Egress’ Threat Intelligence Team has identified that over 7% of global phishing attacks now use an emerging obfuscation technique that employs Accelerated Mobile Page (AMP) links to mask malicious URLs. Often embedded in phishing emails that impersonate well-known brands, threat actors aim to undermine the 'hover' technique taught in most security awareness training programs.

Enforce identity verification throughout the employee life cycle using Persona and Okta’s out-of-the-box integration for identity verification. Joshua Rodriguez is a product marketing manager at Persona focused on our Graph product and financial institution and public sector verticals. You'll find him around the Bay Area exploring museums with his wife and young daughter.

If you think you’ve accidentally opened a phishing PDF, it’s important to immediately disconnect your device from the internet, back up your files, run a virus scan on your device and change your passwords. Typically, you can spot a phishing attempt if an email contains urgent and threatening language, too-good-to-be-true offers, spelling and grammatical errors or requests for private information.

Attackers are abusing Eventbrite’s scheduling platform to send phishing emails, according to researchers at Perception Point. These attacks increased by 900% between July and October 2024. “Perception Point researchers observed phishing emails delivered via ‘noreply@events.eventbritecom,’” the researchers write.

Threat actor uses the Gophish toolkit in phishing campaigns, attackers bypass secure email gateways and antivirus scanners, and Bumblebee malware returns.

Sophos describes a QR code phishing (quishing) campaign that targeted its employees in an attempt to steal information. The attackers sent phishing emails that appeared to be related to employee benefits and retirement plans. The emails contained PDF attachments which, when opened, displayed a QR code. If an employee scanned the code, they would be taken to a phishing page that spoofed a Microsoft 365 login form. The page was designed to steal login credentials and multi-factor authentication codes.

To stop receiving most spam emails, you can report them, block spam email addresses, make a burner email account and remove third-party account access. Spam emails are unwanted messages sent to many people, usually to advertise an item or service. According to Statista, approximately 46% of email traffic as of December 2023 could be classified as spam.

Halloween-themed spam and phishing emails have surged over the past two months, with a significant increase beginning in October, according to researchers at Bitdefender. “Bitdefender’s telemetry indicates a sharp rise in Halloween-themed spam throughout September and October,” the researchers write. “However, Halloween-themed spam rose 18% percentage points between 1-16 October 2024, compared to the entire month of September.

Sophisticated threat actors are increasingly targeting organizations with tailored phishing campaigns. Recently, SecurityScorecard detected a similar attempt against our team—and stopped it in its tracks. We’re sharing our findings to support the InfoSec community and strengthen collective defenses against continually evolving threats.