During the summer months, when employees and customers are away on vacation, things usually slow down for businesses. But for cybercriminals, the opposite is true because they are busy taking advantage of minimal staffing levels in companies during the vacation period to launch complex attacks. The U.S. Federal Cybersecurity and Infrastructure Security Agency (CISA), warns that the risk of being hit by a cyberattacks rises over the holidays and summer vacation-themed phishing attacks gain momentum.

Researchers at Akamai describe a credential phishing campaign that’s been running since at least March 2022. Due to the volume of traffic to the phishing sites, the researchers estimate that the attackers are raking in up to $150,000 per year by selling the stolen credentials. “This ongoing research led to the discovery of multiple templated sites used as front-ends for the scam infrastructure that have been tied to more than 40,000 malicious routing domains,” the researchers write.

The US Cybersecurity and Infrastructure Security Agency (CISA) has found that compromise of valid accounts and spear phishing attacks were the two most common vectors of initial access in 2022, Decipher reports. Valid accounts were compromised in 54% of successful attacks. “Valid accounts can be former employee accounts that have not been removed from the active directory or default administrator accounts,” CISA said.

We've reported on several Amazon scams, but for once, there is positive news. Amazon sent an email Thursday morning highlighting the top scams your users should watch out for: Prime Membership Scams Per Amazon, "These are unexpected calls/texts/emails that refer to a costly membership fee or an issue with your membership and ask you to confirm or cancel the charge.

Business email compromise (BEC) continues to be one of the fastest growing and most risky attack vectors for companies, as it has become a multimillion-dollar business that causes almost 80 times more losses than ransomware.

The Egress Threat Intelligence team has detected an 83.6% increase in scouting phishing emails between May 1st – June 30, 2023, compared with March 1st – April 30th, 2023. These emails aim to identify organizations’ and individuals’ personal time off (PTO) patterns or other absences from work through the automatic out-of-office responses they receive. The scouting attacks were sent from multiple spoofed email addresses from servers located in Russia and Japan.

The Barbie movie has captivated audiences worldwide, breaking box-office records and generating massive excitement and enthusiasm among fans. However, as with any major news sensation, threat actors are quick to exploit the fervor surrounding the movie for their malicious gain. The Barbie movie, given its immense popularity, has become an ideal bait for cybercriminals seeking to exploit the frenzy around it.

It’s late Friday evening and Tom (your average everyday employee) has worked diligently to meet project deadlines and follow up with customers before his much-anticipated weeklong vacation. Exhausted from burning the midnight oil and juggling multiple tasks, he’s eager to wrap up his work and enjoy a well-deserved break. As Tom completes his last remaining task, he is greeted with one final email before signing off for the week.

New data focused on the first half of the year shows some anomalies. Phishing attacks are slowing down… that is, until you dive into the details. I can’t remember the last time I posted a headline stating that phishing numbers were down; that’s because we haven’t seen this trend occur in a number of years. But new data from Vade Secure’s H1 2023 Phishing and Malware Report shows an interesting outlier that skews a high-level view of the data.

Social engineering has long been a popular tactic among cybercriminals. Relying exclusively on information security tools does not guarantee the safety of an IT infrastructure these days. It is critically important to enhance the knowledge of employees regarding information security threats. Specifically, there is often a pressing need to educate employees about phishing. But how could phishing awareness training go wrong, and what can be done about it?