Security Awareness Training Blog

Phishing Blog

Learn about current phishing techniques, notable campaigns and attacks, what to watch out for 'in the wild', and more.

Cybercriminals Target Execs in Microsoft 365 Credential Attack to Launch Internal BEC Scams

A new phishing attack spotted in the wild by security researchers at Trend Micro demonstrates how compromised data in an initial cyberattack is purposed in subsequent attacks.
Continue Reading

SBA Phishing: Malicious Actors "Return to Roots" in the Hunt for Money

By Eric Howes, KnowBe4 Principal Lab Researcher. The COVID-19 pandemic continues to dominate news headlines as well as the development of malicious email attacks designed to separate ...
Continue Reading

The U.N. counterterrorism chief says a 350% increase in phishing websites was reported in Q1 2020

UNITED NATIONS -- A 350% increase in phishing websites was reported in the first quarter of the year, many targeting hospitals and health care systems and hindering their work responding ...
Continue Reading

Ransomware Payments Increase by a Massive 60% as Email Phishing Rises in Frequency as Primary Attack Vector

The newest ransomware data paints a pretty bleak picture for organizations with “big game” attacks and six- and seven-figure ransom demands becoming the norm.
Continue Reading

Leaked U.S.-UK Trade Documents Show How Devastating Compromised Email Can Be

An ongoing criminal investigation highlights how classified documents stolen by Russian hackers from former U.K. trade minister Liam Fox may have been used to impact the British 2019 ...
Continue Reading

See Ridiculously Easy Security Awareness Training and Phishing

Join us for a live demo on Security Awareness Training and phishing in action!
Continue Reading

Explosion of Zoom Meeting Phishing Attacks Over Spring and Summer of 2020 and Targeting Office365 and Outlook Credentials

Researchers at INKY have observed an “explosion” of Zoom-themed phishing attacks over the Spring and Summer of 2020. Most of the attacks are aimed at stealing credentials to services like ...
Continue Reading

Hacked High-Profile Twitter Accounts Are Used to Promote a Cryptocurrency Scam

Using the theme of partnering with a made up COVID-19 non-profit, the latest hack on twitter allowed some pretty prominent accounts to be used as pawns in a scam that netted $120K.
Continue Reading

New U.K. Phishing Scam uses a £400 Tax Cut as Bait

Pretending to be the U.K. Governments’ Digital Service Team, this latest COVID-related phishing attack seeks to con victims out of their credit card details.
Continue Reading

Netflix Phishing Attack Hides Behind a Functional CAPTCHA Page to Avoid Detection

In an interesting twist, cybercriminals utilize a well-known technology to keep security solutions from identifying a “failed payment” email as being fraudulent.
Continue Reading

Is it a Quiz Scam? Is it Bad? Is it Back With a Vengeance?

The answer to all three questions would seem to be, "yes." Quiz scams have become widespread over the past year, but they’ve gone largely unremarked, researchers at Akamai have found. ...
Continue Reading

Phishing Kits Continue to be Popular With Cybercrime Due to New User-Friendly and Sophisticated Features

Phishing kits continue to grow more user-friendly and sophisticated, according to a new report from ZeroFOX. The report explains that these kits have become a fixed feature in the ...
Continue Reading

[HEADS UP] North Korean Cybercriminals Use Fake Recruitment Emails in Phishing Scam

North Korean hackers have been following that bit of social engineering wisdom to a T. According to researching from McAfee, a months long phishing campaign against aerospace and defense ...
Continue Reading

An Old Dog with Some New Tricks

The Emotet botnet is now including stolen attachments in its phishing emails to increase the appearance of authenticity, BleepingComputer reports. The botnet is well-known for targeting ...
Continue Reading

1 in 3 Employees Rarely or Never Think About Cybersecurity

Eye-opening data around the impact of human error demonstrates how simple user mistakes can compromise your organization’s cybersecurity posture.
Continue Reading

Sawfish Spearphishing Attacks Continue, Prompting Password Resets on GitHub and DeepSource

A new wave of attacks on GitHub users via app developer DeepSource has raised concerns over access to user credentials and development code.
Continue Reading

REvil Criminal Ransomware Syndicate Attacks Spanish State-Owned Railway Operator Again!

As world-wide concern continues to grow over the threat of potential attacks on critical infrastructure, REvil goes after and bites a Railway Operator once again!  The Daly Swig reports ...
Continue Reading

Vanity, Thy URL is Zoom

Zoom has fixed a security flaw that could have allowed attackers to launch hard-to-spot phishing attacks using the platform, according to researchers at Check Point who discovered and ...
Continue Reading

Are Account Takeovers Driving Towards a Passwordless Future?

The bad guys will try to take over accounts all the time. Logging onto someone's account with their credentials is usually a whole lot easier than trying to compromise the website ...
Continue Reading

Voicemail-Themed Phishing Attacks on the Rise

Researchers at Zscaler warn of an increase in voicemail-themed phishing campaigns designed to steal credentials for enterprise applications. The emails purport to be automatically ...
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews