A recent survey by Lookout, Inc. warns for a specific attack vector as Labor Day approaches. The study shows that 85% of enterprise employees capable of remote work plan to do so on Friday, September 1, primarily using mobile devices. This creates an ideal environment for hackers to launch targeted phishing attacks. The risk is exacerbated by the fact that 80% of respondents admit to being more relaxed and distracted when working remotely on Fridays during the summer.

Threat Intelligence Analyst How does phishing-as-a-service (PhaaS) really work, and can it really bypass MFA? Here, we will walk you through the user interface of a PhaaS platform, and how its users can quickly build their own attacks using the built-in attack models and templates (and bypass MFA). For a layered approach, beyond MFA, we will introduce you to the benefits of using a threat intelligence solution to stay-ahead of emerging and advanced phishing attacks.

Researchers at Trustwave are tracking an increase in the use of QR codes to spread phishing links. “Being open-source, QR code generators have become accessible to anyone with access to the internet,” the researchers write.

QR Codes, the square images that contain coded information that can be scanned by a smartphone, are becoming increasingly popular. With the number of smartphone users reaching 6.92 billion this year, access to the information within these ingenious images is within reach by around 86% of the world’s population. Since most, if not all, of the smartphones today feature QR scanners and for those that don’t come so equipped, free apps can be downloaded to add this functionality.

Researchers at Trustwave have published a report outlining trends in business email compromise (BEC) attacks, finding that these attacks spiked in February of 2023. “For the first quarter of the year, we saw a 25% increase in unique attacks compared to the last quarter of 2022,” the researchers write. “February accounted for the highest volume of BEC emails in the first half of the year. January is the second most active month for BEC.

As the world shifted into remote work and distant learning during the pandemic lockdown, e-commerce accelerated as more consumers turned to online shopping apps and websites. Customers who shop online are familiar with email confirmation for their orders. But what if you receive an email confirmation for something that you never bought? It might be a fake order scam, and they are now being sent through Google Groups.

There’s a sentiment that has, unfortunately, taken hold in the field of cybersecurity: Users are the weakest part of your environment. You can see why some may try to paint that picture. The statistics would seem to back it up: However, there’s a deeper truth hiding behind these statistics: It’s not the employees who are the weakest part of your security environment, it’s the training they receive.

Business Email Compromise (BEC) remains a lucrative threat vector for attackers. The FBI’s IC3 reported that in 2022, they received 21,832 complaints with adjusted losses of over $2.7 billion. When it comes to targeted attacks, threat actor sophistication is evident in their ever-evolving tactics, even as detection capabilities and preventative measures improve. Let’s take a look at the current BEC landscape for the first half of 2023.

Users of the language learning app Duolingo should be wary of targeted phishing attacks following a recent data leak, according to Anthony Spadafora at Tom’s Guide. Criminals scraped the names and email addresses of 2.6 million Duolingo users earlier this year, and are now selling the entire dataset on underground forums for approximately $2.13.