KnowBe4

Security Awareness Training Blog

Phishing Blog

Learn about current phishing techniques, notable campaigns and attacks, what to watch out for 'in the wild', and more.

EY UK: "We've seen a huge proliferation of very successful phishing attacks"

Bethan Moorcraft at InsuranceBusiness Mag UK wrote an excellent article about the current state of cyber insurance in Europe. Here is an extract with the link to the full article at the ...
Continue Reading

It Only Takes 1 Phish: Wichita State University Employees Get Fooled Into Losing Their Paychecks

Three employees of the university fell prey to a common scam asking for their credentials, giving cybercriminals access to change banking details.
Continue Reading

Your Boss NEEDS To Read This WSJ Article About Our Power Grid And How The Russians Hacked It With Phishing

In a Jan 10, 2019 article, the Wall Street Journal reconstructed the worst known hack into the USA's power grid revealing attacks on hundreds of small contractors.
Continue Reading

Email Security Gap Analysis: Survey Finds Phishing Is The No. 1 Attack That Worries IT Pros Most

There are a few companies that frequently report on so-called "email security gap analysis" numbers: Mimecast, Proofpoint and Cyren. They are all IT security companies that have email ...
Continue Reading

The Government may be shut down, but the bad guys are not

By Eric Howes, KnowBe4 Principal Lab Researcher.  Once again we are starting tax season, and malicious actors are spinning up phishing campaigns to exploit the myriad opportunities ...
Continue Reading

It Only Takes 1 Phish: “Unremarkable” Phishing Attack Results in a Breach in the European Union’s Diplomatic Communications Network

A three-year-long cyber-attack led to the successful breach of the all communications between all EU member states, putting countries and their futures at risk.
Continue Reading

Phishing Kit Uses Custom Font Files to Decode Text

Researchers at Proofpoint discovered a phishing template that uses a unique method for encoding text using web fonts. The researchers found that the source code of the landing page ...
Continue Reading

Air Force Targets Their Own Staff with a “Threat Emulation” to Understand Their Cyber Awareness and Readiness

The U.S. Air Force’s Cyber division used spear-phishing tactics to test whether airmen can proficiently recognize and avoid email-based attacks.
Continue Reading

New Clickbait Warning: "Captain America Star Hayley Atwell Nude Photos Hacked"

And another one... will these stars ever learn? We suggest you send a simulated phishing attack to inoculate your users. There is a new template available in our Controversial/NSFW ...
Continue Reading

The IRS Warns of a 60% Increase in Phishing Attacks Targeting Tax Professionals

As part of National Tax Security Awareness Week this month, the IRS notes a surge in phishing scams aimed at stealing money or tax-related data.
Continue Reading

Gartner's Neil Wynne: "Email Phishing is a Growing Threat"

Email phishing is a top threat to organizations because it works so well, according to Neil Wynne, principal and analyst for secure business enablement at Gartner. Wynne told Stephanie ...
Continue Reading

93% of Phishing Sites Leverage Encryption to Establish Credibility and Improve Attack Success

The site safety and credibility represented by the green padlock in your browser is being taken advantage of by cybercriminals looking to lull users into a false sense of security.
Continue Reading

APWG: Phishing Remains a Constant and Effective Means of Attack

The latest report from the Anti-Phishing Working Group (APWG) highlights the prevalence of phishing and how it’s changing to remain an effective attack method.
Continue Reading

How Wellcome Trust Executives Got Whaled By Oldest Trick In The Phishing Playbook

Forbes contributor Davey Winder wrote an excellent comment: "It hasn't been the greatest week for the non-profit sector with the revelation that two well-known charities have fallen ...
Continue Reading

[NEW] LIVE DEMO: Identify & Respond to Email Threats Faster with PhishER

We are excited to announce the release of PhishER™, a new product that’s a huge time-saver for your Incident Response team. Because phishing remains the most widely used cyber attack ...
Continue Reading

Organizations Managing Critical Infrastructure Face a New Global Phishing Attack

According to McAfee’s Advanced Threat Research team and McAfee Labs Malware Operations Group, a new global campaign is underway, targeting key industries, potentially for espionage ...
Continue Reading

Mimecast: "Your Filters Are Missing 12 Percent Of The Unwanted Emails"

Mimecast said: "Is a false negative rate of 12% a large number or a small one? I suppose it depends on your perspective. If your email security system lets in 12 unwanted emails—whether ...
Continue Reading

CrowdStrike: Compelling Stories From The Cyber Intrusion Casebook 2018

From the Front Lines of Incident Response, the CrowdStrike Services Cyber Intrusion Casebook 2018 offers some compelling stories how threat actors are continuously adopting new means to ...
Continue Reading

New "Secured" Phishing Site Goes Up Every Two Minutes

SC Mag had an exclusive: Threat actors are "playing by the rules", or at least tricking your browser into thinking they are, in order to deliver more effective attacks.
Continue Reading

Cybercriminals Use 1.7 Million Compromised PCs in Botnet Advertising Fraud Scam

The Russian-born, botnet-driven advertising fraud scam, 3ve, generated over $29 million in revenue using fileless malware variant Kovter, botnets, and unsuspecting users.
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews