89% of Organizations Experienced One or More Successful Email Breach Types During the Last 12 Months

May 4, 2022 9:29:50 AM By Stu Sjouwerman

With the number of email breaches per year almost doubling in the last three years, organizations still don’t see email security solutions as being an effective means of stopping attacks.

UK ICO Sees a Massive Increase in Targeted Email Attacks

Mar 2, 2022 1:31:34 PM By Stu Sjouwerman

New data obtained from the UK’s Information Commissioner’s Office by think tank Parliament Street shows an unprecedented rise in attacks against the UK’s information rights organization.

20 Year-Old “Right-to-Left Override” Functionality Used in Attacks to Trick Microsoft 365 Users Out of Credentials

Feb 22, 2022 9:01:58 AM By Stu Sjouwerman

Used to disguise malicious file extensions, this legacy functionality is being repurposed in attacks to obfuscate attachment types and steal credentials in an impressive way.

[On-Demand Webinar] Incredible Email Hacks You'd Never Expect and How You Can Stop Them

Feb 14, 2022 3:58:14 PM By Stu Sjouwerman

If you think the only way your network and devices can be compromised via email is phishing, think again!

Cryptocurrencies and Email Extortion Trends

Jul 15, 2021 10:04:39 AM By Stu Sjouwerman

Researchers at GreatHorn have found that 98.7% of extortion emails ask for payment in Bitcoin. Most of these emails aren’t targeted, but enough people will likely fall for them that the ...

[BREAKING] NSA, Partners Release Cybersecurity Advisory on Brute Force Global Cyber Campaign

Jul 1, 2021 12:15:33 PM By Stu Sjouwerman

NSA and its US and British partners (the UK's NCSC and the US FBI and CISA) late this morning released an advisory detailing a Russian campaign ("almost certainly ongoing") to brute-force ...

Low-Grade Ways of Bypassing Email Scanners

May 24, 2021 9:38:59 AM By Stu Sjouwerman

Cybercriminals are replacing common words in phishing scams with synonyms in order to bypass security filters, according to researchers at Avanan. For example, one phishing lure contained ...

Email-Based Threats Increase 64% as Attacks Grow in Sophistication and Volume

May 12, 2021 8:18:54 AM By Stu Sjouwerman

New data from Mimecast shows how email-based threats are not only the greatest perceived concern, but are proving to be the reason for increased experienced attacks.

Email Scammers Impersonate U.S. Government Agencies Offering Pandemic Financial Assistance

Jan 8, 2021 8:33:54 AM By Stu Sjouwerman

Taking advantage of people in their time of need, these bottom feeders of the cybercriminal world promise assistance and, instead, collect personal details to make a buck.

What You Need to Know About DMARC

Dec 29, 2020 10:13:23 AM By Stu Sjouwerman

It's true - not enough organizations utilize DMARC, SPF, and DKIM, global anti-domain-spoofing standards, which could significantly cut down on phishing attacks. But before you implement ...

The Risk of the “To” Line

Nov 25, 2020 2:26:34 PM By Stu Sjouwerman

Micropayments company Coil accidentally exposed at least a thousand of its customers’ email addresses by including their addresses in the “To” field of an email, BleepingComputer reports. ...

Threat Actors Take Advantage of Exchange Online and Outlook on the Web with New Levels of Sophistication

Oct 20, 2020 8:29:36 AM By Stu Sjouwerman

New insight from Accenture Security highlights specific ways attackers are changing their tactics to make Microsoft’s email platform a tool rather than an obstacle for phishing attacks.

Another Office 365 OAuth Attack Targets Coinbase Users to Gain Compromised Email Access

Oct 20, 2020 8:25:10 AM By Stu Sjouwerman

The latest attack attempts to trick Office 365 users that use Coinbase into giving access to their mailbox via a Consent app rather than trying to steal their credentials.

The Secret to This Email Phishing Campaign is Volume

Oct 15, 2020 8:24:12 AM By Stu Sjouwerman

FireEye says a newly characterized cybercriminal gang, FIN11, has been launching widespread email phishing campaigns for the past four years. The group isn’t particularly sophisticated, ...

Two-Month Email Compromise and Impersonation Attack Results in a $15M Take

Oct 14, 2020 3:30:05 PM By Stu Sjouwerman

Read how one unnamed company fell victim to a scam that’s been repeated many times over the last few years, but never with such a massive payoff at the end.

Trends in Malicious Attachments Used in Phishing Emails

Oct 14, 2020 8:26:32 AM By Stu Sjouwerman

People need to be familiar with the types of malicious attachments used in phishing emails, according to Lawrence Abrams at BleepingComputer. One of the most common methods of installing ...

New Office 365 Phishing Attack Checks Your Stolen Credentials in Real-Time

Oct 7, 2020 10:06:20 AM By Stu Sjouwerman

Nothing says the bad guys are intent on stealing credentials like testing them while you participate in their phishing attack so they can verify the validity before letting you off the ...

[NEW PhishER Feature] Remove, Inoculate, and Protect Against Email Threats With PhishRIP

Sep 16, 2020 7:00:00 AM By Stu Sjouwerman

Your users are likely already reporting potentially dangerous emails in some fashion within your organization. The increase of this email traffic can present a new problem!

The Dangerous Attraction of Original Gangsters

Sep 9, 2020 8:27:21 AM By Stu Sjouwerman

Users need to be mindful of the ways in which hackers can take over their accounts, according to Brian Krebs. Krebs says his experience as the owner of an “OG” Gmail address made him ...

Legitimate Services, but still Hook, Line, and Sinker

Sep 8, 2020 7:03:00 AM By Stu Sjouwerman

A malware distribution campaign is abusing organizations’ contact forms to send malicious emails designed to catch the attention of companies’ customer support personnel. The attackers ...

Security Awareness Training Blog

View Topics

89% of Organizations Experienced One or More Successful Email Breach Types During the Last 12 Months

UK ICO Sees a Massive Increase in Targeted Email Attacks

20 Year-Old “Right-to-Left Override” Functionality Used in Attacks to Trick Microsoft 365 Users Out of Credentials

[On-Demand Webinar] Incredible Email Hacks You'd Never Expect and How You Can Stop Them

Cryptocurrencies and Email Extortion Trends

[BREAKING] NSA, Partners Release Cybersecurity Advisory on Brute Force Global Cyber Campaign

Low-Grade Ways of Bypassing Email Scanners

Email-Based Threats Increase 64% as Attacks Grow in Sophistication and Volume

Email Scammers Impersonate U.S. Government Agencies Offering Pandemic Financial Assistance

What You Need to Know About DMARC

The Risk of the “To” Line

Threat Actors Take Advantage of Exchange Online and Outlook on the Web with New Levels of Sophistication

Another Office 365 OAuth Attack Targets Coinbase Users to Gain Compromised Email Access

The Secret to This Email Phishing Campaign is Volume

Two-Month Email Compromise and Impersonation Attack Results in a $15M Take

Trends in Malicious Attachments Used in Phishing Emails

New Office 365 Phishing Attack Checks Your Stolen Credentials in Real-Time

[NEW PhishER Feature] Remove, Inoculate, and Protect Against Email Threats With PhishRIP

The Dangerous Attraction of Original Gangsters

Legitimate Services, but still Hook, Line, and Sinker

Search Our Blog

Subscribe To Our Blog

Posts By Topic

Get the latest about social engineering

Subscribe to CyberheistNews

Get the latest about social engineering

Subscribe to CyberheistNews

Products & Services

About Us

Free Tools

Contact Us

Contact Support

Search