Security Awareness Training Blog

Phishing Blog

Learn about current phishing techniques, notable campaigns and attacks, what to watch out for 'in the wild', and more.

Phishing Attacks Go Mobile as Cybercriminals Leverage Push Notifications

Taking advantage of the inherent trust in mobile content, the bad guys are using a mixture of phishing text messages and look-alike sites to trick users into giving up credentials.
Continue Reading

[Heads-up] The U.S. Launched A Cyber Attack On Iran, And We're Expecting Spear Phishing Strike Backs

The tension in the Middle-East apparently prompted a game-changing move by the U.S. President.  Washington Post sources say exactly 10 years after Stuxnet, the President approved a ...
Continue Reading

UK Forensic Crime Labs Shut Down Due To Ransomware Attack

Every police force across England and Wales has been forced to prioritize evidence for forensic testing following a criminal cyber attack affecting one of the primary forensic service ...
Continue Reading

FBI Alert: Last Week Conflict With Iran Can Cause Spear Phishing Retaliation

This blog post has been superseded by a more recent one.  You can find this new post here.
Continue Reading

Phishing Campaign Impersonates Email Alerts From DHS

An ongoing email-based phishing scam is attempting to fool recipients into opening malicious attachments disguised as notifications from the U.S. Department of Homeland Security (DHS), ...
Continue Reading

Bogus Emails: 3.4 Billion Are Sent Every Day...

Research from Valimail shows that at least 3.4 billion phony emails are sent every day, Help Net Security reports. Despite this staggering number, most organizations still aren’t ...
Continue Reading

How Hackers Emptied Church Coffers with a Phishing Attack and Social Engineering Phone Call

Cyber thieves aren't bound by a code of ethics. They look for weak targets and high rewards, which is exactly what Saint Ambrose Catholic offered.
Continue Reading

Voicemail Phishing Scam Steals Credentials

A new phishing campaign is asking victims to click on a link in an email to download a voicemail, My Online Security reports. When recipients click on the link, they’ll be redirected to a ...
Continue Reading

FBI’s Advice on Spotting Phishing

The FBI’s Internet Crime Complaint Center (IC3) released a PSA warning that attackers are exploiting people’s trust in sites that use HTTPS. Cybersecurity training has in the past rightly ...
Continue Reading

Tax Phishing in the UK

Her Majesty's Revenue and Customs (HMRC) has processed 2.6 million reports of attempted phishing attacks since 2016, Infosecurity Magazine reports. More than 1.9 million of these phishing ...
Continue Reading

Corporate Email Creates Unavoidable Risk

It’s impossible to avoid the risk of phishing attacks entirely, since employees still need to do their jobs, as Kelly Sheridan at Dark Reading puts it. Sheridan points to a recent report ...
Continue Reading

[Heads-Up] How Hackers Use Ransomware To Hide Data Breaches And Other Devastating Attacks

Different sources claim that ransomware attacks are either going up or going down. The very real threat remains though and it is clear that the bad guys are moving from consumers as their ...
Continue Reading

Why Polymorphic Phishing Attacks Are Skyrocketing And How They Make It In Your User's Inbox

IronScales just released data showing that 42% of phishing email attacks are polymorphic, enabling them to evade many security filters. The company has observed 11,733 polymorphic ...
Continue Reading

Microsoft is Still the Most Impersonated Brand in Phishing Attacks

Cybercriminals are constantly looking for the easiest way to make a buck. And, in the case of phishing attacks, it appears that pretending to be Microsoft is the path of least resistance.
Continue Reading

Biometrics Can’t Replace Passwords: A Cybercriminal's Dream

In the quest to create a more secure environment, new ways to authenticate that replace the password are being sought. But it’s looking like passwords are here to stay.
Continue Reading

It only takes three seconds...

“Statistics suggest the average human being falls for a social engineering attack about four times — with training — before they become ‘inoculated’ against that type of attack,” “Helpful ...
Continue Reading

"Delete" Notification as Office 365 Phishbait

Attackers are posing as Office 365 support in phishing emails that warn users about an “unusual volume of file deletion” on their accounts, BleepingComputer has found. The emails claim ...
Continue Reading

Impersonation Phishing Attacks Up 67% in Last 12 Months

Social engineering attacks using impersonation tactics increased by 67% over the past twelve months, according to Mimecast’s annual State of Email Security report. Mimecast surveyed more ...
Continue Reading

Red Flags Warn of Social Engineering

The easiest way to avoid falling for scams and other social engineering attacks is to have an understanding of the tactics employed by attackers, according to Roger A. Grimes, writing in ...
Continue Reading

Phishing Canadian Targets

We have recently blogged about KrebsOnSecurity's story on compromised Canadian business email addresses. Here is some updated background on threats to Canadian organizations.
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews