Security Awareness Training Blog

Phishing Blog

Learn about current phishing techniques, notable campaigns and attacks, what to watch out for 'in the wild', and more.

[Heads up]  CISA And NSA Urge “Immediate Action” To Secure National Critical Infrastructure

The Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) have issued a joint advisory warning that foreign hackers are targeting systems that ...
Continue Reading

Don't Overlook Policy When Designing Security

There’s no single defense against phishing and other social engineering attacks, according to Kevin O’Brien, CEO and co-founder of email security company GreatHorn. On the CyberWire’s ...
Continue Reading

Testing 1… 2… 3…

Let’s face it, very few organizations thought they’d still be in workforce limbo as we near the six-month mark of the pandemic. This situation has stretched many organizations to adopt ...
Continue Reading

I Testified Before U.S. Congress About COVID-19 Phishing Scams

Yesterday, July 21, 2020 I testified before U.S. congress about COVID-19 phishing scams. I was invited by the Senate Commerce Committee's subcommittee on manufacturing, trade, and ...
Continue Reading

“Service Desk” Phishes in Enterprise Waters

A phishing campaign is impersonating an IT help desk and abusing legitimate cloud services to fool users, according to Ax Sharma at BleepingComputer. The emails are sent from the ...
Continue Reading

Emotet Returns Using Familiar Phishing Tactics

Emotet, the venerable commodity banking Trojan, is being actively distributed again, according to researchers at Malwarebytes. Emotet’s botnets began sending out phishing emails on July ...
Continue Reading

New “servicedesk.com” Phishing Attack Uses Microsoft, IBM Cloud Services to Add Legitimacy

Focused on stealing victim credentials, this new attack uses a number of tactics to establish credibility, avoid raising red flags, and ensure they get the victim’s real credentials.
Continue Reading

Phishing Attack in Finland Uncovers Sophisticated Smishing Scheme

The Helinski Police Department is investigating a sophisticated smishing scheme in which attackers were able to steal more than 200,000 euros (US$228,736), Yle reports. The scammers sent ...
Continue Reading

Phorpiex Botnet Attacks Spike So High in June, 2% of *All* Organizations Were Hit

The rise in the use of this dangerous botnet, notorious for distributing malware via phishing campaigns and responsible for fueling Sextortion scams, should put organizations on edge.
Continue Reading

Impermissible: Be Suspicious of Permission Requests

Users need to be wary of requests for information or permissions, even if they appear to come from legitimate sources, according to Don MacLennan, Senior Vice President of Engineering and ...
Continue Reading

Like Twitter, MFA Will Not Save You!

I’m sure we are all interested in the latest Twitter hack. As the author of the soon to be released Wiley book called Hacking Multifactor Authentication, I have to laugh at the “experts” ...
Continue Reading

Microsoft Warns of Application-based Phishing

Microsoft has issued an advisory warning about “consent phishing,” or application-based phishing attacks that rely on users granting permissions to malicious apps. These attacks aren’t as ...
Continue Reading

SEC Issues Warning on Increased Ransomware Attacks

The Securities and Exchange Commission, through its Office of Compliance Inspections and Examinations (OCIE), issued a warning to advisors and broker-dealers to “immediately” review their ...
Continue Reading

KnowBe4 Finds Coronavirus-Themed Phishing Spiked in Q2 2020 [INFOGRAPHIC]

The latest results of KnowBe4's quarterly top-clicked phishing email subjects are in. We report on three different categories: social media related subjects, general subjects, and 'in the ...
Continue Reading

Scammers Impersonate Hospital Personnel

Scammers are seeking to obtain personal information by impersonating Canadian hospital staff over the phone, NEWS 1130 reports. Vancouver Coastal Health issued an alert in which the ...
Continue Reading

The Bad News: Only 5% of Your Users Can Effectively Spot a Phishing Attack

A recent phishing quiz promoted to U.K. users to see if they could identify the phish revealed dismal results where nearly all users couldn’t tell the difference 100% of the time.
Continue Reading

DMs Promise Enhanced Pictures, but Deliver Malicious Links

Scammers are sending phishing messages on Instagram telling users to check out some edited versions of their photos, according to John Finn at Screen Rant. Finn explains that the scammers ...
Continue Reading

It’s Worse Than You Thought: Remote Employees Interaction with Unsafe Websites is Up 50%

New data shows just how frequently remote users are accessing risky web content that would normally be blocked by firewalls and other network monitoring solutions.
Continue Reading

Monkeying Around for Office 365 Credentials

Criminals are abusing SurveyMonkey to host redirect links to an Office 365 phishing page, researchers at Abnormal Security have found. The emails contain links to a real SurveyMonkey ...
Continue Reading

6000% Increase in Phishing Attacks Leveraging COVID-19, Healthcare Industry Often The Target

On July 3rd just before the holiday weekend, Mount Auburn Hospital's IT team identified suspicious activity. Alarmed, they quickly took steps to disconnect the Cambridge hospital's ...
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews