Security Awareness Training Blog

Phishing Blog

Learn about current phishing techniques, notable campaigns and attacks, what to watch out for 'in the wild', and more.

New U.K. Vishing Scam Offers Significant Phone Plan Discounts in Exchange for your Phone Provider's One-Time Security Code

Scammers targeting customers of mobile carrier O2 are enticing victim engagement by offering discounts on their mobile plan as much as 40%.
Continue Reading

DHL is Now the Most Spoofed Brand in Phishing

International shipping company DHL was the most impersonated brand in phishing attacks during the fourth quarter of 2022, researchers at Check Point have found.
Continue Reading

Google Docs Comment Feature is the Key to a New Wave of Phishing Campaigns

Hackers take advantage of legitimate comment functionality as a way to look legitimate, reach the Inbox, and avoid detection, despite using malicious links for phishing attacks.
Continue Reading

KnowBe4's Top-Clicked Phishing Email Results for Q4 2021 Compare the U.S. and EMEA [INFOGRAPHIC]

KnowBe4's latest quarterly report on top-clicked phishing email subjects is here. We analyze the top categories, general subjects (in both the United States and Europe, Middle East and ...
Continue Reading

“Information Disorder”: Giving a Name to One of the Most Impactful Parts of Phishing Scams

At the core of every phishing scam is a combination of a bunch of lies and (sometimes) a few truths. A new focus on better defining the misuse of information provides insight into why ...
Continue Reading

Over 1200 Man-in-the-Middle Phishing Toolkits Designed to Intercept 2FA Found in the Wild

An academic partnership between Stony Brook University and Palo Alto Networks uncovered a massive use of tools that will steal authentication cookies mid-stream instead of credentials.
Continue Reading

Reducing Stress with CBD Is the Latest Theming for Phishing Attacks

Spanning three languages and at least 15,000 unique phishing emails, this latest phishing campaign targets stressed out workers in the U.S. and France, avoiding detection and promising to ...
Continue Reading

Copyright Infringement Notice to Instagram Users Serves as Newest Phishbait

Scammers are sending phony accusations of copyright infringement to Instagram users in a new phishing attack, Paul Ducklin writes at Naked Security. The scammers are taking advantage of ...
Continue Reading

Omicron-Themed Phishing Campaign is Running Rampant

A mean-spirited phishing campaign is mocking victims after infecting their devices with Dridex malware, according to Lawrence Abrams at BleepingComputer.
Continue Reading

Organizations Worldwide Experience Over 722 Million Attacks in the Last 30 Days!

Analysis of data collected by Internet and security services vendor Akamai shows an unimaginable number of cyberattacks, demonstrating how frequently these attacks are happening.
Continue Reading

5 Notable Obscure Phishing Scams

I love that KnowBe4’s customers are among the most knowledgeable and educated people in the world in avoiding phishing scams. KnowBe4’s products help its customers to educate and test ...
Continue Reading

Google Takes a Step Towards Reducing the Use of Calendar Invitations as Phishing Tools

Doing their part, Google adds new functionality that defaults to automatically adding Google-based calendar invites to a victim’s calendar to lower the malicious value of an invite.
Continue Reading

[Eye Opener] New Phishing Research Shows 37% of Sites Had More Than a Day Downtime

More than half (55%) of phishing attacks target IT departments, according to research commissioned by OpenText. Additionally, nearly half of survey respondents said they had fallen for a ...
Continue Reading

New Nigerian Phishing Scams Target U.S. Military Families with Needed “Services”

With loved ones potentially a half a world away, scammers prey on families with scams that offer to assist with communication, care packages, leave, and more.
Continue Reading

Office 365 “Spam Notification” Phishing Emails Seek to Capture Credentials

A new campaign spotted in the wild uses a tried-and-true method of convincing victims to provide their Office 365 logon credentials to be used in future attacks.
Continue Reading

One-Third of Phishing Pages Are Inactive After Just One Day

We’ve always known phishing scammers work very quickly, moving from campaign to campaign, but new data indicates some scammers are moving on in terms of literally hours.
Continue Reading

Canadian Government Urges Organizations to Take Additional Steps to Protect Against Ransomware Attacks

Citing upticks in attacks, Canada’s Centre for Cyber Security asks organizations to step up protective measures, offering guidance and a playbook to improve security.
Continue Reading

Having an Efficient Security Awareness Training Program

I love that KnowBe4’s customers are among the most knowledgeable and educated people in the world in avoiding phishing scams. KnowBe4’s products help its customers to educate and test ...
Continue Reading

With KnowBe4’s Phish Alert Button, You Can Now Collect Feedback from Your Users When They Report Suspicious Emails

We are excited to announce the availability of KnowBe4’s enhanced Phish Alert Button for Microsoft 365 with the new User Comments feature! 
Continue Reading

Phishing Campaign Impersonates Pfizer

A phishing campaign is impersonating Pfizer with phony request-for-quotation (RFQ) emails, according to Roger Kay at INKY. The email lures had fairly convincing PDF attachments that ...
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews