A Banking Trojan Goes Phishing

May 24, 2018 11:50:22 AM By Stu Sjouwerman

Roaming Mantis has drawn notoriety as a banking Trojan. Its criminal controllers, however, have recently given it some new functionality: phishing and cryptomining. The criminals have ...

Scam Of The Week: GDPR Phishing Attack With Apple Flavor / Royal Wedding

May 19, 2018 2:01:19 PM By Stu Sjouwerman

Social engineering follows seasonal patterns. It's also connected to major events. We see this every year with holiday-themed phishing attacks between Thanksgiving and New Year's Day.

Phishing and pretexting represent 93% of social attack-based breaches

May 16, 2018 7:12:29 AM By Stu Sjouwerman

A good article in Forbes that takes another dive into the new 2018 Verizon Data Breach Investigations Report.

[Heads-up] New Attack Blindsides Microsoft Office 365 Anti-Phishing Filter And Blacklists

May 12, 2018 9:40:23 AM By Stu Sjouwerman

Phishers have found a way of moving the malicious URLs in their emails past Office 365's protections. The security company Avanan says they've observed criminals using a tag in the HTML ...

Police Dept Loses 10 Months of Work to Ransomware. Gets Infected a Second Time!

May 12, 2018 8:44:22 AM By Stu Sjouwerman

Bleepingcomputer reported: "Ransomware has infected the servers of the Riverside Fire and Police department for the second time in a month. The first ransomware infection took place on ...

Does Gmail's New 'Confidential Mode' Make Phishing Easier?

May 11, 2018 4:18:28 PM By Stu Sjouwerman

Gmail's new confidential mode lets its users create "expiration dates" for emails, or require recipients to provide an SMS passcode. (And Google also claims they've removed the option to ...

HMRC warns of new wave of UK phishing scams

May 11, 2018 3:35:58 PM By Stu Sjouwerman

Rosie Murray West at the Financial Times reported: "Taxpayers are being targeted by a new wave of phishing scams linked to the financial calendar, HM Revenue & Customs has warned. ...

The history and derivation of the word phishing...

May 11, 2018 3:29:39 PM By Stu Sjouwerman

The word "phishing" can't be found in Chaucer or Shakespeare. It is a homophone of "fishing". But why "ph" instead of "f"? Many English words of Greek origin transliterate "φ" (phi) as ...

[Heads-up] New Exploit Hacks LinkedIn 2-factor Auth. See This Kevin Mitnick VIDEO

May 8, 2018 6:07:35 AM By Stu Sjouwerman

OK, here is something really scary. KnowBe4's Chief Hacking Officer Kevin Mitnick now and then calls me with some chilling news. This time, Kuba Gretzky, a white hat hacker friend of ...

Scam Of The Week: Phishing Attack Uses GDPR As Bait

May 5, 2018 10:40:16 AM By Stu Sjouwerman

Attackers know that companies are sending a lot of emails to customers about GDPR—and that makes them prime opportunity for phishing attacks. With the looming GDPR May 25 deadline almost ...

Q1 2018 Top Clicked Phishing Email Subjects [INFOGRAPHIC]

May 4, 2018 5:05:27 PM By Stu Sjouwerman

This is the second year we've published quarterly results of the most-clicked phishing email subjects across a few categories. We separate the data into subjects related to social media ...

Chinese Cyber Spies Focus On Spear Phishing... YOU!

May 4, 2018 4:43:32 PM By Stu Sjouwerman

Catalin Cimpanu at Bleepingcomputer reported: "Chinese cyber spies are evolving their tactics, focusing on IT staffers, relying more and more on spear phishing instead of malware, and ...

Cylance: "Phishing and drive-by downloads lead infection methods."

May 2, 2018 10:30:46 AM By Stu Sjouwerman

The most common infection vectors are still email phishing and drive-by downloads according to the latest threat report from AI security specialist Cylance. The report provides a ...

Gone Phishing: Travelers Claims Plan Doesn’t Cover Cyber Losses

May 1, 2018 5:14:19 PM By Stu Sjouwerman

Daniel R. Stoller at Bloomberg Law had an excellent observation about the risks of phishing related to general crime policies. Here is a short excerpt and the whole article is warmly ...

"It can't hurt to open one little attachment, can it?"

May 1, 2018 4:49:48 PM By Stu Sjouwerman

Brad Haan sent me this riot cartoon:

PhishLabs Reports That Credential Phishing Has Shifted To The Enterprise

May 1, 2018 10:23:34 AM By Stu Sjouwerman

Why is credentials phishing moving from consumers to the enterprise, just like ransomware has done in the last 2 years? The answer might surprise you. Elliot Volkman at the PhishLabs ...

Phishing threats still dwarf vulnerabilities and zero-days

Apr 30, 2018 4:13:16 PM By Stu Sjouwerman

Rob Wright at SearchSecurity wrote: "Proofpoint research shows that while phishing attacks now require victims to take more steps, the success rate for such attacks hasn't declined and ...

Gone Phishing: Employer Faces Liability for Mistakenly Disclosing W-2 Forms to Scammer

Apr 30, 2018 7:05:00 AM By Stu Sjouwerman

Attorneys Zuckerman Spaeder noted on JDSUPRA: "When employers are caught off guard, they can face not only the loss of their own assets, but also liability to their employees. For ...

Scam Of The Week: World's Largest Phishing Botnet Grows Evasive

Apr 28, 2018 11:01:06 AM By Stu Sjouwerman

The notorious Necurs botnet is one of the oldest and largest spam and phishing delivery systems in existence. It controls millions of machines that the criminal botmasters use to send ...

Researchers discover next generation phishing kit

Apr 26, 2018 1:22:10 PM By Stu Sjouwerman

Researchers at Check Point and CyberInt, have discovered a new generation of phishing kit that is readily available on the Dark Web. The new kit, compiled and offered by a criminal whose ...

Security Awareness Training Blog

Phishing Blog

View Topics