- Which company departments are most susceptible to phishing attacks? A Verizon report says legal and HR departments are the worst offenders; in response, lawyers wrote about how education can help prevent this common form of social engineering.
- Get a request to edit a Google Doc recently? An architect at Elastica found attackers using malicious web sites hosted on Google Drive to trick users.
- The National Counterintelligence and Security Center (NCSC) is launching “awareness campaigns” about phishing, with director Bill Evania mentioning that the majority of large breaches in the public and private sector start with spear phishing.
- SMX, a large provider of cloud email services, told its New Zealand customers to be wary of increasing numbers of incidents involving spear phishing and whaling attacks. Whaling attacks are like spear phishing, in that they’re highly-targeted phishing attacks but they’re focused on corporate upper management.
- Cyren released its 2015 Q2 Cyber Threats Report and found a 38% overall quarterly increase in phishing attacks. It also found that attackers are increasingly focused on extracting corporate data from businesses instead of consumers.
- A Proofpoint Threat Report found that during the first half of 2015, attackers have been using more malicious attachments compared to 2014, when they were more focused on sending malicious URLs in emails.
- A list of 385 million emails revealed that UK firms are being targeted by a Dridex banking Trojan allegedly originating from Russian-based cyber-gangs. Phishing emails are being used to lure people to download malicious attachments that infect computers.
- Research from Norton revealed that millennials are not great at protecting themselves online. The study showed that 26% had been affected by a phishing scam. Additionally, almost 3 in 10 millennials share “everything that happens in their day-to-day life” online.
- ‘Operation Pawn Storm’ is a phishing attack spoofing the Electronic Frontier Foundation’s (EFF) website. The EFF has a full write-up for those wanting to learn more.
Subscribe to the Proofpoint Blog