Common indicators of a phishing attempt include warnings from your email service provider, urgent language, threat of dire consequences, too-good-to-be-true offers and more. Continue reading to learn what to look for to spot phishing attempts and how to keep yourself protected.
As a security awareness practitioner, keeping your pulse on industry - and geographical - benchmarking data and best practices is always a good way to measure your organization’s security awareness success. That’s why KnowBe4 has launched its Phishing Benchmarking Analysis Center. It’s intended as a fun, interactive digital hub that allows you to slice and dice security awareness benchmarking data from across various industries and geographical regions.
Staying one step ahead of cybercriminals is absolutely vital in today’s threat landscape. That's why we're thrilled to introduce PhishER Plus, a revolutionary product from KnowBe4 that takes your anti-phishing defense to a whole new level. Phishing attacks remain the top cyberthreat out there. It's tough to keep up with the ever-evolving techniques of bad actors.
As traditional phishing attack attachment types like Office documents dwindle in use, threat actors look for new effective ways to use email as a delivery medium to launch an attack. We’ve seen email attachments being used in cyberattacks for decades now, so it shouldn’t come as a surprise to anyone working in an office that a strange attachment type may be malicious. And yet, this trend continues, despite threat actors changing which types of attachments to use.
Seeking very large paydays, Vendor Email Compromise (VEC) threat actors are finding out what works and repurposing their content and processes to increase chances of seeing a massive payout. VEC is a form of Business Email Compromise (BEC) where an email account isn’t just impersonated (e.g., using someone’s name, a lookalike domain, etc.) but actually compromising credentials and taking over an account of someone within an organization.
Researchers at BlueVoyant warn that attackers are increasingly adding an extra step to their phishing campaigns, impersonating third-parties to lend credibility to the scams. “Third-party phishing sites…will include some characteristics of the original flow, with an added step – the initial impersonation that establishes credibility to the end user is a service that is not connected to the targeted organization,” the researchers write.
During the summer months, when employees and customers are away on vacation, things usually slow down for businesses. But for cybercriminals, the opposite is true because they are busy taking advantage of minimal staffing levels in companies during the vacation period to launch complex attacks. The U.S. Federal Cybersecurity and Infrastructure Security Agency (CISA), warns that the risk of being hit by a cyberattacks rises over the holidays and summer vacation-themed phishing attacks gain momentum.
Researchers at Akamai describe a credential phishing campaign that’s been running since at least March 2022. Due to the volume of traffic to the phishing sites, the researchers estimate that the attackers are raking in up to $150,000 per year by selling the stolen credentials. “This ongoing research led to the discovery of multiple templated sites used as front-ends for the scam infrastructure that have been tied to more than 40,000 malicious routing domains,” the researchers write.
