In The News

Return to offices means new opportunities for phishing   The move to home working provided new opportunities for phisherfolk, but as many people start to return to their offices the attackers are pivoting to exploit that too. A new report from email phishing protection specialist INKY shows attacks are capitalizing on vulnerability and the desire for accurate information about returning to the office in-person.
Read More
The Top 25 Most Phished Brands   INKY processed 656,954,951 emails in 2020. From this data, they ranked the top 25 most-phished brands during 2020. In round numbers, that’s two-thirds of a billion. Within this pool, Inky found 4,874,096 phishing campaigns. Of those phishing campaigns, 591,293 of them were brand impersonations. Out of the brand-impersonation group, INKY found 40,903 unique campaigns.
Read More
Phishing Attackers keep Hijacking Prestigious University Email Accounts To sneak Past Corporate Security The cybercriminal interest in hijacking university email domains is one of cybersecurity’s worst kept secrets and yet it’s become a problem that only seems to generate more bad news.
Read More
Report: Phishing Campaign Uses Hidden Text to Bypass Email Security Source: www.healthitsecurity.com A new phishing campaign has been spotted in the wild using hidden text, or what’s known as zero font, to bypass email security controls and deliver malicious emails to the user, according to a recent report from Inky Technology. 
Read More
Credential harvesting — How Zoom opened the phishing floodgates Video conferencing tech has been a lifeline for businesses, helping them sustain operations and communications amid the surreal events of 2020. But this sudden reliance was a vulnerability that some were ready to exploit. 
Read More
Inky spots new phishing attack with clever tricks Inky has reported a new phishing attack designed to confuse Secure Email Gateways (SEG). The attack is using hidden text to stop the SEG rejecting the email as fraudulent. It is also taking advantage of the Unicode Soft Hyphen feature to hide the displayed text from the SEG engine. The result is that the email is delivered to the user, looks like a legitimate email and is likely to be successful at harvesting user credentials.
Read More
Attackers Use Unicode & HTML to Bypass Email Security Tools Cybercriminals have been spotted using HTML/CSS and Unicode tricks to bypass tools meant to block malicious emails, marking a new twist in phishing techniques, security researchers report.
Read More
There But Not There: Phishing Emails Using Invisible Text We’re used to hackers slipping malicious links and attachments into phishing emails. That doesn’t mean there aren’t the occasional slip-ups that result in malware infections, but for the most part, cyber-savvy users recognize the tricks used to fool them.
Read More
Fake Zoom meeting invitation harvests Microsoft credentials Initially targeting Zoom users; the phishing scam aims for Outlook and Office365 credentials. As the digital world deals with the added responsibility of hosting more and more meetings online, popular video conferencing apps like Zoom and Microsoft Teams have increasingly come under fire from cybercriminals.
Read More
Anti-phishing startup INKY raises $20M to ramp up enterprise adoption Anti-phishing startup Inky  has raised $20 million in its Series B round of funding, led by Insight Partners .
Read More