CSO and Phishing - Cyber Security Informer

Real Big Phish: Mobile Phishing & Managing User Fallibility

Threatpost

JANUARY 14, 2022

Phishing is more successful than ever. Daniel Spicer, CSO of Ivanti, discusses emerging trends in phishing, and using zero-trust security to patch the human vulnerabilities underpinning the spike.

Phishing

Phishing CSO Mobile InfoSec

Most interesting products to see at RSA Conference 2023

CSO Magazine

APRIL 21, 2023

That’s a lot of ground to cover, so CSO has sifted through the upcoming announcements and gathered the products and services that caught our eye here. More announcements will be made throughout the event, and CSO will update this article as their embargoes break. We’ve organized the listings by day of announcement.

CSO

CSO Phishing Software

9 tips to prevent phishing

CSO Magazine

JULY 25, 2022

Phishing , in which an attacker sends a deceptive email tricks the recipient into giving up information or downloading a file, is a decades-old practice that still is responsible for innumerable IT headaches. The fight against phishing is a frustrating one, and it falls squarely onto IT's shoulders.

Phishing

Phishing Passwords Malware

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

10 top anti-phishing tools and services

CSO Magazine

APRIL 28, 2022

Phishing continues to be one of the primary attack mechanisms for bad actors with a variety of endgames in mind, in large part because phishing attacks are trivial to launch and difficult to fully protect against. Why phishing is successful. Most phishing attacks are less about the technology and more about social engineering.

Phishing

Phishing Social Engineering Engineering Technology

7 guidelines for identifying and mitigating AI-enabled phishing campaigns

CSO Magazine

MARCH 20, 2023

The natural language generation capabilities of large language models (LLMs) are a natural fit for one of cybercrime’s most important attack vectors: phishing. Phishing relies on fooling people and the ability to generate effective language and other content at scale is a major tool in the hacker’s kit.

Phishing

What are phishing kits? Web components of phishing attacks explained

CSO Magazine

APRIL 1, 2021

Editor's note: This article, originally published on August 7, 2018, has been updated to include new information on phishing kit features. Phishing is a social attack, directly related to social engineering. Commonly centered around email, criminals use phishing to obtain access or information.

Phishing

Phishing Social Engineering Engineering

What is phishing? Examples, types, and techniques

CSO Magazine

APRIL 12, 2022

Phishing definition. Phishing is a type of cyberattack that uses disguised email as a weapon. Phish" is pronounced just like it's spelled, which is to say like the word "fish"—the analogy is of an angler throwing a baited hook out there (the phishing email) and hoping you bite.

Phishing

Phishing Social Engineering Banking Engineering

Phishing remained the top identity abuser in 2022: IDSA report

CSO Magazine

MAY 31, 2023

Phishing was the most common type of identity-related incident in 2022, according to a study by Identity Defined Security Alliance (IDSA), a non-profit, identity and security intelligence firm.

Phishing

Phishing Security Intelligence

4 steps to protect the C-suite from business email compromise attacks

CSO Magazine

OCTOBER 4, 2021

Learn 8 types of phishing attacks and how to identify them and how BEC attacks take phishing to the next level. Sign up for CSO newsletters. ].

CSO

CSO Phishing Accountability

How attackers could exploit breached T-Mobile user data

CSO Magazine

AUGUST 23, 2021

These include SMS/text-based phishing, SIM swapping and unauthorized number porting. Related: The T-Mobile data breach: A timeline | Get the latest from CSO by signing up for our newsletters. ] To read this article in full, please click here

Mobile

Mobile CSO Data breaches Phishing

PIXM releases new computer vision solution for mobile phishing

CSO Magazine

MAY 25, 2022

Computer vision cybersecurity startup PIXM has expanded its line of antiphishing products with the launch of PIXM Mobile, a solution to protect individuals and enterprises from targeted and unknown phishing attacks on mobile devices. To read this article in full, please click here

Mobile

Mobile Phishing Media Technology

New phishing technique poses as a browser-based file archiver

CSO Magazine

MAY 29, 2023

A new phishing technique can leverage the “file archiver in browser” exploit to emulate an archiving software in the web browser when a victim visits a.zip domain, according to a security researcher identifying as mr.d0x. Performing this attack first requires you to emulate a file archive software using HTML/CSS,” said mr.d0x in a blog post.

Phishing

Phishing Software

6 reasons why your anti-phishing strategy isn’t working

CSO Magazine

MARCH 13, 2023

Phishing attempts are typically like fishing in a barrel — given enough time, a bad actor is 100% likely to reel in a victim. Once they recognize organizations as habitually vulnerable, they will continue to target them and the barrel-fishing cycle goes on and on.

Phishing

Previously undocumented backdoor targets Microsoft’s Equation Editor

CSO Magazine

APRIL 30, 2021

Sign up for CSO newsletters. ]. Spear-phishing attack targets Russian defense contractor. In this instance, the target of the spear-phishing attack was a general director working at the Rubin Design Bureau, a Russia-based defense contractor that designs nuclear submarines for the Russian Federation’s Navy.

CSO

CSO Phishing Cybersecurity

Top cybersecurity statistics, trends, and facts

CSO Magazine

OCTOBER 7, 2021

This historic increase in cybercrime resulted in everything from financial fraud involving CARES Act stimulus funds and Paycheck Protection Program (PPP) loans to a spike in phishing schemes and bot traffic. Get the latest from CSO by signing up for our newsletters. ] Learn the The 5 types of cyberattack you're most likely to face. |

CSO

CSO Cybersecurity Cybercrime Phishing

8 top multifactor authentication products and how to choose an MFA solution

CSO Magazine

OCTOBER 19, 2021

Whether it’s advanced phishing techniques, credential stuffing, or even credentials compromised through social engineering or breaches of a third-party service, credentials are easily the most vulnerable point in defending corporate systems. Get the latest from CSO by signing up for our newsletters. ]

Authentication

Authentication CSO Social Engineering Engineering

Study shows attackers can use ChatGPT to significantly enhance phishing and BEC scams

CSO Magazine

JANUARY 11, 2023

Security researchers have used the GPT-3 natural language generation model and the ChatGPT chatbot based on it to show how such deep learning models can be used to make social engineering attacks such as phishing or business email compromise scams harder to detect and easier to pull off.

Scams

Scams Phishing Social Engineering Engineering

Iranian hacking group targets Israel with improved phishing attacks

CSO Magazine

APRIL 26, 2023

Iranian state-sponsored threat actor, Educated Manticore, has been observed deploying an updated version of Windows backdoor PowerLess to target Israel for phishing attacks, according to a new report by Check Point. To read this article in full, please click here

Phishing

Phishing Education Hacking

What is spear phishing? Examples, tactics, and techniques

CSO Magazine

APRIL 7, 2022

Spear phishing definition. Spear phishing is a targeted email attack purporting to be from a trusted sender. In spear phishing attacks, attackers often use information gleaned from research to put the recipient at ease. To read this article in full, please click here

Phishing

Phishing Social Engineering Engineering Malware

Attackers use stolen banking data as phishing lure to deploy BitRAT

CSO Magazine

JANUARY 4, 2023

In a case that highlights how attackers can leverage information from data breaches to enhance their attacks, a group of attackers is using customer information stolen from a Colombian bank in phishing attacks with malicious documents, researchers report. Stolen data used to add credibility to future attacks.

Banking

Banking Phishing Data breaches Marketing

Guardz releases AI-powered phishing protection solution for SMEs, MSPs

CSO Magazine

JUNE 8, 2023

Cybersecurity vendor Guardz has announced the release of a new AI-powered phishing protection solution to help small- and medium-sized businesses (SMBs) and managed service providers (MSPs) prevent phishing attacks. To read this article in full, please click here

Phishing

Phishing Small Business Data breaches Technology

New hyperactive phishing campaign uses SuperMailer templates: Report

CSO Magazine

MAY 24, 2023

Emails containing the unique SuperMailer string barely registered in January and February, but in the first half of May they accounted for over 5% of credential phishing emails.” To read this article in full, please click here

Phishing

Phishing Cyber threats Network Security Accountability

Phishing attacks increase by over 31% in third quarter: Report

CSO Magazine

OCTOBER 28, 2022

Email security and threat detection company Vade has found that phishing emails in the third quarter this year increased by more than 31% quarter on quarter, with the number of emails containing malware in the first three quarters surpassing the 2021 level by 55.8

Phishing

Phishing Threat Detection Malware

BrandPost: New Dirty Tricks and the Latest Insights on Phishing

CSO Magazine

DECEMBER 8, 2021

When it comes to cybersecurity, phishing is one of the oldest tricks in the book. Phishing has evolved,” says Chester Wisniewski, principal research scientist at Sophos. These days phishing emails often lead to ransomware, crypto jacking, or data theft. But it is still incredibly hard to defend against. The reason?

Phishing

Phishing Ransomware Cybersecurity

Microsoft takes top spot as most impersonated brand in phishing

CSO Magazine

JULY 28, 2022

Microsoft toppled Facebook for the top spot in the 25 most impersonated brands by phishers in the first half of 2022, with a total of 11,041 unique phishing URLs, according to Vade's latest Phishers' Favorites report. To read this article in full, please click here

Phishing

Phishing Malware

BrandPost: New and evolving phishing attacks using AI platforms like ChatGPT are causing major issues

CSO Magazine

APRIL 25, 2023

Phishing attacks are one of the most significant threats that organizations face today. As businesses increasingly rely on digital communication channels, cybercriminals exploit email, SMS, and voice communication vulnerabilities to launch sophisticated phishing attacks.

Phishing

Phishing Retail Education Risk

5 best practices for conducting ethical and effective phishing tests

CSO Magazine

MAY 26, 2021

Phishing simulations—or phishing tests—have become a popular feature of cybersecurity training programs in organizations of all sizes.

Phishing

Phishing Authentication Cybersecurity

Facebook and Microsoft are the most impersonated brands in phishing

CSO Magazine

MARCH 4, 2022

Facebook jumped to the top spot in the 20 most impersonated brands by phishers in 2021, representing 14% of phishing pages, according to Vade's annual Phishers' Favorites report. To read this article in full, please click here

Phishing

Phishing Malware

BrandPost: Why the phishing blame game misses the point

CSO Magazine

MARCH 22, 2023

Phishing is a big problem that’s getting even bigger as cybercriminals find new ways to hook employees. When they do, and that phishing attack leads to a damaging data breach, who’s at fault? The phishing ‘click this, not that’ contradiction To read this article in full, please click here

Phishing

Phishing Data breaches Mobile Marketing

Top cybercrime gangs use targeted fake job offers to deploy stealthy backdoor

CSO Magazine

APRIL 6, 2021

Check out these 11 phishing prevention tips for best technology practices, employee education and social media smarts. | Get the latest from CSO by signing up for our newsletters. ] To read this article in full, please click here

Cybercrime

Cybercrime CSO Education Media

BrandPost: Why You Need a New Approach to Contain Phishing Attacks

CSO Magazine

JULY 1, 2021

Despite advancements in anti-phishing techniques and employee training, phishing attacks are increasingly popular. After all, employees need to click on links to do their jobs, and social engineering makes phishing links difficult to identify. That’s because they work so well.

Phishing

Phishing Social Engineering Engineering

Credential stuffing explained: How to prevent, detect, and defend against it

CSO Magazine

MAY 27, 2021

These credentials fuel the underground economy and are used for everything from spam to phishing and account takeovers. Get the latest from CSO by signing up for our newsletters. ] Credential stuffing attacks are one of the most common ways cybercriminals abuse stolen usernames and passwords.

CSO

CSO Passwords Data breaches Accountability

Securing your organization against phishing can cost up to $85 per email

CSO Magazine

OCTOBER 20, 2022

As phishing attacks increase, preventing them from doing damage is proving costly for organizations. Phishing-related activities are consuming a third of the total time available to IT and security teams and costing organizations anywhere between $2.84 per phishing email, according to a new report by Osterman Research.

Phishing

Microsoft Office 365 AitM phishing reveals signs of much larger BEC campaign

CSO Magazine

JUNE 14, 2023

Researchers investigating an Office 365 account compromise resulting from an adversary-in-the-middle (AitM) phishing attack found evidence of a much larger global attack campaign that spans the past year and is possibly tied to an infostealer malware called FormBook. "In

Phishing

Phishing Accountability Malware Cybersecurity

Luna Moth callback phishing campaign leverages extortion without malware

CSO Magazine

NOVEMBER 21, 2022

Palo Alto’s Unit 42 has investigated several incidents linked to the Luna Moth group callback phishing extortion campaign targeting businesses in multiple sectors, including legal and retail. Luna Moth removes malware portion of phishing callback attack. This malware element is synonymous with traditional callback phishing attacks.

Phishing

Phishing Malware Social Engineering Retail

ZeroFox partners with Google Cloud to warn users against phishing domains

CSO Magazine

APRIL 11, 2023

Cybersecurity provider ZeroFox has announced a partnered capability with Google Cloud to warn users of malicious URLs and fake websites in a bid to disrupt phishing campaigns.

Phishing

Phishing Risk Cybersecurity

How to choose an endpoint protection suite

CSO Magazine

SEPTEMBER 28, 2021

Studies show that CSO readers are most likely to know that endpoint protection is the modern iteration of the antivirus tools of previous generations. Threat vectors for end-user devices include browser-based attacks, phishing attempts, malicious software, or spyware.

Antivirus

Antivirus CSO Spyware Phishing

Who is your biggest insider threat?

CSO Magazine

APRIL 13, 2022

In his career, he has seen people pick up and use dropped thumb drives, give up passwords over the phone and, yes, even click on simulated phishing links. Sign up for CSO newsletters. ]. He has also seen the real-world consequences of such actions.

Penetration Testing

Penetration Testing CSO Phishing Passwords

Cybersecurity startup launches mobile app to protect against phishing attacks

CSO Magazine

SEPTEMBER 14, 2022

Cybersecurity startup novoShield has launched an enterprise-grade mobile security application , designed to protect users from mobile phishing threats. Released this week for iPhones via the US and Israeli Apple app stores, novoShield’s namesake app detects malicious websites in real time and blocks users from accessing them.

Mobile

Mobile Phishing Cybersecurity Software

How to prepare for an effective phishing attack simulation

CSO Magazine

JANUARY 20, 2021

Rather than attack us through our operating systems, attackers have targeted remote control tools, our consultants, and most importantly our users via phishing attacks. As a result, attackers have pivoted to different methods. To read this article in full, please click here (Insider Story)

Phishing

Akamai debuts Brand Protector service to combat phishing, online forgery

CSO Magazine

APRIL 24, 2023

Akamai is rolling out a new service designed to provide automated detection, investigation and even takedown services for businesses looking to protect their online reputations from digital criminals and phishing campaigns.

Phishing

DNS data indicates increased malicious domain activity, phishing toolkit reuse

CSO Magazine

AUGUST 25, 2022

This represented a 3% increase compared to Q1 2022, the firm stated, with phishing toolkits playing a key role in malicious domain-related activity. Increased malware, phishing, C2 domain activity detected in Q2 2022. of devices accessed phishing domains with 0.8% of devices accessed phishing domains with 0.8%

DNS

DNS Phishing Malware Ransomware

Office 365 phishing campaign that can bypass MFA targets 10,000 organizations

CSO Magazine

JULY 12, 2022

Security researchers from Microsoft have uncovered a large-scale phishing campaign that uses HTTPS proxying techniques to hijack Office 365 accounts. The attack is capable of bypassing multi-factor authentication (MFA) and has targeted over 10,000 organizations since September 2021.

Phishing

Phishing Accountability Authentication Internet

Iranian cyberspies use multi-persona impersonation in phishing threads

CSO Magazine

SEPTEMBER 14, 2022

One of the most prolific state-sponsored Iranian cyber espionage groups is targeting researchers from different fields by setting up sophisticated spear-phishing lures in which they use multiple fake personas inside the same email thread for increased credibility.

Phishing

Phishing Social Engineering Engineering

Real Big Phish: Mobile Phishing & Managing User Fallibility

Most interesting products to see at RSA Conference 2023

Webinars

Trending Sources

9 tips to prevent phishing

Webinars

10 top anti-phishing tools and services

7 guidelines for identifying and mitigating AI-enabled phishing campaigns

What are phishing kits? Web components of phishing attacks explained

What is phishing? Examples, types, and techniques

Phishing remained the top identity abuser in 2022: IDSA report

4 steps to protect the C-suite from business email compromise attacks

How attackers could exploit breached T-Mobile user data

PIXM releases new computer vision solution for mobile phishing

New phishing technique poses as a browser-based file archiver

6 reasons why your anti-phishing strategy isn’t working

Previously undocumented backdoor targets Microsoft’s Equation Editor

Top cybersecurity statistics, trends, and facts

8 top multifactor authentication products and how to choose an MFA solution

Study shows attackers can use ChatGPT to significantly enhance phishing and BEC scams

Iranian hacking group targets Israel with improved phishing attacks

What is spear phishing? Examples, tactics, and techniques

Attackers use stolen banking data as phishing lure to deploy BitRAT

Guardz releases AI-powered phishing protection solution for SMEs, MSPs

New hyperactive phishing campaign uses SuperMailer templates: Report

Phishing attacks increase by over 31% in third quarter: Report

BrandPost: New Dirty Tricks and the Latest Insights on Phishing

Microsoft takes top spot as most impersonated brand in phishing

BrandPost: New and evolving phishing attacks using AI platforms like ChatGPT are causing major issues

5 best practices for conducting ethical and effective phishing tests

Facebook and Microsoft are the most impersonated brands in phishing

BrandPost: Why the phishing blame game misses the point

Top cybercrime gangs use targeted fake job offers to deploy stealthy backdoor

BrandPost: Why You Need a New Approach to Contain Phishing Attacks

Credential stuffing explained: How to prevent, detect, and defend against it

Securing your organization against phishing can cost up to $85 per email

Microsoft Office 365 AitM phishing reveals signs of much larger BEC campaign

Luna Moth callback phishing campaign leverages extortion without malware

ZeroFox partners with Google Cloud to warn users against phishing domains

How to choose an endpoint protection suite

Who is your biggest insider threat?

Cybersecurity startup launches mobile app to protect against phishing attacks

How to prepare for an effective phishing attack simulation

Akamai debuts Brand Protector service to combat phishing, online forgery

DNS data indicates increased malicious domain activity, phishing toolkit reuse

Office 365 phishing campaign that can bypass MFA targets 10,000 organizations

Iranian cyberspies use multi-persona impersonation in phishing threads

Stay Connected