Security Awareness Training Blog

Phishing Blog

Learn about current phishing techniques, notable campaigns and attacks, what to watch out for 'in the wild', and more.

Cyberattacks Targeting State and Local Government Increase by 50%

State, local, tribal, and territorial government agencies and municipalities are under attack. Observations and data from security vendor BlueVoyant highlight the attacks and the results.
Continue Reading

Tribune Publishing apologizes for fake bonus offer in phishing-simulation email

Yesterday at the end of the day, I was called by our PR team who got alerted by tech support about a Twitter post that was going viral. Turns out a custom phishing test created by one of ...
Continue Reading

Abusing App Engine to Automate Phishing

Attackers can abuse a feature in Google App Engine to generate unlimited phishing URLs, BleepingComputer reports. Security researcher Marcel Afrahim found that App Engine URLs that ...
Continue Reading

Credential Stuffing to Stuff the Ballot Box

Advanced nation-state actors and petty criminals are both leveraging credential-stuffing attacks to hack into victims’ accounts, according to Byron Acohido, writing for Avast. Rather than ...
Continue Reading

Bitcoin Millionaire Loses $16 Million to a Compromised Wallet and Simple Social Engineering

This brief tale of misfortune shows how unpatched software and letting your guard down – especially when $16 million is on the line – can be all that’s needed for a successful scam.
Continue Reading

Beware of Fake Forwarded Phishes

There are many specific, heightened challenges of spear phishing emails coming from compromised, trusted third parties. Trusted third-party phishing emails usually come from the ...
Continue Reading

When Phishing And Disinformation Meet

The Insider reported that QAnon is co-opting a USPS phishing scam, and claim the Vishing text messages are linked to human trafficking. "A viral [text] phishing scheme is targeting people ...
Continue Reading

How to Become a Harder Target From Malicious Threat Actors

The US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has issued an advisory regarding threat actors associated with China’s Ministry of State ...
Continue Reading

[NEW PhishER Feature] Remove, Inoculate, and Protect Against Email Threats Faster With PhishRIP

Your users are likely already reporting potentially dangerous emails in some fashion within your organization. The increase of this email traffic can present a new problem!
Continue Reading

High-Profile Caper Spawns Phishing Campaign

A phishing campaign is using the recent Twitter hack as phishbait, HackRead reports. In mid-July, hackers used social engineering against Twitter employees to gain access to more than a ...
Continue Reading

Funds Transfer Fraud Has Increased 35% Since the Onset of COVID-19

With reported losses from thousands of dollars to well over $1 million, funds transfer fraud represents 27% of cyber insurance claims in 2020.
Continue Reading

Business Email Compromise attacks increase 67% Leading to Fraud, Ransomware, and Data Breaches

Involved in 60% of cybersecurity insurance claims, Business Email Compromise (BEC) is growing in interest by cybercriminals as the initial malicious action as part of a larger attack.
Continue Reading

CISA’s Advice on Countering Phishing

The US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has published an advisory on best practices to thwart email-based phishing attacks. The ...
Continue Reading

They're Back: Bad Guys Spoof KnowBe4 Again

Earlier this week customers using the Phish Alert Button (PAB) began reporting yet another round of spoofed KnowBe4 security awareness training emails.  The emails reported are fairly ...
Continue Reading

Email and SMS Phishing Campaign Impersonates Lloyds Bank

A convincing phishing campaign is targeting customers of Lloyds Bank, Infosecurity Magazine reports. Law practice Griffin Law warns that more than 100 people have reported receiving ...
Continue Reading

Legitimate Services, but still Hook, Line, and Sinker

A malware distribution campaign is abusing organizations’ contact forms to send malicious emails designed to catch the attention of companies’ customer support personnel. The attackers ...
Continue Reading

The New Version of Qbot Trojan Steals Damn Near Everything, Hijacks Email Threads to Spread Infection

Originally seen all the way back in 2008, this banking trojan is continuously being developed. Its latest iteration is downright nasty and has already infected 5% of all organizations ...
Continue Reading

Users Are Still Falling for Phishing Attacks. Want to Know Why?

With phishing and spear phishing so prevalent as the primary initial attack vector for malware, ransomware, and data breach attacks, why aren’t users getting wise.
Continue Reading

[Heads Up] My Name Is Being Used In Criminal Identity Theft Attacks At The Moment

There is an old Dutch expression: "High trees catch a lot of wind". Well. once you get in the public eye there is definitely the effect you become a bigger target of identity theft. In ...
Continue Reading

New Phishing Attack Uses a Compromised Vendor Account and Box to Elude Detection

Using legitimate email accounts is a great way for phishing emails to avoid being identified. Hosting malicious files on Box is another. Put them together and this attack reaches your ...
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews