Category: Blog

Phishing through the prism of graphic design

A little design in the phishing world What do bright and catchy presentations, laconic documents, and perfect CVs have in common? Everyone can easily create it by using online graphic design platforms without wasting time. Almost everyone already knows about such services and have used at least one time before.

Anatomy of a Malware Attack: Emails with Password-Protected Files

Almost 94% of all malware attacks are delivered via email. These attacks may include ransomware, adware, spyware, and more. Lately we have observed a growing trend of distributing malware through password-protected email attachments. Let’s look at an example of what this kind of malware attack looks like so that you

Phishing hosted on high Alexa domains: another dangerous trick in Web

Dark side of high Alexa domains How much do you trust such services as Google, Windows, Dropbox? And what about the open access libraries? One more important question is, how much your employees use such services in their daily routine? According to the Cyren Inbox Security traffic statistic, vast amounts

Security Awareness Training Won’t Give CISOs or Employees Peace of Mind

I attended a virtual roundtable discussion with CISOs this week. The session opened with a somber question: what keeps you up at night? The overwhelming majority of CISOs said they’re afraid users will click on something they shouldn’t. And rightfully so – according to the 2019 Global Data Exposure Report,

Email spoofing BEC attack targeting numerous employees at once

Spear-phishing spoofed attacks have been and remain one of the most substantial cyber threats that organizations face nowadays. And once we talk about spear-phishing, we can’t help but mention business email compromise (BEC) attacks which if successful result in staggering losses for the companies: the FBI’s Internet Crime Complaint Center

Phishers abusing Google App Engine

Over the last few weeks Cyren has observed a massive spike in phishing sites hosted on the appspot.com domain that Google uses for its free Google App Engine. Taking advantage of soft routing on Google App Engine Google App Engine is a cloud-based development platform used to host and develop

Microsoft reports a “leap in attack sophistication”

Last month Microsoft released a sobering Digital Defense Report. From their perch powering 600,000 enterprises’ cloud inboxes (in the United States alone), they report: Malware attacks are decreasing. Instead 70% of attacks are through phishing emails, largely to harvest credentials. Attackers are laying long-term traps that scour the internet looking

Anatomy of a Phishing Attack: Stolen Microsoft 365 Credentials

Phishing attacks designed to steal Microsoft 365 credentials are launched every day and growing more sophisticated. We recently detected a massive attack that hid a fake Microsoft 365 login page in the incoming emails’ attachments. Related: Microsoft 365 Is Wildly Successful and Profoundly Vulnerable – Here’s Why The attack On