Security Awareness Training Blog

Phishing Blog

Learn about current phishing techniques, notable campaigns and attacks, what to watch out for 'in the wild', and more.

Threat Actors Abuse Google Translate to Craft Phishing Links

Threat actors are abusing Google Translate’s redirect feature to craft phishing links that appear to belong to, according to researchers at Abnormal Security.
Continue Reading

Phishing Campaign Attempts to Bypass iOS Protections

An SMS phishing (smishing) campaign is attempting to trick Apple device users into disabling measures designed to protect them against malicious links, BleepingComputer reports.
Continue Reading

From Pig Butchering to People Talking

Interpol has recently recommended discontinuing the use of the term "Pig Butchering" in cybercrime discussions, expressing concern that such terminology may discourage victims from ...
Continue Reading

Effective Security Awareness Training Really Does Reduce Data Breaches

Social engineering and phishing are involved in 70% - 90% of data breaches. No other root cause of malicious hacking (e.g., unpatched software and firmware, eavesdropping, cryptography ...
Continue Reading

Ransomware Gangs Claimed More Than 5,000 Attacks in 2024

Ransomware groups claimed responsibility for 5,461 attacks in 2024, with 1,204 of these attacks being publicly confirmed by victim organizations, according to Comparitech’s latest ...
Continue Reading

Brad Pitt Romance Scams Pushed By AI-Enabled Deepfakes

I have helped people detect romance scams for decades. It is still very common for romance scammers to leverage both pictures of celebrities and pictures of innocent, everyday people as ...
Continue Reading

First Ever Magic Quadrant™ for Email Security Platforms by Gartner®

In cybersecurity, email has always been a critical concern. However, we feel the new 2024 Gartner® Magic Quadrant for Email Security Platforms™ has signaled a shift in how we approach ...
Continue Reading

Japan Attributes More Than 200 Cyberattacks to China Threat Actor "MirrorFace"

Japan’s National Police Agency (NPA) has attributed more than 200 cyber incidents over the past five years to the China-aligned threat actor “MirrorFace,” Infosecurity Magazine reports.
Continue Reading

Phishing Campaign Abuses Legitimate Services to Send PayPal Requests

A phishing campaign is abusing Microsoft 365 test domains to send legitimate payment requests from PayPal, according to Fortinet’s CISO Dr. Carl Windsor.
Continue Reading

Malicious WordPress Plugin Assists in Phishing Attacks

Researchers at SlashNext warn that cybercriminals are using a WordPress plugin called “PhishWP” to spoof payment pages and steal financial information.
Continue Reading

Phishing for Gamers: Fake Offers Invite Gamers to Test New Gaming Titles

A phishing campaign is targeting users with phony offers to beta test new video games, according to researchers at Malwarebytes.
Continue Reading

Credential Phishing Increased by 703% in H2 2024

Credential phishing attacks surged by 703% in the second half of 2024, according to a report by SlashNext. Phishing attacks overall saw a 202% increase during the same period.
Continue Reading

Tax-Themed Phishing Campaign Delivers Malware Via Microsoft Management Console Files

Securonix warns that tax-themed phishing emails are attempting to deliver malware via Microsoft Management Console (MSC) files.
Continue Reading

"Get Beyond Security Awareness Training" Does Not Mean Forgetting About It

KnowBe4 is a big believer in focusing on decreasing human risk as the best way to decrease cybersecurity risk in most environments.
Continue Reading

Mobile Phishing Attacks Use New Tactic to Bypass Security Measures

ESET has published its threat report for the second half of 2024, outlining a new social engineering tactic targeting mobile banking users.
Continue Reading

Attackers Abuse HubSpot’s Free Form Builder to Craft Phishing Pages

A threat actor is abusing HubSpot’s Free Form Builder service to craft credential-harvesting phishing pages, according to Palo Alto Networks’ Unit 42.
Continue Reading

No, KnowBe4 Is Not Being Exploited

Some of our customers are reporting “Threat Alerts” from Mimecast stating hackers have exploited KnowBe4 or KnowBe4 domains to send email threats.
Continue Reading

AI-Powered Investment Scams Surge: How 'Nomani' Steals Money and Data

Cybersecurity researchers are warning about a new breed of investment scam that combines AI-powered video testimonials, social media malvertising, and phishing tactics to steal money and ...
Continue Reading

Phishing Campaign Targets YouTube Creators

An email phishing campaign is targeting popular YouTube creators with phony collaboration offers, according to researchers at CloudSEK. The emails contain OneDrive links designed to trick ...
Continue Reading

[Heads Up] Bad Actors Use Voice Phishing in Microsoft Teams To Spread DarkGate Malware

Threat actors are using voice phishing (vishing) attacks via Microsoft Teams in an attempt to trick victims into installing the DarkGate malware, according to researchers at Trend Micro.
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews