Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Egress

Unraveling the truth: Debunking three common phishing detection myths

As the threat landscape continues to evolve, cybercriminals are relentlessly refining their phishing tactics. This means that many of the tips and tricks organizations have told their employees to use in the past to spot a malicious email are no longer as effective in safeguarding their digital environments. Here, we dissect three commonly cited phishing detection strategies and unveil their limitations in the face of advanced cyber threats.

The C-suite conundrum: Are senior executives the Achilles' heel of cybersecurity?

In today's digital landscape, an organization’s C-suite and senior executives hold the most valuable corporate data and sign-off authorities, meaning they represent the highest potential risk over email. Whether it’s inbound spear phishing attacks, or outbound mistakes resulting in a damaging data breach, the C-suite are vulnerable.

Love bait: How AI-driven phishing scams are hijacking Valentine's Day

With Valentine’s Day just around the corner, it comes as no surprise that Egress’ Threat Intelligence team is starting to see an uptick in romance-based phishing attacks. In particular, they noted a staggering 43% increase in attacks impersonating well-established dating apps including Tinder and Hinge between January 1, 2024, until February 5, 2024, compared to 2023. This is only likely to increase as the day draws closer.

Venmo threat sees increase in fraudulent payment requests

Since January 13th, 2024, our Threat Intelligence team has seen a steep rise in the number of fraudulent payment attacks using Venmo. By hacking existing or setting up new Venmo accounts, cybercriminals are using legitimate Venmo communications to trick users into approving fraudulent payments.

Emerging threat: Salesforce-based attacks up by 109% in 2024

Since the start of 2024, Egress’ threat intelligence team has seen a 109% increase in Salesforce phishing attacks using what appears to be a legitimate email domain linked to Salesforce that impersonates Meta. Leveraging obfuscation techniques to mask a malicious URL, attackers are attempting to drive users to a very convincing spoof of a Meta ‘Partner Portal’ to harvest their credentials.

What is account takeover (ATO)?

Account takeover (ATO) is a form of identity theft in which cybercriminals can send emails from a legitimate business account. Threat actors who have control of a business leader's inbox can request payments and confidential information from employees, knowing that they're likely to be more successful than if they had simply made a spoof email account. Unfortunately, ATO is on the rise. Statistics show that ATO cases have skyrocketed since 2019.

Account takeover: Everything you need to know

Account takeover (ATO) is a form of identity theft that enables cybercriminals to send emails from a legitimate account within an organization. Hackers who gain control of an executive's account can request sensitive data and payments from employees in the knowledge that they're more likely to succeed than if they had simply created a spoofed email account. Our recently published Email Security Risk Report revealed that 58% of the 500 companies we surveyed had experienced instances of account takeover.

How to prevent account takeover (ATO)

Account takeover (ATO) is a form of identity theft that happens when cybercriminals get their hands on a victim's login details. Once a fraudster has unlawful access to users' email accounts, they can impersonate their victims and trick employees into sending sensitive business data or large sums of money. In our recently published Email Security Risk Report, 58% of the 500 companies surveyed had experienced account takeover.

Most impactful stats from the 2024 Email Security Risk Report

This year’s Email Security Risk Report touches on a range of topics from inbound email security and data loss prevention, including the fallout of successful phishing attacks, how Cybersecurity leaders feel about their secure email gateways (SEGs), and the limitations of traditional SAT programs.