Security Awareness Training Blog

Phishing Blog

Learn about current phishing techniques, notable campaigns and attacks, what to watch out for 'in the wild', and more.

[On-Demand Webinar] Phishing Attack Landscape and Benchmarking

The most persistent security challenge you face today is bad guys social engineering your users. Phishing campaigns continue to be hacker’s No.1 preferred attack vector to get your ...
Continue Reading

SNAFU Some AV Tools Cause BSODs And Boot Failures After Meltdown Patches

Microsoft's patch to protect Windows computers from the Meltdown / Spectre "hardware bug" revealed the rootkit-like nature of many antivirus tools. Some AV products are incompatible with ...
Continue Reading

One surprising statistic explains why phishing will remain the most common cyberattack for the next few years

Phishing will remain the primary email attack vector through 2020. A new report from Comodo Security Threat Lab's VP, Fatih Orhan, brings up an interesting statistic from Friedrich ...
Continue Reading

Report: Most Government Agencies Vulnerable To Phishing

Nearly half of federal agency email domains have adopted policies to collect data on unauthorized emails, a move mandated by the Department of Homeland Security in October, according to a ...
Continue Reading

Nearly 250,000 user logins are being hacked every week and become phishing targets

A research team from Google collaborated with the cybersecurity experts from the University of California, Berkeley to scrutinize the activities of these online miscreants. After about 1 ...
Continue Reading

Roll back time when users click on a bad link with our new free tool, Second Chance!

Wouldn't it be great if your users had a way to "roll back time" when they forgot to think before they click on a bad link? Now they can! We are excited to announce Second Chance, a ...
Continue Reading

86% of security pros worry about a phishing future where criminals are using Artificial Intelligence

A new survey by Webroot shows that 86% of security professionals worry that AI and ML (machine learning) technology could be used against them. And they are right, because it will and ...
Continue Reading

W-2 Phishing Scams Likely to Resurface After the New Year

W-2 phishing season is just a few weeks away. For the past several tax seasons, cyber criminals have used sophisticated social engineering tactics to dupe hundreds of payroll and HR ...
Continue Reading

Trojan Phishing Attacks By North Korean Hackers Are Attempting To Steal Bitcoin

Researchers at Secureworks report Trojan malware is being distributed in phishing emails using the lure of a fake job ad. A prolific cyber criminal gang with links to North Korea is ...
Continue Reading

Basic training in avoiding phishing is no longer sufficient

Databreaches.net has forums and one of their posts really got our attention. It was an official notification from the legal department of Boise Cascade Company in Utah about a phishing ...
Continue Reading

Phishing Schemes Are Using Encrypted Sites To Seem Legit

WIRED wrote: "A MASSIVE EFFORT to encrypt web traffic over the last few years has made green padlocks and "https" addresses increasingly common; more than half the web now uses internet ...
Continue Reading

Mailsploit Bypasses DMARC And Lets Attackers Send Spoofed Phishing Emails on Over 33 Email Clients

Our friends at Bleepingcomputer reported on something that should cause anyone concern. German security researcher Sabri Haddouche has discovered a set of vulnerabilities that he ...
Continue Reading

Scam Of The Week: Phishers Target PayPal Users With Fake “Failed Transaction” Emails

Scammers are pushing out fake PayPal emails that use the premise of an unverified transaction to phish for customers’ personal and financial information. With the end-of-the-year holidays ...
Continue Reading

Phishing campaigns and malware infections are both up more than 40% since Q2 ‘17

The NTT Security Global Threat Intelligence Center (GTIC) 2017 Q3 Threat Intelligence Report provides a glimpse inside the research conducted by NTT Security researchers over the last ...
Continue Reading

Yahoo Hacker Arrested And Admits Working for The Russians

The Kazakhstan-born Canadian citizen Karim Baratov (22) has pleaded guilty to massive 2014 Yahoo hack that affected three billion accounts. He admitted that he generally spearphished his ...
Continue Reading

Baffling FBI silence about Russian phishing attacks on US officials

WASHINGTON – The Associated Press revealed a baffling FBI silence about spear phishing attacks by Russian hackers on US officials like the former head of cybersecurity for the U.S. Air ...
Continue Reading

Massive Phishing Attack On Businesses with Evil New Ransomware Strain

The Scarab ransomware strain is updated again and spreads via Necurs botnet in a massive 12.5 million campaign, mostly targeting .com domains. Scarab was spotted June 2017 for the first ...
Continue Reading

Uber Total Loss: 57 Million Records Stolen But Data Breach Was Hidden For A Year

Oh boy. Uber is known for pushing the limits of the law and has dozens of lawsuits pending against it, but this one went too far and now comes the reckoning. Bloomberg was first to report ...
Continue Reading

[ALERT] Zombie Remote Access Phishing Trojan Kills Antivirus

Almost two years ago we took note of two different write-ups on the Adwind (aka AlienSpy) remote access trojan (RAT), one by McAfee and the other by Fidelis Security. Those pieces caught ...
Continue Reading

[VIDEO] New Smart Groups Put Your Phishing, Training And Reporting On Autopilot.

Automate the path your employees take to smarter security decisions. With the powerful new Smart Groups feature, you can use each employees’ behavior and user attributes to tailor ...
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews