CSO and Phishing - Cyber Security Informer

Real Big Phish: Mobile Phishing & Managing User Fallibility

Threatpost

JANUARY 14, 2022

Phishing is more successful than ever. Daniel Spicer, CSO of Ivanti, discusses emerging trends in phishing, and using zero-trust security to patch the human vulnerabilities underpinning the spike.

Phishing

Phishing CSO Mobile InfoSec

9 tips to prevent phishing

CSO Magazine

JULY 25, 2022

Phishing , in which an attacker sends a deceptive email tricks the recipient into giving up information or downloading a file, is a decades-old practice that still is responsible for innumerable IT headaches. The fight against phishing is a frustrating one, and it falls squarely onto IT's shoulders.

Phishing

Phishing Passwords Malware

10 top anti-phishing tools and services

CSO Magazine

APRIL 28, 2022

Phishing continues to be one of the primary attack mechanisms for bad actors with a variety of endgames in mind, in large part because phishing attacks are trivial to launch and difficult to fully protect against. Why phishing is successful. Most phishing attacks are less about the technology and more about social engineering.

Phishing

Phishing Social Engineering Engineering Technology

What are phishing kits? Web components of phishing attacks explained

CSO Magazine

APRIL 1, 2021

Editor's note: This article, originally published on August 7, 2018, has been updated to include new information on phishing kit features. Phishing is a social attack, directly related to social engineering. Commonly centered around email, criminals use phishing to obtain access or information.

Phishing

Phishing Social Engineering Engineering

How attackers could exploit breached T-Mobile user data

CSO Magazine

AUGUST 23, 2021

These include SMS/text-based phishing, SIM swapping and unauthorized number porting. Related: The T-Mobile data breach: A timeline | Get the latest from CSO by signing up for our newsletters. ] To read this article in full, please click here

Mobile

Mobile CSO Data breaches Phishing

Previously undocumented backdoor targets Microsoft’s Equation Editor

CSO Magazine

APRIL 30, 2021

Sign up for CSO newsletters. ]. Spear-phishing attack targets Russian defense contractor. In this instance, the target of the spear-phishing attack was a general director working at the Rubin Design Bureau, a Russia-based defense contractor that designs nuclear submarines for the Russian Federation’s Navy.

CSO

CSO Phishing Cybersecurity

Top cybersecurity statistics, trends, and facts

CSO Magazine

OCTOBER 7, 2021

This historic increase in cybercrime resulted in everything from financial fraud involving CARES Act stimulus funds and Paycheck Protection Program (PPP) loans to a spike in phishing schemes and bot traffic. Get the latest from CSO by signing up for our newsletters. ] Learn the The 5 types of cyberattack you're most likely to face. |

CSO

CSO Cybersecurity Cybercrime Phishing

4 steps to protect the C-suite from business email compromise attacks

CSO Magazine

OCTOBER 4, 2021

Learn 8 types of phishing attacks and how to identify them and how BEC attacks take phishing to the next level. Sign up for CSO newsletters. ].

CSO

CSO Phishing Accountability

7 guidelines for identifying and mitigating AI-enabled phishing campaigns

CSO Magazine

MARCH 20, 2023

The natural language generation capabilities of large language models (LLMs) are a natural fit for one of cybercrime’s most important attack vectors: phishing. Phishing relies on fooling people and the ability to generate effective language and other content at scale is a major tool in the hacker’s kit.

Phishing

5 best practices for conducting ethical and effective phishing tests

CSO Magazine

MAY 26, 2021

Phishing simulations—or phishing tests—have become a popular feature of cybersecurity training programs in organizations of all sizes.

Phishing

Phishing Authentication Cybersecurity

8 top multifactor authentication products and how to choose an MFA solution

CSO Magazine

OCTOBER 19, 2021

Whether it’s advanced phishing techniques, credential stuffing, or even credentials compromised through social engineering or breaches of a third-party service, credentials are easily the most vulnerable point in defending corporate systems. Get the latest from CSO by signing up for our newsletters. ]

Authentication

Authentication CSO Social Engineering Engineering

What is phishing? Examples, types, and techniques

CSO Magazine

APRIL 12, 2022

Phishing definition. Phishing is a type of cyberattack that uses disguised email as a weapon. Phish" is pronounced just like it's spelled, which is to say like the word "fish"—the analogy is of an angler throwing a baited hook out there (the phishing email) and hoping you bite.

Phishing

Phishing Social Engineering Banking Engineering

Top cybercrime gangs use targeted fake job offers to deploy stealthy backdoor

CSO Magazine

APRIL 6, 2021

Check out these 11 phishing prevention tips for best technology practices, employee education and social media smarts. | Get the latest from CSO by signing up for our newsletters. ] To read this article in full, please click here

Cybercrime

Cybercrime CSO Education Media

Most interesting products to see at RSA Conference 2023

CSO Magazine

APRIL 21, 2023

That’s a lot of ground to cover, so CSO has sifted through the upcoming announcements and gathered the products and services that caught our eye here. More announcements will be made throughout the event, and CSO will update this article as their embargoes break. We’ve organized the listings by day of announcement.

CSO

CSO Phishing Software

PIXM releases new computer vision solution for mobile phishing

CSO Magazine

MAY 25, 2022

Computer vision cybersecurity startup PIXM has expanded its line of antiphishing products with the launch of PIXM Mobile, a solution to protect individuals and enterprises from targeted and unknown phishing attacks on mobile devices. To read this article in full, please click here

Mobile

Mobile Phishing Media Technology

Credential stuffing explained: How to prevent, detect, and defend against it

CSO Magazine

MAY 27, 2021

These credentials fuel the underground economy and are used for everything from spam to phishing and account takeovers. Get the latest from CSO by signing up for our newsletters. ] Credential stuffing attacks are one of the most common ways cybercriminals abuse stolen usernames and passwords.

CSO

CSO Passwords Data breaches Accountability

6 reasons why your anti-phishing strategy isn’t working

CSO Magazine

MARCH 13, 2023

Phishing attempts are typically like fishing in a barrel — given enough time, a bad actor is 100% likely to reel in a victim. Once they recognize organizations as habitually vulnerable, they will continue to target them and the barrel-fishing cycle goes on and on.

Phishing

Phishing attacks increase by over 31% in third quarter: Report

CSO Magazine

OCTOBER 28, 2022

Email security and threat detection company Vade has found that phishing emails in the third quarter this year increased by more than 31% quarter on quarter, with the number of emails containing malware in the first three quarters surpassing the 2021 level by 55.8

Phishing

Phishing Threat Detection Malware

Study shows attackers can use ChatGPT to significantly enhance phishing and BEC scams

CSO Magazine

JANUARY 11, 2023

Security researchers have used the GPT-3 natural language generation model and the ChatGPT chatbot based on it to show how such deep learning models can be used to make social engineering attacks such as phishing or business email compromise scams harder to detect and easier to pull off.

Scams

Scams Phishing Social Engineering Engineering

BrandPost: Why You Need a New Approach to Contain Phishing Attacks

CSO Magazine

JULY 1, 2021

Despite advancements in anti-phishing techniques and employee training, phishing attacks are increasingly popular. After all, employees need to click on links to do their jobs, and social engineering makes phishing links difficult to identify. That’s because they work so well.

Phishing

Phishing Social Engineering Engineering

BrandPost: New Dirty Tricks and the Latest Insights on Phishing

CSO Magazine

DECEMBER 8, 2021

When it comes to cybersecurity, phishing is one of the oldest tricks in the book. Phishing has evolved,” says Chester Wisniewski, principal research scientist at Sophos. These days phishing emails often lead to ransomware, crypto jacking, or data theft. But it is still incredibly hard to defend against. The reason?

Phishing

Phishing Ransomware Cybersecurity

How to choose an endpoint protection suite

CSO Magazine

SEPTEMBER 28, 2021

Studies show that CSO readers are most likely to know that endpoint protection is the modern iteration of the antivirus tools of previous generations. Threat vectors for end-user devices include browser-based attacks, phishing attempts, malicious software, or spyware.

Antivirus

Antivirus CSO Spyware Phishing

Attackers use stolen banking data as phishing lure to deploy BitRAT

CSO Magazine

JANUARY 4, 2023

In a case that highlights how attackers can leverage information from data breaches to enhance their attacks, a group of attackers is using customer information stolen from a Colombian bank in phishing attacks with malicious documents, researchers report. Stolen data used to add credibility to future attacks.

Banking

Banking Phishing Data breaches Marketing

What is spear phishing? Examples, tactics, and techniques

CSO Magazine

APRIL 7, 2022

Spear phishing definition. Spear phishing is a targeted email attack purporting to be from a trusted sender. In spear phishing attacks, attackers often use information gleaned from research to put the recipient at ease. To read this article in full, please click here

Phishing

Phishing Social Engineering Engineering Malware

How to prepare for an effective phishing attack simulation

CSO Magazine

JANUARY 20, 2021

Rather than attack us through our operating systems, attackers have targeted remote control tools, our consultants, and most importantly our users via phishing attacks. As a result, attackers have pivoted to different methods. To read this article in full, please click here (Insider Story)

Phishing

Facebook and Microsoft are the most impersonated brands in phishing

CSO Magazine

MARCH 4, 2022

Facebook jumped to the top spot in the 20 most impersonated brands by phishers in 2021, representing 14% of phishing pages, according to Vade's annual Phishers' Favorites report. To read this article in full, please click here

Phishing

Phishing Malware

A week in security (Nov 1 – Nov 7)

Malwarebytes

NOVEMBER 8, 2021

Google patches zero-day vulnerability , and others, in Android Zuckerberg’s Metaverse , and the possible privacy and security concerns This Steam phish baits you with a free Discord Nitro BlackMatter ransomware group announces shutdown. New “Frankenstein” phishing kits are becoming increasingly popular.

CSO

CSO Phishing Scams Ransomware

4 steps to prevent spear phishing

CSO Magazine

JUNE 16, 2021

It seems like not a day goes by without another ransomware attack making headlines. And where do many of these attacks start? In your users' email inboxes. To read this article in full, please click here (Insider Story)

Phishing

Phishing Ransomware

Iranian hacking group targets Israel with improved phishing attacks

CSO Magazine

APRIL 26, 2023

Iranian state-sponsored threat actor, Educated Manticore, has been observed deploying an updated version of Windows backdoor PowerLess to target Israel for phishing attacks, according to a new report by Check Point. To read this article in full, please click here

Phishing

Phishing Education Hacking

New phishing technique poses as a browser-based file archiver

CSO Magazine

MAY 29, 2023

A new phishing technique can leverage the “file archiver in browser” exploit to emulate an archiving software in the web browser when a victim visits a.zip domain, according to a security researcher identifying as mr.d0x. Performing this attack first requires you to emulate a file archive software using HTML/CSS,” said mr.d0x in a blog post.

Phishing

Phishing Software

Phishing remained the top identity abuser in 2022: IDSA report

CSO Magazine

MAY 31, 2023

Phishing was the most common type of identity-related incident in 2022, according to a study by Identity Defined Security Alliance (IDSA), a non-profit, identity and security intelligence firm.

Phishing

Phishing Security Intelligence

Microsoft takes top spot as most impersonated brand in phishing

CSO Magazine

JULY 28, 2022

Microsoft toppled Facebook for the top spot in the 25 most impersonated brands by phishers in the first half of 2022, with a total of 11,041 unique phishing URLs, according to Vade's latest Phishers' Favorites report. To read this article in full, please click here

Phishing

Phishing Malware

GUEST ESSAY: Leveraging ‘zero trust’ and ‘remote access’ strategies to mitigate ransomware risks

The Last Watchdog

MAY 5, 2022

Fun fact: 80% of these breaches occur at the endpoint , often via phishing or social engineering. About the essayist: Den Jones, CSO at Banyan Security , which supplies s imple, least-privilege, multi-cloud application access technologies. So as investments go, checking device posture as part of your zero trust program is a huge win.

Ransomware

Ransomware Risk Internet Internet

Who is your biggest insider threat?

CSO Magazine

APRIL 13, 2022

In his career, he has seen people pick up and use dropped thumb drives, give up passwords over the phone and, yes, even click on simulated phishing links. Sign up for CSO newsletters. ]. He has also seen the real-world consequences of such actions.

Penetration Testing

Penetration Testing CSO Phishing Passwords

LW ROUNDTABLE: CrowdStrike outage reveals long road ahead to achieve digital resiliency

The Last Watchdog

JULY 25, 2024

Starting now and for at least the next month, all organizations should be in a heightened state of vigilance for phishing emails purporting to be from, or affiliated with, CrowdStrike. Dimitri Chichlo , CSO, BforeAI Chichlo Our networks remain fragile because of interdependence and the assumption that technology always works.

Technology

Technology Ransomware Software Cyber Attacks

Australian electric grid vulnerable to Cyber Attacks via Solar Panels

CyberSecurity Insiders

MARCH 14, 2022

And unless these devices are secure enough, their usage can invite more troubles,” said Alistair MacGibbon, the CSO of CyberCX. Rachael Falk, the Chief Executive of Cyber Security Cooperative Research Center, issued an alert about phishing emails to companies operating in the power generation and distribution sector.

Cyber Attacks

Cyber Attacks CSO Manufacturing Cyber threats

Cybersecurity startup launches mobile app to protect against phishing attacks

CSO Magazine

SEPTEMBER 14, 2022

Cybersecurity startup novoShield has launched an enterprise-grade mobile security application , designed to protect users from mobile phishing threats. Released this week for iPhones via the US and Israeli Apple app stores, novoShield’s namesake app detects malicious websites in real time and blocks users from accessing them.

Mobile

Mobile Phishing Cybersecurity Software

New hyperactive phishing campaign uses SuperMailer templates: Report

CSO Magazine

MAY 24, 2023

Emails containing the unique SuperMailer string barely registered in January and February, but in the first half of May they accounted for over 5% of credential phishing emails.” To read this article in full, please click here

Phishing

Phishing Cyber threats Network Security Accountability

Office 365 phishing campaign that can bypass MFA targets 10,000 organizations

CSO Magazine

JULY 12, 2022

Security researchers from Microsoft have uncovered a large-scale phishing campaign that uses HTTPS proxying techniques to hijack Office 365 accounts. The attack is capable of bypassing multi-factor authentication (MFA) and has targeted over 10,000 organizations since September 2021.

Phishing

Phishing Accountability Authentication Internet

Microsoft Office 365 AitM phishing reveals signs of much larger BEC campaign

CSO Magazine

JUNE 14, 2023

Researchers investigating an Office 365 account compromise resulting from an adversary-in-the-middle (AitM) phishing attack found evidence of a much larger global attack campaign that spans the past year and is possibly tied to an infostealer malware called FormBook. "In

Phishing

Phishing Accountability Malware Cybersecurity

BrandPost: New and evolving phishing attacks using AI platforms like ChatGPT are causing major issues

CSO Magazine

APRIL 25, 2023

Phishing attacks are one of the most significant threats that organizations face today. As businesses increasingly rely on digital communication channels, cybercriminals exploit email, SMS, and voice communication vulnerabilities to launch sophisticated phishing attacks.

Phishing

Phishing Retail Education Risk

BrandPost: It’s Time to Take a Fresh Approach to Combat Phishing

CSO Magazine

APRIL 1, 2021

Phishing has been around for 20 years, and it will continue as long as there is money to be made. To date, combatting it involves upgrading antivirus and endpoint detection and response (EDR) software, while educating users not to click on “suspicious” attachments or links. We’ve been failing miserably.

Phishing

Phishing Antivirus Education Software

Securing your organization against phishing can cost up to $85 per email

CSO Magazine

OCTOBER 20, 2022

As phishing attacks increase, preventing them from doing damage is proving costly for organizations. Phishing-related activities are consuming a third of the total time available to IT and security teams and costing organizations anywhere between $2.84 per phishing email, according to a new report by Osterman Research.

Phishing

Business email compromise (BEC) attacks take phishing to the next level

CSO Magazine

JULY 15, 2021

Business email compromise definition To read this article in full, please click here (Insider Story)

Phishing

Real Big Phish: Mobile Phishing & Managing User Fallibility

9 tips to prevent phishing

Trending Sources

10 top anti-phishing tools and services

What are phishing kits? Web components of phishing attacks explained

How attackers could exploit breached T-Mobile user data

Previously undocumented backdoor targets Microsoft’s Equation Editor

Top cybersecurity statistics, trends, and facts

4 steps to protect the C-suite from business email compromise attacks

7 guidelines for identifying and mitigating AI-enabled phishing campaigns

5 best practices for conducting ethical and effective phishing tests

8 top multifactor authentication products and how to choose an MFA solution

What is phishing? Examples, types, and techniques

Top cybercrime gangs use targeted fake job offers to deploy stealthy backdoor

Most interesting products to see at RSA Conference 2023

PIXM releases new computer vision solution for mobile phishing

Credential stuffing explained: How to prevent, detect, and defend against it

6 reasons why your anti-phishing strategy isn’t working

Phishing attacks increase by over 31% in third quarter: Report

Study shows attackers can use ChatGPT to significantly enhance phishing and BEC scams

BrandPost: Why You Need a New Approach to Contain Phishing Attacks

BrandPost: New Dirty Tricks and the Latest Insights on Phishing

How to choose an endpoint protection suite

Attackers use stolen banking data as phishing lure to deploy BitRAT

What is spear phishing? Examples, tactics, and techniques

How to prepare for an effective phishing attack simulation

Facebook and Microsoft are the most impersonated brands in phishing

A week in security (Nov 1 – Nov 7)

4 steps to prevent spear phishing

Iranian hacking group targets Israel with improved phishing attacks

New phishing technique poses as a browser-based file archiver

Phishing remained the top identity abuser in 2022: IDSA report

Microsoft takes top spot as most impersonated brand in phishing

GUEST ESSAY: Leveraging ‘zero trust’ and ‘remote access’ strategies to mitigate ransomware risks

Who is your biggest insider threat?

LW ROUNDTABLE: CrowdStrike outage reveals long road ahead to achieve digital resiliency

Australian electric grid vulnerable to Cyber Attacks via Solar Panels

Cybersecurity startup launches mobile app to protect against phishing attacks

New hyperactive phishing campaign uses SuperMailer templates: Report

Office 365 phishing campaign that can bypass MFA targets 10,000 organizations

Microsoft Office 365 AitM phishing reveals signs of much larger BEC campaign

BrandPost: New and evolving phishing attacks using AI platforms like ChatGPT are causing major issues

BrandPost: It’s Time to Take a Fresh Approach to Combat Phishing

Securing your organization against phishing can cost up to $85 per email

Business email compromise (BEC) attacks take phishing to the next level

Stay Connected