No surprise: phishing attacks are on the rise, and a new technique is becoming increasingly popular: open redirect flaws. These flaws allow attackers to redirect victims to malicious websites, even if the link in the phishing email appears to be legitimate.

Researchers at Trustwave are tracking an increase in the use of QR codes to spread phishing links. “Being open-source, QR code generators have become accessible to anyone with access to the internet,” the researchers write.

Researchers at Trustwave have published a report outlining trends in business email compromise (BEC) attacks, finding that these attacks spiked in February of 2023. “For the first quarter of the year, we saw a 25% increase in unique attacks compared to the last quarter of 2022,” the researchers write. “February accounted for the highest volume of BEC emails in the first half of the year. January is the second most active month for BEC.

Callback phishing isn't your typical email scam. Instead of the usual suspects with bad grammar and obvious malicious links, these attacks play mind games. They set up a multi-layered trap using some smooth-talking tactics to get you to dial a fake number and spill your sensitive info.

Users of the language learning app Duolingo should be wary of targeted phishing attacks following a recent data leak, according to Anthony Spadafora at Tom’s Guide. Criminals scraped the names and email addresses of 2.6 million Duolingo users earlier this year, and are now selling the entire dataset on underground forums for approximately $2.13.

Monitoring of traffic to phishing pages hosted on the free hosting service Cloudflare R2 show an unheard of spike of 6100%, many going undetected by many security solutions due to the evasive techniques used. I can’t remember a time when I’ve covered a story and the reported increases were as large as the recent spike in malicious network traffic observed by Netskope.

Continuing coverage of IBM’s recently-released Cost of a Data Breach report, we focus on the impact attacks involving social engineering have on data breach costs. There are two reports every year that we cover on this blog that you should be reading – Verizon’s Data Breach Investigations Report and IBM’s Cost of a Data Breach report. Each of these reports has been published for years, providing insight into how the state of data breaches are changing.

In last few years, cyber espionage has taken a new form. A recent investigation by The Times has unveiled a Chinese intelligence officer's extensive use of LinkedIn to target UK officials. Operating under the alias "Robin Zhang," this spy has been luring thousands of officials, scientists, and academics to hand over state secrets and sensitive technology information.

After you come to grips with the massive average cost of a data breach to an enterprise organization measured in the millions, it’s time to look at the factors that increase – and lower – that cost. According to IBM’s recently-released 18th edition of their Cost of a Data Breach Report, we find that this year’s average cost is $4.45 million. That’s a staggering number, but what about the contributing factors?

Phishing attacks are on the rise in Australia, the Australian Broadcasting Corporation (ABC) reports. “The latest figures reveal phishing is a practice that is only becoming more and more widespread,” the ABC says.“Phishing was the most reported scam to Scamwatch in 2022, with the government website recording 74,573 complaints — a 4.6 per cent increase on the previous year.