Beyond the Top 5 Industries Most Impacted by Social Engineering
In this year’s annual Phishing Trends and Intelligence report we identified phishing sites targeting more than 1,200 different brands belonging to 773 parent institutions. Of the top five targeted industries, they accounted for 83.9% of total phishing volume. There are two big takeaways from this finding: financial institutions are back ... Read More
Phishing Volume Continues to Rise
Back in the olden days of the internet, when AOL’s dial-up connection still made horrible sounds prior to getting you access to your inbox, phishing attacks were born. Somewhere in the mid-1990s, internet-based social engineering attacks were born and designed to capture credentials on AOL by way of a program ... Read More
The Most Common Types of Reported Emails
There are all sorts of things that end up in your inbox, but among those that are reported to a SOC or security team, malicious content only makes up a small percent. Among the analysis provided in this year’s annual Phishing Trends and Intelligence (PTI) report, we added a new ... Read More
2019 Phishing Trends & Intelligence Report: The Growing Social Engineering Threat
Phishing has and will continue to be a threat to anyone connected to the web. This is a fact set in stone, and regardless of advancements in technology, social engineering will allow these attacks to continue to be successful ... Read More
5 Tips for Smarter Detection and Collection of Digital Risks
Last month, our Director of Product Management, Cary Hudgins, discussed how to develop a digital risk protection plan for the modern enterprise. One of the many reasons why such a plan should be created is because, in today’s world, an enterprise organization’s digital footprint can be vast and will continue ... Read More
Romanian Vishing/SMiShing Threat Actors Plead Guilty
In May of 2018, we reported on three Romanian threat actors who were extradited to the U.S. for their involvement in a SMiShing and Vishing fraud scheme. At the time of reporting, the expected losses were listed around $18 million but have since risen to more than $21 million ... Read More
Less Than 3 Percent of ‘Collection #1’ Data Dump Passwords are Unique
This month the largest recorded data dump in history, 87GB filled with passwords and user credentials, was made available. Dubbed Collection #1 consists of 1,160,253,228 unique combinations of email addresses and passwords. Though historic, there are two positive notes regarding this information: The first is that this data set was ... Read More
Social Risk Monitoring: All Press Good Press?
It happens on a daily basis, it’s even likely that at some point it happened to you: social media account takeovers. A quick Google search shows a new batch of celebrities, politicians, companies, and other high profile users becoming the victim of account takeovers on a weekly basis ... Read More
49 Percent of Phishing Sites Now Use HTTPS
Since 2015 there has been a steady increase in threat actors’ use of SSL certificates to add an air of legitimacy to malicious websites. By the end of 2017 almost a third of phishing sites had SSL certificates, meaning their URLs began with HTTPS:// and (most) browsers displayed the all-important ... Read More
Users Failing Phishing Simulations? That’s ok
Phishing simulations come with a range of emotions for the users who interact with them. Some will simply ignore them, others may fail by clicking on a link or attachment, and for the well-trained, they may even report them. Even if there is a negative outcome, training leads and organizations ... Read More
