Scam-as-a-Service Classiscam Expands Impersonation in Attacks to Include Over 250 Brands

Sep 20, 2023 4:40:49 PM By Stu Sjouwerman

Now entering its third year in business, the phishing platform, Classicam, represents the highest evolution of an “as a service” cybercrime, aiding more than 1000 attack groups worldwide.

USPS Customers Become the Latest Target of the Chinese Smishing Group Called “Smishing Triad”

Sep 20, 2023 4:40:46 PM By Stu Sjouwerman

A new SMS-based phishing attack uses a smishing kit-as-a-service to impersonate the U.S. Postal Service.

Data Breach Costs Rise, But Cybersecurity Pros Still Take Risks

Sep 20, 2023 8:10:03 AM By Stu Sjouwerman

The latest data from IBM shows that the average cost of a data breach has gone up by 2% to a whopping $4.45 million. You would think that in the cybersecurity industry, people would be ...

Romance Scams That Run Your Crypto Wallet Dry

Sep 19, 2023 9:31:19 AM By Stu Sjouwerman

Scammers are using dating sites to lure victims into phony cryptocurrency investment schemes, according to Sean Gallagher at Sophos.

Mark Cuban’s MetaMask wallet drained nearly $900,000 in suspected phishing attack

Sep 16, 2023 2:46:07 PM By Stu Sjouwerman

Dallas Mavericks owner and well-known investor Mark Cuban reportedly lost nearly $900,000 in a phishing attack targeting his MetaMask cryptocurrency wallet.

New Phishing Attack Uses Social Engineering to Impersonate the National Danish Police

Sep 15, 2023 10:20:56 AM By Stu Sjouwerman

A malwareless and linkless phishing attack uses sextortion and the threat of legal action to get the attention of potential victims and get them to respond.

New Scam Impersonates QuickBooks to Steal Credentials, Extract Money

Sep 15, 2023 10:20:14 AM By Stu Sjouwerman

Establishing urgency through a false need to “upgrade” or lose services, this new attack takes advantage of the widespread use of the popular accounting app to attract victims.

Microsoft (Once Again) Tops the List of Most Impersonated Brands in 2023

Sep 15, 2023 10:19:58 AM By Stu Sjouwerman

Out of the over 350 brands regularly impersonated in phishing attacks, Microsoft continues to stand out because they provide attackers with one unique advantage over other brands.

Board Members' Lack of Security Awareness Puts Businesses at Risk of Cyber Attacks, Finds Savanti Report

Sep 15, 2023 10:19:45 AM By Stu Sjouwerman

A report from cybersecurity consultancy Savanti reveals that board members are facing challenges in understanding cyber risks, and this has important implications for businesses.

Can You Guess Common Phishing Themes in Southeast Asia?

Sep 13, 2023 9:07:52 AM By Stu Sjouwerman

Researchers at Cyfirma outline trends in phishing campaigns around the world, finding that Singapore is disproportionately targeted by phishing attacks.

AP Stylebook Data Breach Compromises Customer Personal Information

Sep 12, 2023 2:32:48 PM By Stu Sjouwerman

The Associated Press (AP) has disclosed a data breach affecting the legacy AP Stylebook website that led to phishing attacks against impacted customers, BleepingComputer reports.

Phishing Scammers are Using Artificial Intelligence To Create Perfect Emails

Sep 12, 2023 8:00:00 AM By Stu Sjouwerman

Phishing attacks have always been detected through broken English, but now generative artificial intelligence (AI) tools are eliminating all those red flags. OpenAI ChatGPT, for instance, ...

Cybercriminals Selling "Golden Tickets" to Phish Microsoft 365... $500,000 in Sales in 10 Months

Sep 12, 2023 7:45:00 AM By Stu Sjouwerman

In the movie, "Willy Wonka and the Chocolate Factory," kids unwrap chocolate bars in hopes of winning a golden ticket, giving the holder an inside tour of the sugar factory. The W3LL ...

Microsoft Teams Phishing Campaign Distributes DarkGate Malware

Sep 11, 2023 8:55:42 AM By Stu Sjouwerman

Researchers at Truesec are tracking a phishing campaign that’s distributing the DarkGate Loader malware via external Microsoft Teams messages.

[dot]US Domain Exploited for Phishing

Sep 8, 2023 8:14:23 AM By Stu Sjouwerman

The Interisle Consulting Group has published a paper looking at the phishing landscape in 2023, KrebsOnSecurity reports. Notably, Interisle found that the .us top-level domain is being ...

New Telekopye Phishing Toolkit Uses Telegram-Based Bots To Turn Novice Scammers into Experts

Sep 8, 2023 8:13:13 AM By Stu Sjouwerman

The Telekopye toolkit allows scammers to create phishing websites, send fraudulent SMS messages and emails, and target popular Russian and non-Russian online marketplaces.

Brand Impersonation Hits a New High with as Many as 73 Lookalike Domains Per Brand

Sep 8, 2023 8:12:44 AM By Stu Sjouwerman

The use of lookalike domains has reached critical mass with not just one counterfeit website, but many.

CISA Says to Exercise Caution For Disaster-Related Malicious Scams

Sep 6, 2023 9:45:36 AM By Stu Sjouwerman

The US Cybersecurity and Infrastructure Security Agency (CISA) has warned that scammers are exploiting the recent hurricanes that have hit the US. Criminals frequently impersonate ...

How Secure Is Your Authentication Method?

Sep 6, 2023 8:53:21 AM By Roger Grimes

I frequently write about authentication, including PKI, multi-factor authentication (MFA), password managers, FIDO, Open Authentication, and biometrics. I have written dozens of articles ...

Nearly One-Quarter of Financial-Themed Spam Emails are Phishing Attacks

Sep 1, 2023 10:23:14 AM By Stu Sjouwerman

While spam tends to be dismissed as being more of an annoyance, new research shows that there is a very real and ever-present threat in emails that are marked as “spam”.

Security Awareness Training Blog

Phishing Blog

View Topics