Security Awareness Training Blog

Phishing Blog

Learn about current phishing techniques, notable campaigns and attacks, what to watch out for 'in the wild', and more.

Targeted Lawsuit Phishing Attack With Sophisticated Payload

We are seeing a big phishing wave with a social engineering attack that threatens with a personalized lawsuit using the domain name of the targeted victim. This is an interesting payload ...
Continue Reading

"But, But, But... I Didn't Click!" False Positives In Phishing Tests

The following question was posted in the SANS Securing The Human forum. I thought it was a very good point and asked our VP Product Greg Kras for his perspective. First the question:
Continue Reading

Funny Phishing Story: Your Online Order Receipt

A customer sent us this: Hi, I wanted to share with you a funny story…. My boss calls me into her office, very serious like. She sits me down and asks “Did you use the company credit card ...
Continue Reading

Coming Soon to an Inbox Near You: A New Type Of Tech Support Scam

By Eric Howes, KnowBe4 Principal Lab Researcher. Yesterday we spotted an unusual phishing email that we'd like to share with readers. If nothing else, it tells us that the increased ...
Continue Reading

Phishing Attack With Malicious Word Doc Changes Proxy Settings

Microsoft recently came across a threat that uses social engineering but delivers a different payload than the usual Office document with macros. Its primary purpose is to change a user’s ...
Continue Reading

Criminal Phishing-as-a-Service Platform Steals Credentials

Want someone's credentials? Just social engineer them. Phishing is still responsible for 91% of data breaches and has been for the last few years. A Russian cyber mafia has created a ...
Continue Reading

CrowdStrike: "Russian Hackers Attack DC Think Tanks With Phishing Emails"

The Wall Street Journal reported this morning that "A Russian hacking group linked to a series of computer intrusions at the Democratic National Committee and other organizations is now ...
Continue Reading

The Ultimate Pop-up Phishing Warning Message

'Just weeks after she started preparing opposition research files on Donald Trump’s campaign chairman Paul Manafort last spring, Democratic National Committee consultant Alexandra Chalupa ...
Continue Reading

Yes, that email is really from Paypal. And, yes, it's really malicious.

Score another one for the bad guys, who have yet again demonstrated their seemingly inexhaustible ability to concoct new methods to exploit legitimate services in order to bypass existing ...
Continue Reading

First Half 2016 Top 10 Phone Scams Revealed

You may not have heard of Atlanta-based Pindrop Labs. They have developed an innovative way to detect fraudulent phone calls called a "phone print", and their solutions reduce fraud ...
Continue Reading

New KnowBe4 Phishing Templates: A Summary 7/30/2016

Over the past few weeks our Phishing Templates Mistress Katie and her team have added 17 new templates for use by customers in their simulated phishing campaigns.
Continue Reading

Scam Of The Week: FBI Warns Against Data Breach Extortion

The number of data breaches keeps going up. Last week it was more than 1,000 Wendy's where credit card records got ripped off. Fraudsters quickly use the news release of a high-profile ...
Continue Reading

IT pros: Half Of Our CEOs Fall Victim To Phishing Scams

Executive boards need better cyber security training, given half of C-level execs fall victim to phishing attacks, according to research conducted by security firm AlienVault. The ...
Continue Reading

Scam Of The Week: Orlando Nightclub Phishing Attacks

Just when you think they cannot sink any lower, criminal internet scum is now exploiting the tragedy in Orlando. Unfortunately, from this spot I have been warning about these lowlifes ...
Continue Reading

New Type of Spear Phishing Directly Targeted at IT Pros

A member of the SpiceWorks IT forums reported he had received a new type of hybrid attack: first a phone call to his desk, followed up with a phishing email laced with malware, promoting ...
Continue Reading

Scam Of The Week: Nasty Two-factor Auth Text Hack

We all know that two-factor authentication (2FA) is much better than just simple user/password credentials. However, there is a nasty spoofing trick that bypasses 2FA if the user does not ...
Continue Reading

[INFOGRAPHIC] Don't Be The Victim Of A Cyberheist

We have created a new infographic for your users, as part of your ongoing security awareness training program. It's a few good reminders how to stay safe online, and to keep their ...
Continue Reading

Phishing Attacks Ramp Into 2016 With Major Increase

In its most recent Phishing Trends Report, the APWG noted a 250% increase in phishing sites between October 2015 and March 2016 — and the 2016 increase shows the never ending criminal ...
Continue Reading

The Nightmare of Exploits Past. How Phishing Attacks Use Old Vulnerabilities

By Eric Howes, KnowBe4's Principal Lab Researcher Remember .PIF files? If you're like us, the extension probably rings a bell somewhere deep in the dustiest recesses of your mind -- the ...
Continue Reading

[ALERT] Fraudsters Steal Tax, Salary Data From ADP. Are Employees At Risk?

It turns out that HR giant ADP, which provides payroll, tax and benefits administration for more than 640,000 companies, was vulnerable to an ID theft scam. The criminal hackers made off ...
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews