Criminals pay attention to user demographics to target specific types of users when crafting email-based attacks, a joint study from Google and Stanford found.
The Nigeria Police Force, in partnership with Interpol and Group-IB, has arrested three men suspected of being part of a cybercriminal gang that specialized in business-email-compromise scams.
Attackers are cross-checking stolen Office 365 credentials on Microsoft Entra ID in real-time after victims type them into a malicious phishing page, researchers from Armorblox said.
Google's Threat Analysis Group discovered one attacker exploiting five separate zero days in several applications last year, a highly unusual attack pattern.
A proposal that would standardize the format of SMS messages being used in two-factor authentication schemes has a simple goal: make users relying on those one-time passcodes less susceptible to phishing attacks.