Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Spear phishing plays a significant role in causing data breaches and cyberattacks. It costs businesses and individuals millions of dollars each year. Spear phishing is different from traditional phishing, which covers a broad spectrum. It targets specific individuals or organizations and uses tricks to make the victim reveal some sensitive information. This article explores spear phishing. It covers its unique traits and offers expert tips to identify and stop such attacks.

In this post, we’ll explore what cloud email filtering is, how it works, its key features, benefits, and the top providers in the market.

An email phishing campaign is targeting popular YouTube creators with phony collaboration offers, according to researchers at CloudSEK. The emails contain OneDrive links designed to trick users into installing malware. “The malware is hidden within attachments such as Word documents, PDFs, or Excel files, often masquerading as promotional materials, contracts, or business proposals,” the researchers explain.

Threat actors impersonate HR in seasonal phishing campaign, Zloader receives new features and capabilities, and new details emerge about Secret Blizzard.

In 2024, phishing threats have become more sophisticated, with cybercriminals leveraging new methods such as quishing and multi-channel attacks. The growing complexity is evident in recent data, with a rise in incidents reported to the ICO in the UK and a 10% increase in complaints, including phishing/spoofing, filed with the FBI's Internet Crime Complaint Center (IC3) in the US.

Over the last few months, the topic of email bombing has been brought to our attention multiple times, mostly queries from customers that go something like this: “I have a few users experiencing some sort of spam attack, where they are receiving thousands of random registration or subscription emails. What do I do, and why is it occurring? Help!” This scenario is known as email or subscription bombing.

Threat actors are using voice phishing (vishing) attacks via Microsoft Teams in an attempt to trick victims into installing the DarkGate malware, according to researchers at Trend Micro. “The attacker used social engineering to manipulate the victim to gain access and control over a computer system,” Trend Micro says.

The role of generative AI in cybersecurity increases in direct proportion to the use of GenAI models among cybercriminals. Since attackers can now churn out human-like text, manipulate media, and create unrecognizable malware variants on a larger scale, organizations should rethink traditional approaches to email security. Generative AI can help them turn the tables on threat actors by beefing up their defenses against AI-powered email attacks.

Despite a ransomware payment controversy, some companies still decide to yield to the attacker’s requests. Doing so may seem like the easiest way out, but it comes with its own set of complications, both ethical and legal.