Security Awareness Training Blog

Phishing Blog

Learn about current phishing techniques, notable campaigns and attacks, what to watch out for 'in the wild', and more.

81% of Organizations Cite Phishing as the Top Security Risk

Organizations are finally dialing in on where they need to focus their cybersecurity strategies, starting with phishing. But the top four cited security risks all have one element in ...
Continue Reading

Generative AI Used to Launch Phishing Attacks

Criminal threat actors are increasingly utilizing generative AI tools like ChatGPT to launch social engineering attacks, according to researchers at Check Point.
Continue Reading

New Phishing-As-A-Service Kit with Ability to Bypass MFA Targets Microsoft 365 Accounts

A phishing-as-a-service platform called “Greatness” is facilitating phishing attacks against Microsoft 365 accounts, according to researchers at Sucuri.
Continue Reading

Microsoft Teams: The New Phishing Battlefront - How Attackers Are Exploiting Trusted Platforms

Attackers are abusing Microsoft Teams to send phishing messages, according to researchers at AT&T Cybersecurity.
Continue Reading

[Live Demo] Ridiculously Easy Security Awareness Training and Phishing

Old-school awareness training does not hack it anymore. Your email filters have an average 7-10% failure rate; you need a strong human firewall as your last line of defense.
Continue Reading

Open Redirects Used to Disguise Phishing Links

Phishing attacks are increasingly using open redirects to evade detection by security filters, according to researchers at Trustwave.
Continue Reading

Scammers Use Airdrops to Lure Users With Phony NFTs

Researchers at Check Point warn that scammers are using airdrops to distribute phony non-fungible tokens (NFTs) that direct users to malicious sites.
Continue Reading

Bravo Host Andy Cohen Scammed Out of a “Sizable” Amount of Money by Fraudsters Posing as the Bank

Bravo host Andy Cohen tells how he became the victim of an impersonation scam that gave scammers access to control his bank account.
Continue Reading

New Evasive Phishing Technique “Legacy URL Reputation Evasion" (LURE)

Researchers at Menlo Security observed a 198% increase in browser-based phishing attacks over the past six months.
Continue Reading

Social Engineering Attacks Rising in the Trucking Industry

Spear phishing and voice phishing (vishing) are on the rise in the trucking industry, according to a new report from the National Motor Freight Traffic Association (NMFTA).
Continue Reading

Facebook Phishing Scams Target Concerned Friends and Family

BleepingComputer describes a phishing scam that’s been running rampant on Facebook for the past several months, in which threat actors use hacked accounts to post links to phony articles ...
Continue Reading

Russian State-Sponsored Threat Actor Targets High Profile Individuals in Phishing Campaign

The Russian state-sponsored threat actor “COLDRIVER” is launching phishing campaigns against “high profile individuals in NGOs, former intelligence and military officers, and NATO ...
Continue Reading

Facebook Work-From-Home “Job” Posting Scam Goes the Extra Mile to Trick Victims

A new job posting scam found by IT security company Qualysys is focused on capturing victim’s identity details, accessing victim’s Facebook accounts, and committing fraud. In this new ...
Continue Reading

More Than Half of Data Breaches in the U.K.’s Legal Sector are Due to Insider Error

A new analysis of data breaches in the United Kingdom's legal sector shows that organizations need to be looking inward more and look for ways to elevate the security awareness of ...
Continue Reading

Ninety-Four Percent of Organizations Sustained Phishing Attacks Last Year

A survey by Egress has found that 94% of organizations were hit by phishing attacks in 2023, Infosecurity Magazine reports. Additionally, 91% of firms experienced data loss and ...
Continue Reading

Malicious APKs Drain Bank Accounts

A phishing campaign is targeting Chinese users in an attempt to distribute malicious apps, according to researchers at Palo Alto Networks’s Unit 42.
Continue Reading

Cryptocurrency Drainer Distributed Through Phishing

Mandiant has published a report on “CLINKSINK,” a cryptocurrency Drainer-as-a-Service (DaaS) that’s targeting users of the Solana currency.
Continue Reading

LinkedIn is Being Used for *Dating* – It’s a Recipe for Disaster

A new article explains how business professionals are beginning to be not-so-professional and seeking to make personal connections. It’s only a matter of time before cybercriminals jump ...
Continue Reading

Analysis of Phishing Emails Shows High Likelihood They Were Written By AI

It’s no longer theoretical; phishing attacks and email scams are leveraging AI-generated content based on testing with anti-AI content solutions.
Continue Reading

Women CyberSecurity Society Targeted by Smishing Campaign

The Canada-based Women CyberSecurity Society (WCS2) has warned that its leadership, members, and volunteers are being targeted by an SMS phishing (smishing) campaign, IT World Canada ...
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews