Security Awareness Training Blog

Phishing Blog

Learn about current phishing techniques, notable campaigns and attacks, what to watch out for 'in the wild', and more.

The Number of New Pieces of Malware Per Minute Has Quadrupled in Just One Year

The threat of novel malware is growing exponentially, making it more difficult for security solutions to identify attachments and links to files as being malware.
Continue Reading

A Simple 'Payment is Underway' Phishing Email Downloads RATs from AWS, GitHub

Analysis of a new initial access malware attack shows how simple these attacks can be while also proving that malware can reside on legitimate repositories.
Continue Reading

New Phishing-as-a-Service Kit Attempts to Bypass MFA

A Phishing-as-a-Service (PhaaS) platform called “Tycoon 2FA” has surged in popularity over the past several months, according to researchers at Sekoia. The phishing kit is notable for its ...
Continue Reading

The Average Malicious Website Exists for Less Than 10 Minutes

A new Chrome update brings to light Google findings about malicious websites that have serious implications on detecting malicious links, spoofed brands and the use of legitimate web ...
Continue Reading

There Is Only So Much Lipstick You Can Put on a Cybercriminal Troll

The one thing I love about our annual conference in Orlando, KB4-CON, is its thought-provoking nature. Year after year, the events team manages to keep a fine balance between product ...
Continue Reading

FBI: Losses Due to Cybercrime Jump to $12.5 Billion as Phishing Continues to Dominate

The FBI’s Internet Crime Complaint Center (IC3) newly-released Internet Crimes Report provides an unbiased big picture of the cyber crimes that were the most used and most successful.
Continue Reading

Social Engineering The #1 Root Cause Behind Most Cyber Crimes In FBI Report

The following paragraphs were cited directly from my recent article highlighting social engineering. "Social engineering and phishing are involved in 70% to 90% of all successful ...
Continue Reading

Ransomware Group “RA World” Changes Its’ Name and Begins Targeting Countries Around the Globe

The threat group "RA World" (formerly RA Group) has shifted from country-specific ransomware attacks to include specific industries via a new - not previously seen - method of extortion.
Continue Reading

[Heads-Up] Phishing Campaign Delivers VCURMS RAT

Researchers at Fortinet are tracking a phishing campaign that’s distributing a new version of the VCURMS remote access Trojan (RAT).
Continue Reading

Phishing Tops 2023’s Most Common Cyber Attack Initial Access Method

New analysis shows that the combination of phishing, email, remote access, and compromised accounts are the focus for most threat actors.
Continue Reading

State-Sponsored Russian Phishing Campaigns Target a Variety of Industries

Researchers at IBM X-Force are monitoring several ongoing phishing campaigns by the Russian state-sponsored threat actor ITG05 (also known as “APT28” or “Fancy Bear”). APT28 has been tied ...
Continue Reading

Phishing-as-a-Service Platforms LabHost and Frappo Help Threat Actors Target Canadian Banks

Analysis of attacks on banking institutions in Canada can be almost perfectly tied to the use and availability of phishing-as-a-service platforms, indicating increased use by threat ...
Continue Reading

CISA: Healthcare Organizations Should Be Wary of Increased Ransomware Attacks by ALPHV Blackcat

A joint cybersecurity advisory published last week discusses ransomware attack impacts on healthcare, along with ALPHV’s attack techniques, indicators of compromise (IoCs) and proper ...
Continue Reading

If Social Engineering Accounts for up to 90% of Attacks, Why Is It Ignored?

Social engineering and phishing are involved in 70% to 90% of all successful cybersecurity attacks. No other initial root hacking cause comes close.
Continue Reading

Sophos: Over 75% of Cyber Incidents Target Small Businesses

New analysis of incident data shows threat actors are evolving their attack techniques to take advantage of budget and resource-strapped small businesses.
Continue Reading

Organizations Are Vulnerable to Image-based and QR Code Phishing

A majority of organizations have a false sense of security regarding their resistance to phishing attacks, according to a new report from researchers at IRONSCALES and Osterman Research.
Continue Reading

Despite Feeling Prepared for Image-Based Attacks, Most Organizations Have Been Compromised by Them

With QR-code phishing attacks on the rise, new data sheds light on just how unprepared organizations actually are in stopping and detecting these device-shifting attacks.
Continue Reading

New Research: BEC Attacks Rose 246% in 2023

Business email compromise (BEC) attacks surged by 246% last year, according to researchers at ReliaQuest.The researchers believe the increase is due to widely available phishing kits that ...
Continue Reading

Compromised Credentials Postings on the Dark Web Increase 20% in Just One Year

Data trends show a clear upward momentum of posts from initial access brokers on the dark web, putting the spotlight on what may become cybersecurity’s greatest challenge.
Continue Reading

AI-Driven Voice Cloning Tech Used in Vishing Campaigns

Scammers are using AI technology to assist in voice phishing (vishing) campaigns, the Better Business Bureau (BBB) warns. Generative AI tools can now be used to create convincing ...
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews