More than 1-in-10 Ransomware Attacks Involve Threat of Releasing Consumer or Client Data

Turning ransomware attacks into data breaches if the ransom isn’t paid, what’s being called exfiltration+encryption attacks, can be damaging on multiple levels. In the first half of this year 11 percent of ransomware attacks have adopted this tactic.

ID Ransomware, a website and free tool that allows ransomware victims to upload a ransom note or sample encrypted file to identify the ransomware used against them, had over 100,000 submissions between January 1 and June 30, 2020.

Read More

Nearly Nine-in-Ten Organizations Experienced Spear Phishing Attacks While Over Half Fell Victim in 2019

According to a survey of over 600 IT security professionals across seven countries, 88 percent of organizations saw spear phishing attacks, 55 percent fell victim to at least one phishing attack, 86 percent experienced business email compromise attacks and nearly two-thirds experienced a ransomware attack.

The burgeoning issue and financial fallout from spear phishing is evidenced by the sheer number of organizations that experience and fall victim to such attacks. In their 6th annual State of the Phish report, cybersecurity firm ProofPoint surveyed IT security professionals across the US, UK, Germany, France, Spain, Japan and Australia. This survey along with surveys of over 3,500 adults across the same seven countries plus the results of over 50 million simulated phishing emails provided eye-opening results in this multifaceted study. Here’s a quick overview of some of these survey results highlighted in ProofPoint’s State of the Phish 2020 report:

Read More

About Social Engineering: A Case Study and How it Relates to Spear Phishing

This guest blog post from a Certified eCommerce Fraud Professional discusses a case study involving a social engineering attack against an airline, as well as discusses methods for deception and intrusion with spear phishing attacks related to social engineering and fraudsters ultimately attempting to reverse engineer an organization’s risk management policies and practices.

Read More

Fraudsters Used Spear Phishing Tactics to Initiate Attacks Against New York Times and Other Websites

In a high profile attack led by the Syrian Electronic Army against the New York Times and other websites, users accessing the affected sites were redirected to servers under the attackers’ control. Users were redirected to pages hosting malicious content, and this was all made possible following spear phishing attacks against an Australian web domain registrar’s reseller partner when an employee’s credentials were compromised.

Read More

Spammers Scrape Facebook Friends for Targeted Phishing Attacks

Facebook recently announced that they uncovered an incident where fraudsters used compromised email addresses to scrape lists of Facebook friends due to a misconfiguration on their site. The fraudsters would then target phishing emails to the owners of the email addresses purporting to be from a Facebook friend.

Read More