Security Awareness Training Blog

Phishing Blog

Learn about current phishing techniques, notable campaigns and attacks, what to watch out for 'in the wild', and more.

Scam Of The Week: Phishing Attack Uses GDPR As Bait

Attackers know that companies are sending a lot of emails to customers about GDPR—and that makes them prime opportunity for phishing attacks. With the looming GDPR May 25 deadline almost ...
Continue Reading

Q1 2018 Top Clicked Phishing Email Subjects [INFOGRAPHIC]

This is the second year we've published quarterly results of the most-clicked phishing email subjects across a few categories. We separate the data into subjects related to social media ...
Continue Reading

Chinese Cyber Spies Focus On Spear Phishing... YOU!

Catalin Cimpanu at Bleepingcomputer reported: "Chinese cyber spies are evolving their tactics, focusing on IT staffers, relying more and more on spear phishing instead of malware, and ...
Continue Reading

Cylance: "Phishing and drive-by downloads lead infection methods."

The most common infection vectors are still email phishing and drive-by downloads according to the latest threat report from AI security specialist Cylance. The report provides a ...
Continue Reading

Gone Phishing: Travelers Claims Plan Doesn’t Cover Cyber Losses

Daniel R. Stoller at Bloomberg Law had an excellent observation about the risks of phishing related to general crime policies. Here is a short excerpt and the whole article is warmly ...
Continue Reading

"It can't hurt to open one little attachment, can it?"

Brad Haan sent me this riot cartoon:
Continue Reading

PhishLabs Reports That Credential Phishing Has Shifted To The Enterprise

Why is credentials phishing moving from consumers to the enterprise, just like ransomware has done in the last 2 years? The answer might surprise you. Elliot Volkman at the PhishLabs ...
Continue Reading

Phishing threats still dwarf vulnerabilities and zero-days

Rob Wright at SearchSecurity wrote: "Proofpoint research shows that while phishing attacks now require victims to take more steps, the success rate for such attacks hasn't declined and ...
Continue Reading

Gone Phishing: Employer Faces Liability for Mistakenly Disclosing W-2 Forms to Scammer

Attorneys Zuckerman Spaeder noted on JDSUPRA: "When employers are caught off guard, they can face not only the loss of their own assets, but also liability to their employees. For ...
Continue Reading

Scam Of The Week: World's Largest Phishing Botnet Grows Evasive

The notorious Necurs botnet is one of the oldest and largest spam and phishing delivery systems in existence. It controls millions of machines that the criminal botmasters use to send ...
Continue Reading

Researchers discover next generation phishing kit

Researchers at Check Point and CyberInt, have discovered a new generation of phishing kit that is readily available on the Dark Web. The new kit, compiled and offered by a criminal whose ...
Continue Reading

Mysterious “double kill” Word/IE zero-day allegedly in the wild as phishing attack

“Double kill” is a bragging term from the world of violent video gaming – it means you finished off two assailants with a single shot. In the world of cybercrime, it’s the name given by ...
Continue Reading

[NEW WHITEPAPER] 10 Best Practices for Protecting Against Phishing, Ransomware and Email Fraud

Organizations have been victimized by a wide range of threats and exploits, most notably phishing attacks that have penetrated corporate defenses, targeted email attacks launched from ...
Continue Reading

Ransomware, Phishing, and Pretexting in the Annual Verizon Databreach Report

Did you know, 43% of breaches result from social engineering attacks? What's more, according to a recent Verizon investigation, phishing emails account for 98% of all social engineering ...
Continue Reading

[Heads-Up] Phishing Scam Of The Week: Bad Guys Go Nuclear

So, this one is the next new criminal low. This particular phish spoofs a campus-wide security alert for a community college (confidential information blocked out) in Florida. Given that ...
Continue Reading

Major uptick in mobile phishing URL click rate

In a study of Lookout users, more than half clicked mobile phishing URLs that bypassed existing security controls. Since 2011, Lookout has observed this mobile phishing URL click rate ...
Continue Reading

Phishing Tops IRS List of Tax-Related Scams for 2018

Michael Trimarchi at the Bloomberg Bureau of National Affairs wrote an excellent article about the continued risk of phishing, as reported by the IRS: "The stealing of personal ...
Continue Reading

Scam Of The Week: Fiendishly Clever Gmail Phishing Scam You Need To Know About

Twitter user @_thp shared a recent phishing scam that they received; and it’s so fiendishly clever that it’s gone viral. They wrote: "This is the most clever phishing scam I've ever ...
Continue Reading

SAM.Gov Hackers Were Handed Spear Phishing, Spoofing & Credential Theft On A Gold Platter

Cybercrooks who stole federal payments by hacking contractor accounts on a GSA website used sophisticated spear phishing techniques to steal login credentials and then diverted payments ...
Continue Reading

SAM.gov hackers used spear phishing, email spoofing and credential theft

Cybercrooks who stole federal payments by hacking contractor accounts on a GSA website used sophisticated spear phishing techniques to steal login credentials and then diverted payments ...
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews