email phishing related cybersecurity articles - The Hacker News
The Hacker News Logo
Subscribe to Newsletter

The Hacker News - Cybersecurity News and Analysis: email phishing

Why Minimizing Human Error is the Only Viable Defense Against Spear Phishing

Why Minimizing Human Error is the Only Viable Defense Against Spear Phishing

February 25, 2020The Hacker News
Phishing attacks have become one of the business world's top cybersecurity concerns. These social engineering attacks have been rising over the years, with the most recent report from the Anti-Phishing Working Group coalition identifying over 266,000 active spoofed websites, which is nearly double the number detected during Q4 2018. Hackers have evolved their methods, from regular phishing attacks to spear phishing, where they use email messages disguised as coming from legitimate sources to dupe specific individuals. This is why the global spear phishing protection software market is estimated to reach $1.8 billion by 2025. However, conventional defenses can still fall short due to one particular weakness in the security perimeter – the human factor. Indeed, some 33 percent of 2019's data breaches involved humans falling victim to social engineering attacks. And given how sophisticated and creative the phishing perpetrators have been getting, it's easy to see h
Scam Alert: You've Been Selected for 'Like of the Year 2020' Cash Prizes

Scam Alert: You've Been Selected for 'Like of the Year 2020' Cash Prizes

February 20, 2020Ravie Lakshmanan
Cybersecurity researchers have discovered a large-scale ongoing fraud scheme that lures unsuspecting Russian Internet users with promises of financial rewards to steal their payment card information. According to researchers at Group-IB , the multi-stage phishing attack exploited the credibility of Russian Internet portal Rambler to trick users into participating in a fictitious "Like of the Year 2020" contest. The development is a reminder that rewards-based social engineering campaigns continue to be an effective means to scam users, not to mention the leveraging the collected data to their financial advantage. Under the "Like of the Year" scheme, users were invited to win a large cash prize, telling them they've been randomly selected after liking a post on social media platforms such as VKontakte. The invites were sent via an email blast by hacking the mail servers of a fiscal data operator , which refers to a legal entity created to aggregate, st
BitDam Study Exposes High Miss Rates of Leading Email Security Systems

BitDam Study Exposes High Miss Rates of Leading Email Security Systems

January 21, 2020The Hacker News
Imagine receiving an email from US VP Mike Pence's official email account asking for help because he has been stranded in the Philippines. Actually, you don't have to. This actually happened. Pence's email was hacked when he was still the governor of Indiana, and his account was used to attempt to defraud several people. How did this happen? Is it similar to how the DNC server was hacked? Email hacking is one of the most widespread cyber threats at present. It is estimated that around 8 out of 10 people who use the internet have received some form of phishing attack through their emails. Additionally, according to Avanan's 2019 Global Phish Report , 1 in 99 emails is a phishing attack. BitDam is aware of how critical emails are in modern communication. BitDam published a new study on the email threat detection weaknesses of the leading players in email security, and the findings command attention. The research team discovered how Microsoft's Office365
Use iPhone as Physical Security Key to Protect Your Google Accounts

Use iPhone as Physical Security Key to Protect Your Google Accounts

January 16, 2020Mohit Kumar
Great news for iOS users! You can now use your iPhone or iPad, running iOS 10 or later, as a physical security key for securely logging into your Google account as part of the Advanced Protection Program for two-factor authentication. Android users have had this feature on their smartphones since last year, but now Apple product owners can also use this advanced, phishing-resistant form of authentication as an alternative to a physical security key. Adding extra security later of two-step authentication is one of the more essential steps you can take to secure your online accounts, which makes it harder for attackers to log in to your account, especially when they steal your password. "According to a study we [Google] released last year, people who exclusively used security keys to sign into their accounts never fell victim to targeted phishing attacks," said Shuvo Chatterjee, Product Manager at Google's Advanced Protection Program. Google recently update
New Group of Hackers Targeting Businesses with Financially Motivated Cyber Attacks

New Group of Hackers Targeting Businesses with Financially Motivated Cyber Attacks

November 14, 2019Swati Khandelwal
Security researchers have tracked down activities of a new group of financially-motivated hackers that are targeting several businesses and organizations in Germany, Italy, and the United States in an attempt to infect them with backdoor, banking Trojan, or ransomware malware. Though the new malware campaigns are not customized for each organization, the threat actors appear to be more interested in businesses, IT services, manufacturing, and healthcare industries who possess critical data and can likely afford high ransom payouts. According to a report ProofPoint shared with The Hacker News, the newly discovered threat actors are sending out low-volume emails impersonating finance-related government entities with tax assessment and refund lured emails to targeted organizations. "Tax-themed Email Campaigns Target 2019 Filers, finance-related lures have been used seasonally with upticks in tax-related malware and phishing campaigns leading up to the annual tax filing deadlines in
Hackers Using Zero-Width Spaces to Bypass MS Office 365 Protection

Hackers Using Zero-Width Spaces to Bypass MS Office 365 Protection

January 10, 2019Swati Khandelwal
Security researchers have been warning about a simple technique that cybercriminals and email scammers are already being using in the wild to bypass security features of Microsoft Office 365, including Safe Links, which are originally designed to protect users from malware and phishing attacks. Safe Links has been included by Microsoft in Office 365 as part of its ATP (Advanced Threat Protection) solution that works by replacing all URLs in an incoming email with Microsoft-owned secure URLs. Therefore, every time users click on a link provided in an email, Safe Links first sends them to a Microsoft owned domain, where it immediately checks the original link for anything suspicious. If Microsoft's security scanners detect any malicious element, it then warns the users about it, and if not, it redirects them to the original link. However, researchers at the cloud security company Avanan have revealed how attackers have been bypassing both Office 365's URL reputation check a
Email Phishers Using New Way to Bypass Microsoft Office 365 Protections

Email Phishers Using New Way to Bypass Microsoft Office 365 Protections

August 15, 2018Swati Khandelwal
Phishing works no matter how hard a company tries to protect its customers or employees. Security researchers have been warning of a new phishing attack that cybercriminals and email scammers are using in the wild to bypass the Advanced Threat Protection (ATP) mechanism implemented by widely used email services like Microsoft Office 365. Microsoft Office 365 is an all-in-solution for users that offers several different online services, including Exchange Online, SharePoint Online, Lync Online and other Office Web Apps, like Word, Excel, PowerPoint, Outlook and OneNote. On the top of these services, Microsoft also offers an artificial intelligence and machine learning powered security protection to help defend against potential phishing and other threats by going one level deep to scan the links in the email bodies to look for any blacklisted or suspicious domain. But as I said, phishers always find a way to bypass security protections in order to victimize users. Just over
Email Phishers Using A Simple Way to Bypass MS Office 365 Protection

Email Phishers Using A Simple Way to Bypass MS Office 365 Protection

June 19, 2018Swati Khandelwal
Security researchers have been warning about a simple technique that cyber criminals and email scammers are using in the wild to bypass most AI-powered phishing detection mechanisms implemented by widely used email services and web security scanners. Dubbed ZeroFont , the technique involves inserting hidden words with a font size of zero within the actual content of a phishing email, keeping its visual appearance same, but at the same time, making it non-malicious in the eyes of email security scanners. According to cloud security company Avanan , Microsoft Office 365 also fails to detect such emails as malicious crafted using ZeroFont technique. Like Microsoft Office 365, many emails and web security services use natural language processing and other artificial intelligence-based machine learning techniques to identify malicious or phishing emails faster. The technology helps security companies to analyze, understand and derive meaning from unstructured text embedded in an
Hackers Found Using A New Way to Bypass Microsoft Office 365 Safe Links

Hackers Found Using A New Way to Bypass Microsoft Office 365 Safe Links

May 08, 2018Mohit Kumar
Security researchers revealed a way around that some hacking groups have been found using in the wild to bypass a security feature of Microsoft Office 365, which is originally designed to protect users from malware and phishing attacks. Dubbed Safe Links, the feature has been included in Office 365 software as part of Microsoft's Advanced Threat Protection (ATP) solution that works by replacing all URLs in an incoming email with Microsoft-owned secure URLs. So, every time a user clicks on a link provided in an email, it first sends the user to a Microsoft owned domain, where the company immediately checks the original URL for anything suspicious. If Microsoft's scanners detect any malicious element, it then warns users about it, and if not, it redirects the user to the original link. However, researchers at cloud security company Avanan have revealed how attackers have been bypassing the Safe Links feature by using a technique called, " baseStriker attack ."
Exclusive Offers

Cybersecurity Newsletter — Stay Informed

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.