The Latest in Phishing: First of 2016

We bring you the latest in phishing stats and attacks from the wild.

Phishing Statistics and News:

• Phishing attacks have been surging in 2015, according to the Anti-Phishing Working Group (APWG). Check out their latest report to see all of the recent trends appearing in the wild.
• How many employees will click a phishing email? JPMorgan was able to dupe 20% of its staff into clicking the fake phishing email. Looking to send a fake phishing email to gauge susceptibility? Look no further.
• According to Kaspersky Lab, phishing remains a major threat in Russia and the EU as the number of attacks has increased in the region, up 18% to 36.3 million attacks in Q3 2015 compared with the same time period last year.
• Work in finance or accounting? The number of ‘whaling’ attacks, a specific kind of phishing attack where hackers use spoofed or similar-looking domain names to send targeted attacks, are on the rise according to Mimecast.
• Security researchers were able to breach a server belonging to Iranian hackers with the code name ‘Rocket Kitten.’ Read more about what the researchers learned from breaching this group’s servers.
• SSL certificates ensure data on a website is being submitted in a secure manner, but they do not guarantee the site itself is safe. Because of this, hackers are taking advantage of buying cheap SSL certificates and using them on phishing websites to appear legitimate.
• How much does phishing cost an average 10,000-person company? Almost $4 million USD annually, according to research from the Ponemon Institute, which also looked at how effective security awareness and training for employees can cut that risk dramatically.

Increase your security response team's efficiency with PhishAlarm Analyzer

Phishing Attacks:

• A successful phishing campaign at Middlesex Hospital affected the personal information of approximately 950 patients. The hospital responded by offering free credit monitoring for a year, but said the information did not include direct access to full medical records or Social Security Number.
• Tax season in the United Kingdom is in full-swing, and with it, millions of people are being targeted with phishing emails that claim to be from the HRMC. Tax season is also ramping up in the United States, and scammers are delivering fake IRS emails with a nasty malware payload.
• A Moldovan man ran a phishing scheme that resulted in a loss of $3.5 million for a western Pennsylvania drilling firm. A school district was almost tricked by the same scam into wiring almost a million dollars.
• Time Warner customer? The company said that up to 320,000 customers may have had their passwords compromised by a targeted phishing attack, and urged these customers to reset the passwords on their accounts.
• A Facebook page named ‘Facebook Security’ that warns “Your page will be disabled” is making the rounds which redirects you to a phishing site designed to steal your login information.
• On December 23 in Ukraine approximately 700,000 lost power when an electricity provider was compromised by a phishing attack. Hackers used the phishing attack to insert malicious software into the systems that shut power down and prevented the systems from rebooting.
• Get a ‘WhatsApp’ notification claiming you missed a voice notification? Hackers have been using multiple subject lines in an extensive phishing attack on users worldwide. The email contains a malware executable in a zip attachment.