A new post by the Microsoft security team warns about a new type of phishing attack vector targeting users. Consent Phishing, as they refer to it as, targets users by asking for an egregious amount of permissions from Single-Sign-On allowing the bad actors to abuse the accounts they have been granted access to.
Instagram users should be on the lookout for fake copyright notices that have emerged as a new way to try and phish people into handing over the credentials of their accounts. As reported by
As reported by Checkpoint Research, European users of Office 365 have been targeted with phishing emails sent from seemingly legitimate sources after bad actors hijacked Samsung's
As is common with real phishing campaigns, bad actors are using current events to take advantage of people and trick them into opening malicious emails.
GitLab.com recently performed a spear phishing campaign where they targeted 50 of their employees in an attempt to see how vulnerable their team members were to phishing attacks. Using the domain "gitlab.company" and GSuite to deliver emails, those targeted were asked to click on a link to accept an upgraded Laptop from their IT department.
Social engineering is the process of attacking the human, or employee, rather than the technology directly. Through social tactics, an employee is tricked into performing an action,
The 2019 Verizon Data Breach Investigations Report (DBIR) provides valuable information on the threats facing organizations today. The DBIR is produced by Verizon with a collaboration of many security entities. The following is a summary of finding that relate to the human element of security.
The following slideshare, authors Christopher Hadnagy and Michele Fincher outline ten steps to creating a phishing awareness campaign for an organization.
