Security Awareness Training Blog

Phishing Blog

Learn about current phishing techniques, notable campaigns and attacks, what to watch out for 'in the wild', and more.

An Australian Watering Hole (but in Canberra, not the Outback)

The Australian Federal Parliament suffered a malware infection earlier this year after some users fell victim to a watering hole attack, the Australian Broadcasting Corporation (ABC) ...
Continue Reading

Cybercriminal Gang, Silent Starling, Creates New ‘Vendor Email Compromise’ Category

New attacks focus on organizations with global supply chains looking to trick a supplier’s customers into paying fake invoices and have already impacted 500 organizations worldwide.
Continue Reading

Now HERE is an interesting Phishing Campaign!

It's a phishing campaign against phishing campaigns! :-D It's a public service program that educates organizations and societies globally on the greatest cyber risk of all - the falsehood ...
Continue Reading

Ransomware Attack Hits Louisiana State Servers

Louisiana Governor John Bel Edwards on Monday revealed that a ransomware attack hit state servers, prompting a response from the state’s cyber-security team. The incident appears to have ...
Continue Reading

Real Estate Scams Have Gone Global. Bad Guys Caused Tens of Thousands of Dollars Damage Down Under

Scammers hijacked a total of $70,000 by imitating an Australian settlement agent’s email address, and then tricking two property buyers into sending the money to the wrong account, Perth ...
Continue Reading

A Majority of Organizations Experience Breaches Despite a Majority Saying They Are Prepared to Defend Against Them

The mismatch of signals by IT organizations shows a potential overestimation on IT’s part about its ability to prevent and protect against new cyberthreats.
Continue Reading

The Bad Guys Have a New Favorite Online Service to Exploit (And It May Be One You Never Heard Of)

Over the past few years malicious actors have apparently decided that the future of phishing lies in exploiting trusted online services. Your users have undoubtedly seen the upshot of ...
Continue Reading

Don't Leave Your Users At Risk For Holiday Scams. Get Your Free Resource Kit From KnowBe4!

With users focused on holiday activities, cybercriminals take advantage of lowered defenses and holiday distractions to scam users into becoming victims. Phishing emails about shipping ...
Continue Reading

PayPal Becomes the Most Popular Phishbait

Vade Secure has found that PayPal is now the most impersonated brand in phishing attacks, surpassing Microsoft for the first time, Help Net Security reports. Vade detected 16,547 unique ...
Continue Reading

Instagram Copyright Infringement is the Latest Phishing Scam Targeting Social Media

Focused on compromising social media credentials, scammers trick Instagram users into giving up credentials and other personally identifiable information with convincing phishing emails.
Continue Reading

[Heads Up] This New, Unusual Ransomware Strain Goes Exclusively After Servers

Danny Palmer at ZDnet alerted on the following: "An unconventional form of ransomware is being deployed in targeted attacks against enterprise servers – and it appears to have links to ...
Continue Reading

Third Party Phishing: The New Spear-Phishing Attacks That Traditional Defenses Just Don't Stop

Joe in accounting is pretty cyber-savvy. He doesn’t fall for basic phishing emails with masked URLs or phony password reset requests. But what happens when Joe gets an email from a ...
Continue Reading

LIVE DEMO: Identify & Respond to Email Threats Faster with PhishER

Your users are likely already reporting potentially dangerous emails in some fashion within your organization. The increase of this email traffic can present a new problem!
Continue Reading

TrickBot Malware Uses Highly Personalized Fake Sexual Harassment Complaints as Phishing Bait

Fake sexual harassment complaints appearing to come from the U.S. Equal Employment Opportunity Commission (EEOC) are the latest baits used by attackers to disseminate TrickBot banking ...
Continue Reading

Phishing Resistance for Charities

81% of charities say they’ve been targeted by a phishing attack this year, according to Ed Macnair, writing for UK Fundraising. Meanwhile, only 37% of charities think their IT and ...
Continue Reading

Mac users warned that disabling all Office macros doesn’t actually disable all Office macros

Graham Cluley warned: "It’s been almost 25 years since macro malware first reared its head, and it would be nice to think that the defences Microsoft has built into its Office suite in ...
Continue Reading

What if the Santa’s Elves knew better?

By Joanna Huisman, KnowBe4's new SVP Strategic Insights & Research.  It’s that time of the year again when children all over the world take pause to try and figure out which side of ...
Continue Reading

Specially Crafted ZIP Files Used to Bypass Secure Email Gateways

Attackers are always looking for new tricks to distribute malware without them being detected by antivirus scanners and secure email gateways. This was illustrated in a new phishing ...
Continue Reading

The Direct Deposit Phish: Revisiting the Scene of the Crime

By Eric Howes,  KnowBe4 Principal Lab Researcher.  Well over a year ago we reported on the rise of a new form of CEO fraud in which malicious actors persuaded unwitting employees working ...
Continue Reading

Exactly Why Is Replying to Phishing Attacks A Really Bad Idea?

PhishLabs warns that replying to a phishing email, even if you know it’s a scam, can lead to further attacks. Most phishing campaigns are automated and replying to them puts you on a ...
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews