Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

A whaling attack is a type of phishing attack that targets senior executives. The act of whaling is usually perpetrated via email and involves deceiving victims into initiating actions that put the organization and its assets at risk. In this blog, we explore how a whaling attack works, why executives are targeted, examples of successful whaling attacks, and steps you can take to prevent them.

The latest data from Comcast Business’ analysis of over 23.5 billion cyber attacks on their business customers shows the importance and role of phishing in attacks. Over the years there has been a consistent mantra, where everyone agrees that “90-something” percent of cyber attacks start with phishing. There have been plenty of sources that corroborate this using percentages in the 90th percentile, but the overall message is phishing is your greatest Initial Access tactic.

In the digital realm, email communication has become the standard form of communication in our personal, work, and education. Due to the information we consistently send via email, they could easily fall into the wrong hands if left unprotected, bringing about dire consequences such as identity theft and financial losses. To avoid such nightmares, you can use a temporary email to keep your email safe from spam or an encrypted email to protect the contents of the emails you send.

At Black Hat USA 2023, a session led by a team of security researchers, including Fredrik Heiding, Bruce Schneier, Arun Vishwanath, and Jeremy Bernstein, unveiled an intriguing experiment. They tested large language models (LLMs) to see how they performed in both writing convincing phishing emails and detecting them. This is the PDF technical paper.

Read also: A Bitfinex hacker pleads guilty, over €2M seized in a major crackdown on West African crime groups, and more.

Threat actors abuse Google AMP for evasive phishing attacks, hackers exploit Salesforce’s email services in targeted Facebook phishing campaign, and Russian actor BlueCharlie alters infrastructure in response to disclosures.

A record 2,322 scams in Japan to steal internet banking IDs and passwords have resulted in unauthorized money transfers totaling a record of around 3 billion yen ($21 million) in the first half of this year, a report by the National Police Agency showed Tuesday. The number of cases mainly involving phishing this year has already surpassed the annual total of any previous year, with the financial loss approaching the record high of 3.07 billion yen set in 2015, according to the agency.

Common indicators of a phishing attempt include warnings from your email service provider, urgent language, threat of dire consequences, too-good-to-be-true offers and more. Continue reading to learn what to look for to spot phishing attempts and how to keep yourself protected.

As a security awareness practitioner, keeping your pulse on industry - and geographical - benchmarking data and best practices is always a good way to measure your organization’s security awareness success. That’s why KnowBe4 has launched its Phishing Benchmarking Analysis Center. It’s intended as a fun, interactive digital hub that allows you to slice and dice security awareness benchmarking data from across various industries and geographical regions.