Nearly Nine-in-Ten Organizations Experienced Spear Phishing Attacks While Over Half Fell Victim in 2019

According to a survey of over 600 IT security professionals across seven countries, 88 percent of organizations saw spear phishing attacks, 55 percent fell victim to at least one phishing attack, 86 percent experienced business email compromise attacks and nearly two-thirds experienced a ransomware attack.

The burgeoning issue and financial fallout from spear phishing is evidenced by the sheer number of organizations that experience and fall victim to such attacks. In their 6th annual State of the Phish report, cybersecurity firm ProofPoint surveyed IT security professionals across the US, UK, Germany, France, Spain, Japan and Australia. This survey along with surveys of over 3,500 adults across the same seven countries plus the results of over 50 million simulated phishing emails provided eye-opening results in this multifaceted study. Here’s a quick overview of some of these survey results highlighted in ProofPoint’s State of the Phish 2020 report:

Read More

Germany Issues First GDPR Fine Following Data Breach at Social Media Company

Nearly 2 million username and password combinations along with 330,000 email and password combinations were exposed in a data breach impacting German social media platform Knuddels.de. The company received a €20,000 fine related to the EU’s General Data Protection Regulation (GDPR) because the passwords exposed were stored in plain text.

Read More

About Social Engineering: A Case Study and How it Relates to Spear Phishing

This guest blog post from a Certified eCommerce Fraud Professional discusses a case study involving a social engineering attack against an airline, as well as discusses methods for deception and intrusion with spear phishing attacks related to social engineering and fraudsters ultimately attempting to reverse engineer an organization’s risk management policies and practices.

Read More

Over 700 Million Compromised Email and Password Combinations Used to Send Spam

Lists of email addresses with password and other information used to send phishing emails and spam were hosted on an open server and available to copy or download.  More than one-fourth of the email and password combinations were identified from previous data breaches and this collection of 711 million email address account credentials shows the scale of data breaches and consumers who are ripe for account takeover.

Having access to active or legitimate consumer email accounts for sending spam is a major asset in the fraudster world and black market. Email providers and third-party email security vendors constantly update blacklists of bad servers known for sending spam. Using real email accounts circumvents many of these filters.

Read More