Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

Security Awareness Training Blog

Phishing Blog

Learn about current phishing techniques, notable campaigns and attacks, what to watch out for 'in the wild', and more.

View Topics

Out of 29 Billion Cybersecurity Events, Phishing was the Primary Method of Initial Attack

Nov 20, 2024 2:22:11 PM By Stu Sjouwerman
The newly released single largest analysis of cyber attacks across all of 2023 show a strong tie between the use of phishing and techniques designed to gain credentialed access.
Continue Reading

Beware of Fake Tech Support Scams

Nov 20, 2024 2:22:06 PM By Roger Grimes
About five years ago, I was having trouble with an expensive brand-name refrigerator that my wife and I had bought. It was a great refrigerator feature-wise. My wife and I initially loved ...
Continue Reading

Dark Side of Deals: Emerging Scams for Black Friday, Cyber Monday and Giving Tuesday

Nov 20, 2024 10:41:06 AM By Javvad Malik
As the holiday shopping season kicks into high gear, cybercriminals are gearing up too. This year, alongside the usual suspects, we're seeing some crafty new scams, so let’s take a look ...
Continue Reading

Threat Actors are Sending Malicious QR Codes Via Snail Mail

Nov 20, 2024 10:40:54 AM By Stu Sjouwerman
The Swiss National Cyber Security Centre (NCSC) has warned of a QR code phishing (quishing) campaign that’s targeting people in Switzerland via physical letters sent through the mail, ...
Continue Reading

Purina’s Champions Program Is the Best I Have Seen

Nov 19, 2024 9:02:42 AM By Roger Grimes
In my most recent book, Fighting Phishing: Everything You Can Do to Fight Social Engineering and Phishing, I highlight the use of “champions," which are co-workers in your organization ...
Continue Reading

Phishing Attacks Exploit Microsoft Visio Files and SharePoint

Nov 15, 2024 10:06:32 AM By Stu Sjouwerman
Threat actors are exploiting Microsoft Visio files and SharePoint to launch two-step phishing attacks, according to researchers at Perception Point.
Continue Reading

Half of all Ransomware Attacks This Year Targeted Small Businesses

Nov 15, 2024 10:05:57 AM By Stu Sjouwerman
New data shows just how crippling ransomware has been on small businesses that have fallen victim to an attack and needed to pay the ransom.
Continue Reading

Fortifying Defenses Against AI-Powered OSINT Cyber Attacks

Nov 13, 2024 3:08:55 PM By James McQuiggan
In the ever-evolving landscape of cybersecurity, the convergence of Artificial Intelligence (AI) and Open-Source Intelligence (OSINT) has created new opportunities for risk.
Continue Reading

Criminal Threat Actor Uses Stolen Invoices to Distribute Malware

Nov 13, 2024 3:08:32 PM By Stu Sjouwerman
Researchers at IBM X-Force are tracking a phishing campaign by the criminal threat actor “Hive0145” that’s using stolen invoice notifications to trick users into installing malware.
Continue Reading

Nation-State Threat Actors Rely on Social Engineering First

Nov 12, 2024 3:38:33 PM By Stu Sjouwerman
A new report from ESET has found that most nation-state threat actors rely on spear phishing as a primary initial access technique.
Continue Reading

Criminals Use Search Engine Poisoning to Boost Phishing Pages

Nov 11, 2024 4:46:36 PM By Stu Sjouwerman
Researchers at Malwarebytes warn that cybercriminals are using search engine poisoning to boost phishing pages to the top of Bing’s search results.
Continue Reading

Phishing Campaign Impersonates OpenAI To Collect Financial Data

Nov 7, 2024 2:31:28 PM By Stu Sjouwerman
Cybercriminals are impersonating OpenAI in a widespread phishing campaign designed to trick users into handing over financial information. The emails inform users that a payment for their ...
Continue Reading

The Deceptive Media Era: Moving Beyond "Real vs. Fake"

Nov 7, 2024 8:09:52 AM By Perry Carpenter
As society grapples with the rapid advancement of AI and synthetic media, we've been asking the wrong question. The focus on whether content is "real or fake" misses the more crucial ...
Continue Reading

Attackers Abuse DocuSign to Send Phony Invoices

Nov 7, 2024 8:09:49 AM By Stu Sjouwerman
Threat actors are abusing DocuSign’s API to send phony invoices that appear “strikingly authentic,” according to researchers at Wallarm.
Continue Reading

BlackBasta Ransomware Gang Uses New Social Engineering Tactics To Target Corporate Networks

Nov 5, 2024 2:13:18 PM By Stu Sjouwerman
ReliaQuest warns that the BlackBasta ransomware gang is using new social engineering tactics to obtain initial access within corporate networks.
Continue Reading

Attackers Abuse Eventbrite to Send Phishing Emails

Nov 5, 2024 2:13:13 PM By Stu Sjouwerman
Attackers are abusing Eventbrite’s scheduling platform to send phishing emails, according to researchers at Perception Point. These attacks increased by 900% between July and October 2024.
Continue Reading

Celebrating 5 Million Learners: The Evolution of KnowBe4's Compliance Plus

Nov 4, 2024 1:37:56 PM By John Just
When you think of KnowBe4, you might immediately picture phishing simulations, password security modules, or other security awareness training topics.
Continue Reading

Phishing Alert: Cybercriminals Impersonating KnowBe4 Training Emails

Nov 1, 2024 2:34:32 PM By Stu Sjouwerman
In the ever-evolving landscape of cybersecurity threats, we've recently encountered a sophisticated phishing attempt targeting one of our valued KnowBe4 customers. This incident serves as ...
Continue Reading

Threat Actors Abuse LinkedIn to Target Job Seekers

Nov 1, 2024 9:59:39 AM By Stu Sjouwerman
Threat actors are targeting people who have recently lost their jobs with employment scams on LinkedIn, according to researchers at Malwarebytes.
Continue Reading

QR Code Phishing is Growing More Sophisticated

Oct 30, 2024 1:31:53 PM By Stu Sjouwerman
Sophos describes a QR code phishing (quishing) campaign that targeted its own employees in an attempt to steal information.
Continue Reading
Subscribe

Search Our Blog


Comprehensive Anti-Phishing Guide

Subscribe To Our Blog

Posts By Topic

View all

Get the latest about social engineering

Subscribe to CyberheistNews