Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

Security Awareness Training Blog

Phishing Blog

Learn about current phishing techniques, notable campaigns and attacks, what to watch out for 'in the wild', and more.

View Topics

Yes, that email is really from LinkedIn. And, yes, it's really malicious.

Nov 4, 2016 7:29:23 AM By Stu Sjouwerman
By Eric Howes, KnowBe4 Principal Lab Researcher. Several months ago we blogged about a startling discovery by threat researchers at Proofpoint: the bad guys had figured out a way to turn ...
Continue Reading

How Podesta got hacked: HelpDesk said 'Password' phishing email was real

Oct 29, 2016 10:09:40 AM By Stu Sjouwerman
John Podesta, Chairman of the 2016 Hillary Clinton presidential campaign was a victim of social engineering and rushed advice from his IT helpdesk. It's a comedy of errors. The helpdesk ...
Continue Reading

A Slick Phish with a Hidden Surprise

Oct 20, 2016 4:44:22 PM By Stu Sjouwerman
By Eric Howes, KnowBe4 Principal Lab Researcher. Yesterday one of our customers was hit with a highly targeted phishing attack -- one of the slicker attacks we've seen in a while. Once we ...
Continue Reading

Brazen: Phishing Attacks The Bad Guys Send When No One's Looking

Sep 28, 2016 4:21:56 PM By Stu Sjouwerman
When we talk with folks outside the security industry about what we see from the bad guys on a daily basis, we often get the response, "Wow! That's really sneaky." And it's true. The bad ...
Continue Reading

These 500 Million Hacked Yahoo Accounts Are A Phishing Paradise. Warn Your Users!

Sep 23, 2016 7:55:54 AM By Stu Sjouwerman
It's all over the press. Here is a quote from Reuters: "Yahoo Inc said on Thursday information associated with at least 500 million user accounts was stolen from its network in 2014 by ...
Continue Reading

Scam Of The Week: Apple Store Phishing Attack Goes For Whole Enchilada

Sep 21, 2016 4:49:55 PM By Stu Sjouwerman
Phishing attacks using false Apple Store email messages, fake landing pages and sometimes fake login pages are still a very popular attack vector. They still make it through all the ...
Continue Reading

Bad Guy FAIL! or, When a Simple Credentials Phish Goes Horribly Wrong

Sep 21, 2016 1:49:22 PM By Stu Sjouwerman
By Eric Howes, KnowBe4 Principal Lab Researcher. Anyone who works a job in the computer security industry inevitably develops a kind of dark appreciation for the mad skills so often ...
Continue Reading

Reported Phishes of the Week

Sep 20, 2016 3:58:20 PM By Stu Sjouwerman
KnowBe4's Templates Mistress Katie has been busy again adding a new batch of phishing templates to the collection of "System Templates" available to active subscribers.
Continue Reading

Targeted Lawsuit Phishing Attack With Sophisticated Payload

Sep 13, 2016 4:11:55 PM By Stu Sjouwerman
We are seeing a big phishing wave with a social engineering attack that threatens with a personalized lawsuit using the domain name of the targeted victim. This is an interesting payload ...
Continue Reading

"But, But, But... I Didn't Click!" False Positives In Phishing Tests

Sep 10, 2016 9:55:51 AM By Stu Sjouwerman
The following question was posted in the SANS Securing The Human forum. I thought it was a very good point and asked our VP Product Greg Kras for his perspective. First the question:
Continue Reading

Funny Phishing Story: Your Online Order Receipt

Sep 10, 2016 9:21:34 AM By Stu Sjouwerman
A customer sent us this: Hi, I wanted to share with you a funny story…. My boss calls me into her office, very serious like. She sits me down and asks “Did you use the company credit card ...
Continue Reading

Coming Soon to an Inbox Near You: A New Type Of Tech Support Scam

Sep 9, 2016 7:29:48 AM By Stu Sjouwerman
By Eric Howes, KnowBe4 Principal Lab Researcher. Yesterday we spotted an unusual phishing email that we'd like to share with readers. If nothing else, it tells us that the increased ...
Continue Reading

Phishing Attack With Malicious Word Doc Changes Proxy Settings

Sep 6, 2016 3:20:31 PM By Stu Sjouwerman
Microsoft recently came across a threat that uses social engineering but delivers a different payload than the usual Office document with macros. Its primary purpose is to change a user’s ...
Continue Reading

Criminal Phishing-as-a-Service Platform Steals Credentials

Sep 1, 2016 5:15:25 PM By Stu Sjouwerman
Want someone's credentials? Just social engineer them. Phishing is still responsible for 91% of data breaches and has been for the last few years. A Russian cyber mafia has created a ...
Continue Reading

CrowdStrike: "Russian Hackers Attack DC Think Tanks With Phishing Emails"

Aug 31, 2016 8:13:02 AM By Stu Sjouwerman
The Wall Street Journal reported this morning that "A Russian hacking group linked to a series of computer intrusions at the Democratic National Committee and other organizations is now ...
Continue Reading

The Ultimate Pop-up Phishing Warning Message

Aug 15, 2016 4:54:20 PM By Stu Sjouwerman
'Just weeks after she started preparing opposition research files on Donald Trump’s campaign chairman Paul Manafort last spring, Democratic National Committee consultant Alexandra Chalupa ...
Continue Reading

Yes, that email is really from Paypal. And, yes, it's really malicious.

Aug 1, 2016 7:36:36 PM By Stu Sjouwerman
Score another one for the bad guys, who have yet again demonstrated their seemingly inexhaustible ability to concoct new methods to exploit legitimate services in order to bypass existing ...
Continue Reading

First Half 2016 Top 10 Phone Scams Revealed

Jul 31, 2016 9:48:22 AM By Stu Sjouwerman
You may not have heard of Atlanta-based Pindrop Labs. They have developed an innovative way to detect fraudulent phone calls called a "phone print", and their solutions reduce fraud ...
Continue Reading

New KnowBe4 Phishing Templates: A Summary 7/30/2016

Jul 30, 2016 11:26:31 AM By Stu Sjouwerman
Over the past few weeks our Phishing Templates Mistress Katie and her team have added 17 new templates for use by customers in their simulated phishing campaigns.
Continue Reading

Scam Of The Week: FBI Warns Against Data Breach Extortion

Jul 11, 2016 7:58:40 AM By Stu Sjouwerman
The number of data breaches keeps going up. Last week it was more than 1,000 Wendy's where credit card records got ripped off. Fraudsters quickly use the news release of a high-profile ...
Continue Reading
Subscribe

Search Our Blog


Comprehensive Anti-Phishing Guide

Subscribe To Our Blog

Posts By Topic

View all

Get the latest about social engineering

Subscribe to CyberheistNews