Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

A record 2,322 scams in Japan to steal internet banking IDs and passwords have resulted in unauthorized money transfers totaling a record of around 3 billion yen ($21 million) in the first half of this year, a report by the National Police Agency showed Tuesday. The number of cases mainly involving phishing this year has already surpassed the annual total of any previous year, with the financial loss approaching the record high of 3.07 billion yen set in 2015, according to the agency.

Common indicators of a phishing attempt include warnings from your email service provider, urgent language, threat of dire consequences, too-good-to-be-true offers and more. Continue reading to learn what to look for to spot phishing attempts and how to keep yourself protected.

As a security awareness practitioner, keeping your pulse on industry - and geographical - benchmarking data and best practices is always a good way to measure your organization’s security awareness success. That’s why KnowBe4 has launched its Phishing Benchmarking Analysis Center. It’s intended as a fun, interactive digital hub that allows you to slice and dice security awareness benchmarking data from across various industries and geographical regions.

As traditional phishing attack attachment types like Office documents dwindle in use, threat actors look for new effective ways to use email as a delivery medium to launch an attack. We’ve seen email attachments being used in cyberattacks for decades now, so it shouldn’t come as a surprise to anyone working in an office that a strange attachment type may be malicious. And yet, this trend continues, despite threat actors changing which types of attachments to use.

Seeking very large paydays, Vendor Email Compromise (VEC) threat actors are finding out what works and repurposing their content and processes to increase chances of seeing a massive payout. VEC is a form of Business Email Compromise (BEC) where an email account isn’t just impersonated (e.g., using someone’s name, a lookalike domain, etc.) but actually compromising credentials and taking over an account of someone within an organization.

Staying one step ahead of cybercriminals is absolutely vital in today’s threat landscape. That's why we're thrilled to introduce PhishER Plus, a revolutionary product from KnowBe4 that takes your anti-phishing defense to a whole new level. Phishing attacks remain the top cyberthreat out there. It's tough to keep up with the ever-evolving techniques of bad actors.

In this comprehensive guide, we will delve into the world of DMARC (Domain-based Message Authentication, Reporting, and Conformance) and explore how it enhances email security, protects against phishing attacks, and ensures the authenticity of emails. As a leading expert in cybersecurity, we will provide you with valuable insights and detailed information on how DMARC works, its benefits, implementation steps, and best practices.

Researchers at BlueVoyant warn that attackers are increasingly adding an extra step to their phishing campaigns, impersonating third-parties to lend credibility to the scams. “Third-party phishing sites…will include some characteristics of the original flow, with an added step – the initial impersonation that establishes credibility to the end user is a service that is not connected to the targeted organization,” the researchers write.

During the summer months, when employees and customers are away on vacation, things usually slow down for businesses. But for cybercriminals, the opposite is true because they are busy taking advantage of minimal staffing levels in companies during the vacation period to launch complex attacks. The U.S. Federal Cybersecurity and Infrastructure Security Agency (CISA), warns that the risk of being hit by a cyberattacks rises over the holidays and summer vacation-themed phishing attacks gain momentum.