Researchers at McAfee warn that attackers are increasingly utilizing PDF attachments in email phishing campaigns. “Over the last four months, McAfee Labs has observed a rising trend in the utilization of PDF documents for conducting a succession of phishing campaigns,” the researchers write. “These PDFs were delivered as email attachments. Attackers favor using PDFs for phishing due to the file format’s widespread trustworthiness.".

On July 26, the U.S. Security & Exchange Commission (SEC) announced several new cybersecurity rules, taking affect mid-December 2023, that will significantly impact all U.S. organizations (and foreign entities doing business in the U.S.) that must follow SEC regulations. Although the announcement did not generate a ton of fanfare off the normal business and cybersecurity sites, the rules will greatly increase resource requirements and actions.

New data shows how the overwhelming majority of phishing attacks on financial institutions dwarf every other industry sector by as much as a factor of 30-to-1. It’s no secret that banks and other types of financial institutions hold all the money, so it should be no surprise that's where cybercriminals focused their malicious activities last year, according to Group IB’s Digital Risk Trends 2023 report.

In the ever-evolving landscape of cyber threats, scammers and hackers are relentless in exploiting every avenue of communication. From emails to texts, calls to QR codes, malicious actors are finding new ways to compromise your privacy and security. One such emerging threat is the rise of QR code phishing attacks, a blend of QR codes and phishing designed to trick individuals into revealing sensitive information.

Now being commonly referred to as “Scama” – short for Scamming Method – these kits are being sold promoting highly advanced feature sets, turning the novice scammer into a pro. I’ve covered a number of Phishing-as-a-Service kits on this blog, but we’re seeing an evolution in both the kit features and how they’re being promoted on the dark web.

Czech and Ukrainian police have arrested six individuals responsible for a call center-based vishing scam designed to trick victims into thinking they were already victims of fraud. Imagine getting a call on your mobile phone from your bank. The caller ID shows the number you have saved in your contacts, so it must be your bank, right? The person on the other end tells you your account has been compromised and the remaining funds must be moved to a safe account. Sounds legit?

There is no doubt that more pervasive deepfake and AI technologies will make for more realistic, sophisticated, phishing attacks, and add to an already huge problem. The days of phishing attacks rife with spelling and language errors are coming to an end. This is more the reason why you need a great security awareness training (SAT) program to fight back.

To celebrate National Computer Security Day, which is recognized on November 30 every year, KnowBe4 encourages all IT and security professionals to train their workforce how to stay safe from cybersecurity threats as the organization’s last line of defense. It is also crucial to focus on building a strong security culture by educating employees about today’s cyber threat landscape and how they can play a role in protecting the organization.

Researchers at Sophos have found that the criminal market for malicious generative AI tools is still disorganized and contentious. While there are obvious ways to abuse generative AI, such as crafting phishing emails or writing malware, criminal versions of these tools are still unreliable. The researchers found numerous malicious generative AI tools on the market, including WormGPT, FraudGPT, XXXGPT, Evil-GPT, WolfGPT, BlackHatGPT, DarkGPT, HackBot, PentesterGPT, PrivateGPT.

There’s been a “precipitous rise” in QR code phishing campaigns in 2023, according to Matthew Tyson at CSO. “For the attacker, QR codes bring a number of benefits, including some appreciated by legitimate businesses: they are easy to create and easy to use,” Tyson writes.