Researchers observed variants of the Emotet Trojan injecting themselves into existing email conversations as a means of distributing malicious links.
Researchers have discovered evidence of a threat group named London Blue, a U.K.-based collective that focuses on CFOs at mortgage companies, accounting firms and some of the world's largest banks.
Researchers identified a new email scam using seemingly legitimate BBC News webpages to reroute user clicks and generate bitcoin.
Trickbot has formed a partnership with another banking Trojan, IcedID, to help distribute each other's malware more widely — and possibly co-develop new capabilities.
New Incident Response Study Reveals More Than Half of Attackers Use Social Engineering to Target Organizations
A new study on incident response revealed that more than half of external attackers use social engineering in targeted campaigns against organizations in various sectors.
In recent months, security researchers have identified Punycode attacks as part of malvertising and phishing campaigns targeting both individual users and major email providers.
Security vulnerabilities stemming from improper handling of non-ASCII characters in email headers could enable fraudsters to launch spoofing attacks.
A new spear phishing campaign leverages a series of malicious emails to target and compromise Russian-speaking enterprises via hidden backdoors.
Marketers use email tracking pixels to evaluate their campaigns, but cybercriminals have repurposed the technology to conduct recon on potential victims.
Sender Policy Framework and DomainKeys Identified Mail are two techniques that can be used to limit the amount of spam in inboxes.