. When a user scans a QR code created for a quishing attack, they are taken to a malicious website that either downloads malware on their phone or asks for their personal information.

You would be hard-pressed to find an author and organization (KnowBe4) that has pushed the use of phishing-resistant multi-factor authentication (MFA) harder. When the world was touting “MFA,” we were shouting “PHISHING-RESISTANT MFA” even louder, including here: Today, many of the world’s leading cybersecurity voices, including CISA, Microsoft and Google are pushing phishing-resistant MFA. Here is CISA’s take on it.

On July 26, the U.S. Security & Exchange Commission (SEC) announced several new cybersecurity rules, taking affect mid-December 2023, that will significantly impact all U.S. organizations (and foreign entities doing business in the U.S.) that must follow SEC regulations. Although the announcement did not generate a ton of fanfare off the normal business and cybersecurity sites, the rules will greatly increase resource requirements and actions.

New data shows how the overwhelming majority of phishing attacks on financial institutions dwarf every other industry sector by as much as a factor of 30-to-1. It’s no secret that banks and other types of financial institutions hold all the money, so it should be no surprise that's where cybercriminals focused their malicious activities last year, according to Group IB’s Digital Risk Trends 2023 report.

Researchers at McAfee warn that attackers are increasingly utilizing PDF attachments in email phishing campaigns. “Over the last four months, McAfee Labs has observed a rising trend in the utilization of PDF documents for conducting a succession of phishing campaigns,” the researchers write. “These PDFs were delivered as email attachments. Attackers favor using PDFs for phishing due to the file format’s widespread trustworthiness.".