New Phishing-As-A-Service Kit with Ability to Bypass MFA Targets Microsoft 365 Accounts

Feb 5, 2024 4:57:58 PM By Stu Sjouwerman

A phishing-as-a-service platform called “Greatness” is facilitating phishing attacks against Microsoft 365 accounts, according to researchers at Sucuri.

Facebook Phishing Scams Target Concerned Friends and Family

Jan 22, 2024 2:06:13 PM By Stu Sjouwerman

BleepingComputer describes a phishing scam that’s been running rampant on Facebook for the past several months, in which threat actors use hacked accounts to post links to phony articles ...

Beware of "Get to Know Me" Surveys

Jan 11, 2024 1:46:46 PM By Roger Grimes

Trained security awareness professionals are aware that whatever someone says about themselves and personal experiences can be used against them in a social engineering scam. It is always ...

Beware of Fraudulent Charge Messages

Jan 5, 2024 1:19:09 PM By Roger Grimes

Be careful of emails, SMS messages, or calls claiming to be from your bank about your card being used fraudulently. If this ever happens, call the phone number on the back of your card.

Phishing Reigns as the Most Likely and Most Feared Cyber Attack

Jan 5, 2024 9:00:05 AM By Stu Sjouwerman

With over half of organizations being the victim of password-based attacks in the last year, new data sheds light on the risk of phishing attacks and the use of password-based credentials.

Phishing-Resistant MFA Will Not Stop Phishing Attacks

Dec 7, 2023 10:25:31 AM By Roger Grimes

You would be hard-pressed to find an author and organization (KnowBe4) that has pushed the use of phishing-resistant multi-factor authentication (MFA) harder.

Cybercrime Group "Scattered Spider" is a Social Engineering Threat

Nov 20, 2023 3:08:35 PM By Stu Sjouwerman

The US Cybersecurity and Infrastructure Security Agency (CISA) and the FBI have released a joint Cybersecurity Advisory describing the Scattered Spider cybercriminal gang’s activities.

Targeted Social Engineering on the Rise With Lowering Phishing-as-a-Service Costs

Nov 7, 2023 1:46:47 PM By Stu Sjouwerman

Targeted individuals were the most common victims of social engineering attacks in the second half of 2022 and the first half of 2023, according to researchers at AtlasVPN.

Spear Phishing Becomes Most Common Attack Technique in Q3 2023

Nov 6, 2023 9:18:13 AM By Stu Sjouwerman

Spear phishing was the most common attack technique in the third quarter of 2023, according to researchers at ReliaQuest.

Cybercriminal Group Octo Tempest and Its Menacing Phishbait

Oct 31, 2023 10:07:28 AM By Stu Sjouwerman

Microsoft is tracking a cybercriminal group called “Octo Tempest” that uses threats of violence as part of its social engineering and data theft extortion campaigns.

A Brief History of Phishing, and Other Forms of Social Engineering

Oct 23, 2023 10:23:52 AM By Stu Sjouwerman

Social engineering attacks have a very long history, though the Internet has made it easier to launch these attacks en masse, according to Sean McNee at DomainTools. McNee points to an ...

[HEADS UP] If You're a LastPass User, You May be the Next Phishing Email Target

Sep 28, 2023 9:17:38 AM By Stu Sjouwerman

Cybercriminals are not holding back on LastPass users as a new phishing campaign has recently launched with the intent to steal your data.

MFA Defenses Fall Victim to New Phishing-As-A-Service Offerings

Sep 25, 2023 8:00:00 AM By Stu Sjouwerman

ZeroFox warns that phishing-as-a-service (PhaaS) offerings are increasingly including features to bypass multi-factor authentication.

Can Someone Guess My Password From the Wi-Fi Signal On My Phone?

Sep 14, 2023 7:41:24 AM By Martin Kraemer

Cybercriminals can't ascertain your phone password just from a Wi-Fi signal, but they can come close according to a method described in a recent research paper. Researchers have ...

Cybercriminals Selling "Golden Tickets" to Phish Microsoft 365... $500,000 in Sales in 10 Months

Sep 12, 2023 7:45:00 AM By Stu Sjouwerman

In the movie, "Willy Wonka and the Chocolate Factory," kids unwrap chocolate bars in hopes of winning a golden ticket, giving the holder an inside tour of the sugar factory. The W3LL ...

Scary New IT Admin Attack Exposes Your MFA Weakness

Sep 7, 2023 8:44:27 AM By Stu Sjouwerman

Identity and authentication management provider Okta has warned of social engineering attacks that are targeting IT workers in an attempt to gain administrative privileges within ...

How Secure Is Your Authentication Method?

Sep 6, 2023 8:53:21 AM By Roger Grimes

I frequently write about authentication, including PKI, multi-factor authentication (MFA), password managers, FIDO, Open Authentication, and biometrics. I have written dozens of articles ...

New Adversary in the Middle Platform Circumvents MFA Protections “At Scale”

Sep 1, 2023 10:21:34 AM By Stu Sjouwerman

As Phishing as a Service (PhaaS) kits continue to evolve, news like recent attacks using the Greatness toolkit demonstrate how easy it is for novice attackers to access accounts despite ...

Quishing: QR Codes as Phishbait

Aug 30, 2023 9:12:55 AM By Stu Sjouwerman

Researchers at Trustwave are tracking an increase in the use of QR codes to spread phishing links.

Wordfence Becomes the Latest Brand to be Impersonated Putting 800 Million Sites at Risk

Aug 9, 2023 1:55:27 PM By Stu Sjouwerman

With its wide use and trusted state among Wordpress developers and website admins, a new campaign impersonating the website security brand could put hundreds of millions of websites at ...

Security Awareness Training Blog

View Topics