Enforce identity verification throughout the employee life cycle using Persona and Okta’s out-of-the-box integration for identity verification. Joshua Rodriguez is a product marketing manager at Persona focused on our Graph product and financial institution and public sector verticals. You'll find him around the Bay Area exploring museums with his wife and young daughter.

If you think you’ve accidentally opened a phishing PDF, it’s important to immediately disconnect your device from the internet, back up your files, run a virus scan on your device and change your passwords. Typically, you can spot a phishing attempt if an email contains urgent and threatening language, too-good-to-be-true offers, spelling and grammatical errors or requests for private information.

Attackers are abusing Eventbrite’s scheduling platform to send phishing emails, according to researchers at Perception Point. These attacks increased by 900% between July and October 2024. “Perception Point researchers observed phishing emails delivered via ‘noreply@events.eventbritecom,’” the researchers write.

Threat actor uses the Gophish toolkit in phishing campaigns, attackers bypass secure email gateways and antivirus scanners, and Bumblebee malware returns.

Sophos describes a QR code phishing (quishing) campaign that targeted its employees in an attempt to steal information. The attackers sent phishing emails that appeared to be related to employee benefits and retirement plans. The emails contained PDF attachments which, when opened, displayed a QR code. If an employee scanned the code, they would be taken to a phishing page that spoofed a Microsoft 365 login form. The page was designed to steal login credentials and multi-factor authentication codes.

To stop receiving most spam emails, you can report them, block spam email addresses, make a burner email account and remove third-party account access. Spam emails are unwanted messages sent to many people, usually to advertise an item or service. According to Statista, approximately 46% of email traffic as of December 2023 could be classified as spam.

Halloween-themed spam and phishing emails have surged over the past two months, with a significant increase beginning in October, according to researchers at Bitdefender. “Bitdefender’s telemetry indicates a sharp rise in Halloween-themed spam throughout September and October,” the researchers write. “However, Halloween-themed spam rose 18% percentage points between 1-16 October 2024, compared to the entire month of September.

Sophisticated threat actors are increasingly targeting organizations with tailored phishing campaigns. Recently, SecurityScorecard detected a similar attempt against our team—and stopped it in its tracks. We’re sharing our findings to support the InfoSec community and strengthen collective defenses against continually evolving threats.

How Generative AI Can Help Identify Malware? Spambrella explains how AI models add value: Generative AI models can identify malware by learning the patterns and structures typical of malicious code versus benign software. Code Generation and Analysis – By generating variations of known malware, these models can simulate potential new forms of malware, helping cybersecurity teams anticipate and defend against unseen threats.

Cybercriminals are offering tools to help phishing pages avoid detection by security tools, according to researchers at SlashNext. “Anti-bot services, like Otus Anti-Bot, Remove Red, and Limitless Anti-Bot, have become a cornerstone of complex phishing operations,” the researchers write. “These services aim to prevent security crawlers from identifying phishing pages and blocklisting them.