KnowBe4

Security Awareness Training Blog

Phishing Blog

Learn about current phishing techniques, notable campaigns and attacks, what to watch out for 'in the wild', and more.

Iran indictments show even U.S. intelligence officials are vulnerable to basic phishing schemes

As the story broke about the charges against former U.S. Air Force intelligence specialist who defected to Iran and support targeted hacking against some of her former colleagues, one ...
Continue Reading

Cyberheist On Bank Causes Shutdown Of All Operations

Reuters reported that the Bank of Valetta, which accounts for almost half of Malta’s banking transactions, had to shut down all of its operations on Wednesday after hackers broke into its ...
Continue Reading

You Have A Special Valentine's Day Message!

 
Continue Reading

New Phishing Attack Uses Google Translate to Spoof Login Page and Fool Victims

A clever use of Google Translate fools victims into believing spoofed authentication requests are being handled by Google itself.
Continue Reading

Scammers Still Exploit Hijacked GoDaddy Domains

Criminals are still using hijacked GoDaddy domains to launch large-scale spam campaigns, despite GoDaddy taking steps last month to address the authentication flaw exploited by the ...
Continue Reading

Social Engineering Comes to Wikipedia

Attackers are selectively editing Wikipedia articles to lend credibility to tech support scams, according to Rob VandenBrink at the SANS Internet Storm Center. The Wikipedia page for the ...
Continue Reading

Organizations Routinely Phish Their Own Employees to Test Their Systems for Human Vulnerability

As compliance mandates and consumer privacy laws get tougher, businesses are taking matters into their own hands, launching internal phishing attacks to identify at-risk users. 
Continue Reading

Here is the Phish-prone percentage that a customer sent us today

"We’ve had great success with the KnowBe4 solution.  I think the key differentiator for KnowBe4 is the integration of the simulated phishing and analytics in conjunction with the ...
Continue Reading

Today I was attacked through an existing vendor using a real email thread

We have been dealing with a vendor of ours for on-hold messages for many years. I send them a Word file with the hold messages, their studio records them, and they send us a wave file ...
Continue Reading

Sextortion Phishing Scam Exploits Recent Breach Fears

Sextortion scam emails are circulating which claim that a popular adult site has been hacked, allowing an attacker to record videos of users through their webcams, according to Lawrence ...
Continue Reading

Voicemail Phishing Email Scams are Targeting User Passwords

A devilishly ingenious scam plays on your user’s familiarity with business voicemail, seeking to compromise online credentials without raising concerns.
Continue Reading

This password-stealing phishing attack comes disguised as a fake meeting request from the boss

Danny Palmer at ZDNet reported: "A widespread phishing campaign is targeting executives across a number of industries with messages asking to reschedule a board meeting in an effort to ...
Continue Reading

[New Phishing Template] See The Big Game SnoozeFest Highlights In 5 Minutes

Here is a template that you can use to test your users and see if they will click on a Big Game related phishing attack. There are bad guys out there trying several scams to entice ...
Continue Reading

[Brilliant New Social Engineering Phish] "Please Docusign: Funding For Your Business"

A friend was sent this email and he forwarded it to me. It's a brilliant new social engineering phishing scam. It will sail through all your spam / malware filters and email protection ...
Continue Reading

Scam Of The Week: CEO Fraud bad guys are now bribing your users

Today saw the arrival of yet another interesting variant of the gift card phishing campaigns that have grown into a deluge over the past few months (see below). Today's email demonstrates ...
Continue Reading

DNS Hijacking Almost Always Starts With A Successful Spear Phishing Attack

On Jan. 22, 2019, the Cybersecurity and Infrastructure Security Agency (CISA), which is a part of the U.S. Department of Homeland Security (DHS), issued Emergency Directive 19-01. The ...
Continue Reading

Report: Phishing Attacks in 2018 Resulted in Massive Jumps in Credential Compromise and Loss of Data

The latest State of the Phish report from Proofpoint highlights the effectiveness of phishing, making it the threat vector to focus on as you begin 2019.
Continue Reading

Experts Warn to Expect More Targeted and Effective Ransomware and Phishing Attacks in 2019

While attack types do not appear to be changing in the coming year, experts see cybercriminals getting better at their craft, making it easier to separate you from your money and ...
Continue Reading

Social Oversharing, Online Quizzes, and Prizes are the Makings of a New Form of Phishing

Phishing is moving beyond the Inbox to your online experience in an effort to collect personal details and share out the attack on social networks, according to a new report from Akamai ...
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews