Security Awareness Training Blog

Phishing Blog

Learn about current phishing techniques, notable campaigns and attacks, what to watch out for 'in the wild', and more.

China Cybercriminals Behind Toll-Themed Smishing Attacks Surge in the US and UK

Resecurity warns that a China-based cybercriminal gang dubbed the “Smishing Triad” is launching a wave of road toll-themed SMS phishing (smishing) attacks against users across the US and ...
Continue Reading

Lack of Security Awareness Tops List of Obstacles to Cyber Defense

Most organizations cite low security awareness among employees as the biggest barrier to defending against cyberattacks, according to a new survey by CyberEdge Group.
Continue Reading

The Continued Abuse of Legitimate Domains: A Spike in the Exploitation of Google Drive to Send Phishing Attacks

First QuickBooks, then Microsoft, and now Google—will the hijacking of legitimate third-party platform communications stop escalating in 2025? Our Threat Labs researchers predict the ...
Continue Reading

How Does Human Risk Management Differ from Security Awareness Training?

In today's cybersecurity landscape, organizations face an ever-present and often underestimated threat: human risk. Despite significant advancements in technological defenses, human error ...
Continue Reading

AI-Powered Spear Phishing Can Now Outperform Human Attackers

Researchers at Hoxhunt have found that AI agents can now outperform humans at creating convincing phishing campaigns.
Continue Reading

UK Organizations Cite Phishing as the Most Disruptive Type of Cyberattack

Phishing was the most prevalent and disruptive type of attack experienced by UK organizations over the past twelve months, according to the British government’s Cyber Security Breaches ...
Continue Reading

Warning: QuickBooks Phishing Campaign Targets Taxpayers

Cybercriminals are capitalizing on tax season by launching phishing campaigns targeting QuickBooks users, Malwarebytes reports.
Continue Reading

Europe's Energy Sector at Risk: The Critical Need for Cybersecurity

Reliable energy is the backbone of any modern society. It powers our homes, industries, and economies. But what happens when this essential infrastructure becomes a target for ...
Continue Reading

Beware the Tax Trap: Seasonal Urgency Drives a Spike in Tax-Related Phishing Scams

Cybercriminals are quick to exploit seasonal events — and tax season is no exception. It’s a yearly honeypot for cybercriminals, who take advantage of heightened stress, tight deadlines, ...
Continue Reading

Securing Employee Identities: Expert Tips for Identity Management Day 2025

With this week being Identity Management Day on April 8th, it's the perfect reminder for organizations to focus on protecting their employees' digital identities.
Continue Reading

Russian Threat Actor Launches Spear-Phishing Campaign Against Ukrainians

The Russian threat actor Gamaredon is targeting Ukrainians with spear-phishing documents related to troop movements, according to researchers at Cisco Talos.
Continue Reading

The Real Deal: How Cybercriminals Exploit Legitimate Domains

When it comes to secure email gateways (SEGs), the narrative is quite simple. For years, organizations have relied on SEGs as the foundation of their email security.
Continue Reading

Upgraded Phishing-as-a-Service Platform Drives a Wave of Smishing Attacks

A phishing-as-a-service (PhaaS) platform dubbed ‘Lucid’ is driving a surge in SMS phishing (smishing) attacks, according to researchers at Prodaft.
Continue Reading

Online Gaming Platform Steam Tops List of Most Imitated Brands For the First Time

Steam was the most impersonated brand in phishing attacks during the first quarter of 2025, according to a new report from Guardio. The researchers note that the gaming platform’s surge ...
Continue Reading

Phishing Attacks Lead to Theft in the Shipping Industry

Phishing attacks are driving a surge in “double brokering” scams in the shipping industry, according to Christian Reilly, Cloudflare’s Field CTO for EMEA.
Continue Reading

[Heads Up] QR Code Phishing is Getting More Stealthy Fast

Attackers are using new tactics in QR code phishing (quishing) attacks, according to researchers at Palo Alto Networks’ Unit 42.
Continue Reading

Most Phishing Emails Rely Purely on Social Engineering

99% of phishing emails that reached inboxes last year did not contain malware, according to a new report from Fortra.
Continue Reading

Report: Phishing Remains the Most Prevalent Cyber Threat

INKY has published its annual report on email security, finding that phishing accounted for 30% of all reported cybercrimes last year.
Continue Reading

Amount of Money Requested In BEC Attacks Nearly Doubled in Q4 2024

The average amount of money requested in business email compromise (BEC) attacks spiked to $128,980 in the fourth quarter of 2024, according to the Anti-Phishing Working Group’s (APWG’s) ...
Continue Reading

The Human Element: Addressing Cybersecurity Risk in Danish and Swedish Organizations

We recently conducted research in Denmark and Sweden to understand security culture in local organizations better.
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews