Security Awareness Training Blog

Phishing Blog

Learn about current phishing techniques, notable campaigns and attacks, what to watch out for 'in the wild', and more.

Millions of Consumer/Customer E-mail Addresses Stolen; Phishing Surely to Follow

Epsilon is one of the world's largest customer outreach e-mail companies, and generates legitimate traffic on behalf of a number of very large companies (see Table 1 below). Epsilon ...
Continue Reading

Cybercrime: Ventura County, CA Credit Card Tax Payment System Hacked

Ventura County, California, is a small small county (population: 802,983 according to 2009 numbers from the US Census Bureau) north of the greater Los Angeles area. According to a March ...
Continue Reading

Rustock Botnet Cybercrime Takedown, Thanks to MS-Led Multi-Party Effort

The infamous Rustock botnet, estimated by some parties to be responsible for between 30 and 50 percent of all the spam in the world—up to 30 BILLION items per day—has been taken down. ...
Continue Reading

Symantec's Latest 'State of Spam & Phishing' Report

Report #51 from Symantec, the "State of Spam & Phishing" for March 2011 is out. From the phishing side, the news is grim but not unexpected. Phishing is up 38.56% for the month, ...
Continue Reading

M86 Security Documents Clever New HTML-based Phishing Scam

In the ongoing game of cops-and-robbers that network security so often involves, the cops have recently upped the ante on phishing detection in modern Web browsers. These days browsers ...
Continue Reading

APWG Website Is a Great Anti-Phishing Resource

Continue Reading

Phishing: Malware Infected Web Sites Experience Explosive Growth

Heh! Heh! We're not sure if we were alarmed by the content in this recent CrunchGear blog post, or captivated by the cute "malweb critter" used to give the story a little visual interest ...
Continue Reading

Cybercrime: Beware of Fake IRS "Instant Return" or "Direct Deposit" Scams

This is a a good news/bad news blog. The good news is that because April 15 falls on a Friday this year, the filing deadline has been extended until April 18. The bad news is with tax ...
Continue Reading

DNS Cyberheist Hijack Prompts Credit Card Credential and Other Compromises

An interesting tidbit has emerged from the eCrime Trends Report for Q4-2010 from online security firm Internet Identity (aka IID). Over the Christmas holidays, an online payment ...
Continue Reading

SmartPhones Increasingly Targeted for Cybercrime, Spam and Attack

In its most recent Threats Report for Q4 2010 (.PDF), network security company McAfee points out what they call "a steady growth of threats to mobile platforms," with smartphones ...
Continue Reading

Phishing: Further Ruminations on Whaling Attacks

In phishing terms, whaling means applying phishing attacks to "big fish"--namely, corporate executives, public figures, celebrities, and, of course, very wealthy persons. We've been ...
Continue Reading

Cyberheist Snippet 3: Spear-Phishing Definition

As we mentioned in Cyberheist Snippet 1 and Cyberheist Snippet 2, we're working on a book here at KnowBe4.com, and it features Cyberheist as the first word in its title. Here's a third ...
Continue Reading

Cyberheist: The Real Bite in Company Suits Against Banks for Negligence

As we've mentioned repeatedly in this blog, the FDIC does not insure SMBs against losses to fraudulent account access the same way that it covers individual bank accounts. This has left ...
Continue Reading

Phishing's "Golden Hour"

We stumbled across a fascinating story on the Trusteer Web site recently ( Trusteer is an Internet security firm whose principal products focus on fraud detection and prevention for the ...
Continue Reading

Beware Cross-Channel Cybercrime Threats!

Shoot! Anybody with a smidgen of Web security history under his or her belt winces as soon as the word "cross" comes up as a modifier, thanks to the legions of exploits based on ...
Continue Reading

Preventing Cyberheist, A New Internet Creed: 'Think Before You Click!'

Here at KnowBe4 we focus on Internet Security Awareness, and provide a battery of information, services, and training to help raise awareness of potential threats and loss that uninformed ...
Continue Reading

Internet Security Awareness Training: Getting Social With KnowBe4

If you want to keep up with the latest news and information about Internet Security, then you can not only follow KnowBe4 right here on our blog, but you can also check us out on our ...
Continue Reading

Symantec Covers Top Social Networking Cyberheist Scams, Including Phishing

The Norton/Symantec “Your Security Resource” newsletter recently featured a story entitled “ Top 5 Social Media Scams” that’s worth a read-through. It talks about the kinds of scams and ...
Continue Reading

Anatomy of a Blantant Phishing Message

In earlier blogs about Phishing (especially Phishing Primer Part 1 and Part 2) we described phishing as an artful attempt to get readers to click links in e-mail, thereby opening ...
Continue Reading

Fabulous Anti-Phishing/Cybercrime News Resource

[caption id="attachment_130" align="aligncenter" width="488" caption="The banner at YourMoneyIsNotSafeInTheBank.org says it all!"] [/caption] The name of the site that provides the ...
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews