Security Awareness Training Blog

Phishing Blog

Learn about current phishing techniques, notable campaigns and attacks, what to watch out for 'in the wild', and more.

Iranian Phishing Campaigns Are Running Rampant

Researchers at Google’s Threat Analysis Group (TAG) are tracking phishing campaigns by the Iranian threat actor APT35 (also known as Charming Kitten). The attackers used compromised ...
Continue Reading

A Novel Form of Homographic Attack

A phishing campaign is using mathematical symbols to impersonate Verizon’s logo, according to researchers at Verizon. The emails use either a red square root symbol or a logical NOR ...
Continue Reading

U.K. Residents Experience a 116% Increase in Nuisance Calls, Texts, and Emails in 2021

New data from the U.K.’s Information Commissioner’s Office (ICO) shows a massive rise in the first six months of this year – and the belief that cyberattacks are to blame.
Continue Reading

NIST on Phishing Awareness

People need to be conscious of the fact that anyone can fall for social engineering tactics, according to Shaneé Dawkins at NIST, the US National Institute of Standards and Technology. ...
Continue Reading

Man Spends Thousands and is Exposed for Typosquatting with Cryptocurrency

A man in Brazil spent more than $200,000 on typosquatting domains between November 2020 and February 2021, the Washington Post reports. Typosquatting is a phishing technique in which ...
Continue Reading

IBM: ”Phishing Is A Popular Cybercrime Attack Vector”

Researchers at IBM describe how criminals use phishing kits to launch widespread phishing campaigns with minimal effort. Phishing kits are software products that automate the process of ...
Continue Reading

Phishing: Low- Middle- and High-Level

Phishing attacks have varying levels of technical sophistication, according to Mark Nicholls from Redscan. In an article published by ITProPortal, Nicholls explains that the lowest level ...
Continue Reading

New James Bond Movie is Cybercriminals Shiniest Phishbait

Cybercriminals are using the new James Bond movie, No Time to Die, as phishbait, the National reports. Researchers at Kaspersky warn that malicious ads and phishing sites are claiming, ...
Continue Reading

Hackers rob thousands of Coinbase customers using phishing attacks and an MFA flaw

Bleepingcomputer was first to report: "Crypto exchange Coinbase disclosed that a threat actor stole cryptocurrency from 6,000 customers after using a vulnerability to bypass the company's ...
Continue Reading

Phishing Attacks Maintain “New Normal” Elevated Levels into the Middle of 2021

New data from the Anti-Phishing Working Group (AWPG) shows the Q2 of 2021 showed similar phishing activity to that of Q1, indicating no slowdown in attacks.
Continue Reading

Phishing Campaign Impersonates Zix Messages

Researchers at Armorblox have spotted a credential phishing campaign that’s impersonating encrypted communications from Zix. The emails contain a link to download an HTML attachment.
Continue Reading

Phishing Kits and Phishing-as-a-Service Responsible for Over 300,000 URLs Used in Phishing Attacks

Lowering the barrier to market even more, this new Phishing as a Service (PhaaS) spotted by Microsoft puts quality phishing templates and sites into the hands of any would-be cyber ...
Continue Reading

Someone's Impersonating the California DMV in Texts

The California DMV has warned of an ongoing smishing campaign seeking customers’ personal and financial information, Pasadena Now reports.
Continue Reading

New Tactic: Shortened LinkedIn URLs Are Now Used As Phish Hooks

Scammers are using shortened LinkedIn URLs to disguise phishing links, according to Jeremy Fuchs at Avanan. LinkedIn automatically shortens links that are longer than 26 characters. The ...
Continue Reading

Travel-Related Phishing Scams and Websites Surge More Than 400%

Pent-up demand for traveling – both domestically and internationally – has driven an interest by cybercriminals to take advantage of those traveling to become phishing victims.
Continue Reading

$1 Trillion Infrastructure Bill is the Catalyst for DOT-Impersonated Phishing Attacks Targeting Contractors

Offering targeted victim organizations an opportunity to bid on infrastructure projects, this scam seeks to harvest credentials using a new mix of tactics to evade detection.
Continue Reading

Recent Cryptocurrency Scam Posed as “The Elon Musk Mutual Aid Fund”

A phishing campaign is pushing cryptocurrency scams posing as the “Elon Musk Mutual Aid Fund,” according to BleepingComputer. The emails have odd subject lines and content, but contain an ...
Continue Reading

New Phishing Attack on Microsoft 365 Users Leverages Open Redirects to Avoid Detection

The use of open redirects from legitimate domains makes phishing emails that much more believable and credible, obfuscating the dangerous nature of these attacks.
Continue Reading

That's Not the US Department of Transportation, It's a Phishing Attack

A phishing campaign is impersonating the US Department of Transportation (USDOT), according to Roger Kay at INKY. The campaign is targeting infrastructure contractors who are eager to bid ...
Continue Reading

Social Media as Artillery Preparation for Spear Phishing

Researchers at ESTsecurity warn that a North Korean threat actor known as “Kumsong 121” is using compromised social media accounts to launch spear phishing attacks, the Daily NK reports. ...
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews