Security Awareness Training Blog

Phishing Blog

Learn about current phishing techniques, notable campaigns and attacks, what to watch out for 'in the wild', and more.

MetaMask Crypto Wallet Phishing

A phishing campaign is attempting to steal credentials for MetaMask cryptocurrency wallets, according to Lauryn Cash at Armorblox.
Continue Reading

Amazon Prime Day 2022 is Coming: Here are Quick Cybersecurity Tips to Help You Stay Safe

Amazon Prime Days this year are July 12 - 13th 2022. As a result, cybercriminals are taking every step to capitalize on the holiday with new phishing attacks. I have been getting asked ...
Continue Reading

Pre-Hijacking of Online Accounts are the Latest Method for Attackers to Impersonate and Target

Rather than run a complex credential harvesting phishing scam, attackers use existing information about their victim and hijack a popular web service account *before* it’s created.
Continue Reading

Phishing Scammers Leverage Telegraph’s Loose Governance to Host Crypto and Credential Scams

The free and unmonitored webpage publishing platform has been identified as being used in phishing scams dating back as early as mid-2019, as a key part to bypass security solutions.
Continue Reading

Spear Phishing Campaign Targets the US Military

Researchers at Zscaler warn that a spear phishing campaign is targeting the US military and other sectors with phishing emails that purport to be voicemail notifications. The emails ...
Continue Reading

Smishing Text Scams Have Doubled in the Last Three Years

New data shows a rise in the use of text messages as an effective vehicle to connect with potential victims for social engineering scams as Americans increase their preference of the ...
Continue Reading

New PDF-Based Phishing Attack Demonstrates that Office Docs Aren’t Passé – They are Just Obfuscated!

Security researchers have discovered a cunning PDF-based phishing attack that leverages social engineering and PDF prompt specifics to trick users into opening malicious Office docs.
Continue Reading

142 Million Customer Records From MGM Resorts Leaked for Free Download

The availability of such a massive number of records at no cost to any cybercriminal interested is a recipe for countless phishing campaigns using the data itself as a means of ...
Continue Reading

New Phishing Campaign Uses ChatBot Functionality to Build Trust and Steal Credit Card Details

Rather than go for the phishing jugular and point the victim immediately to a webpage to steal credentials or personal details, a new phishing campaign uses a chatbot to lower victim ...
Continue Reading

Monkeypox Scams Continue to Increase

Attackers are taking advantage of the current news about monkeypox to trick people into clicking on malicious links, Pickr reports. Researchers at Mimecast have spotted a phishing ...
Continue Reading

Facebook Phishing Scam Steals Millions of Credentials

Researchers at PIXM have uncovered a major Facebook Messenger phishing scam that’s “potentially impacted hundreds of millions of Facebook users.” More than eight million people have ...
Continue Reading

40% of CSOs say Their Organization is Not Prepared for Cyberattacks as Phishing is the Top Likely Cause of Breaches

A new survey of executives sheds light on how well organizations fared with cyberattacks in the last 12 month as well as what attack vectors are going to increase future breaches.
Continue Reading

Old Dog, New Trick: Hackers Use Logons in URLs to Bypass Email Scanners

A new phishing method uses a decades-old special URL format to take advantage of how security solutions and email clients interpret URLs, tricking victims into clicking.
Continue Reading

Phishing Attacks Reach an All-Time High, More Than Tripling Attacks in Early 2022

Reaching more than 1 million attacks in a single quarter for the first time, new data on phishing attacks in Q1 of 2022 show an emphasis on impersonation and credential theft.
Continue Reading

FTC Warns that Scammers are Turning to Cryptocurrencies

The US Federal Trade Commission (FTC) has warned that people have reported losing over $1 billion in crypto to scams since the beginning of 2021. The vast majority of these losses were ...
Continue Reading

[Live Demo] Ridiculously Easy Security Awareness Training and Phishing

Old-school awareness training does not hack it anymore. Your email filters have an average 7-10% failure rate; you need a strong human firewall as your last line of defense.
Continue Reading

Homographic Domain Name Phishing Tactics

Bitdefender warns that Microsoft Office applications are vulnerable to phishing tactics that exploit international domain names (IDNs). Affected applications include Outlook, Word, Excel, ...
Continue Reading

Why We Recommend Your Passwords Be Over 20-Characters Long

KnowBe4 just released its official guidance and recommendations regarding password policy. It has been a project in the works for many months now, but we wanted to make sure we got it ...
Continue Reading

Smishing and Home Delivery

A smishing campaign is impersonating the UK-based delivery company Evri with text messages informing recipients that their package couldn’t be delivered, according to Paul Ducklin at ...
Continue Reading

SideWinder Targets Pakistani Entities With Phishing Attacks

The India-aligned APT SideWinder is using a variety of social engineering techniques to target Pakistani government and military entities, according to researchers at Group-IB. The threat ...
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews