The massive uptick in business email compromise (BEC) is considered one of the costliest attack types, requiring organizations to put employees on notice to stay vigilant. The latest research from the FBI puts the average cost of BEC attacks at around $125,000. What makes them so dangerous is that they largely rely on text-only emails using social engineering to trick those with finance responsibilities into parting with the money they control.

American global manufacturer of cleaning products Clorox stated that recent sales and profit loss to a cyber attack. In a statement from Clorox's press release, "As previously disclosed, the Company believes the cybersecurity attack has been contained and the Company is making progress in restoring its systems and operations. The available information does not confirm whether the Clorox cyber attack was a ransomware incident.

The most often recommended piece of anti-phishing advice is for all users to “hover” over a URL link before clicking on it. It is great advice. It does assume that the involved users know how to tell the difference between rogue and legitimate URL links. If you or someone you know does not know how to tell the difference between malicious and legitimate URL links, tell them to watch my one-hour webinar on the subject. We are going to recommend a slight update on the rule.

Menlo Security warns that a social engineering campaign is using the EvilProxy phishing kit to target senior executives across a range of industries, including banking and financial services, insurance, property management and real estate, and manufacturing.

Gartner issued a press release that forecasted global security and risk management end-user spending to reach $188.1 billion, along with worldwide end-user spending on security and risk management projected to be $215 billion in 2024.

Threat actors continue to use generative AI tools to craft convincing social engineering attacks, according to Glory Kaburu at Cryptopolitan. “In the past, poorly worded or grammatically incorrect emails were often telltale signs of phishing attempts,” Kaburu writes. “Cybersecurity awareness training emphasized identifying such anomalies to thwart potential threats. However, the emergence of ChatGPT has changed the game.

If you didn't trust contactless payment processors before, you really won't after hearing about this recent scam. The Aurora Police Department Economic Crimes Unit posted this tweet last week with a warning: Source: Twitter In a statement by Aurora Police Sergeant's Dan Courtenay on how cybercriminals obtain the user data to FOX31, “Now they have Bluetooth, where they can just sit in the parking lot of the gas station and it feeds right onto their laptop,” Courtenay said.

DomainTools is tracking an increase in SMS phishing (or “smishing”) campaigns impersonating the US Postal Service (USPS). The text messages inform recipients that there’s a problem with their delivery address and they need to click on a link to resolve the issue.

A recent attack on an undisclosed Spanish aerospace company all started with messages to the company's employees that appeared to be coming from Meta recruiters, via LinkedIn Messaging. ESET researchers uncovered the attack and attributed it to the Lazarus group, particularly a campaign dubbed Operation DreamJob. This campaign by the Lazarus group was aimed at defense and aerospace companies with the goal of carrying out cyberespionage.