KnowBe4

Security Awareness Training Blog

Phishing Blog

Learn about current phishing techniques, notable campaigns and attacks, what to watch out for 'in the wild', and more.

Bogus Job Offers as Phishbait

A series of phishing campaigns are targeting companies in various industries with phony job offers using direct messages on LinkedIn, according to researchers at Proofpoint. The attacker ...
Continue Reading

The NoRelationship Attack Bypasses Office 365 Email Attachment Security

Attackers are bypassing Office 365 email attachment security by editing the relationship files that are included with Office documents, according to Yoav Nathaniel at Avanan. A ...
Continue Reading

Phishing campaign attempts to spread a new brand of snooping malware

Danny Palmer at ZDNet had the scoop: "A cyber espionage campaign is targeting national security think tanks and academic institutions in the US in what's believed to be an intelligence ...
Continue Reading

Various Types Of Phishing Attacks Defined

Phishing attacks are growing increasingly sophisticated as attackers put more effort into choosing their victims and launching targeted attacks, according to a recent Emsisoft blog post.
Continue Reading

Iran indictments show even U.S. intelligence officials are vulnerable to basic phishing schemes

As the story broke about the charges against former U.S. Air Force intelligence specialist who defected to Iran and support targeted hacking against some of her former colleagues, one ...
Continue Reading

Cyberheist On Bank Causes Shutdown Of All Operations

Reuters reported that the Bank of Valetta, which accounts for almost half of Malta’s banking transactions, had to shut down all of its operations on Wednesday after hackers broke into its ...
Continue Reading

You Have A Special Valentine's Day Message!

 
Continue Reading

New Phishing Attack Uses Google Translate to Spoof Login Page and Fool Victims

A clever use of Google Translate fools victims into believing spoofed authentication requests are being handled by Google itself.
Continue Reading

Scammers Still Exploit Hijacked GoDaddy Domains

Criminals are still using hijacked GoDaddy domains to launch large-scale spam campaigns, despite GoDaddy taking steps last month to address the authentication flaw exploited by the ...
Continue Reading

Social Engineering Comes to Wikipedia

Attackers are selectively editing Wikipedia articles to lend credibility to tech support scams, according to Rob VandenBrink at the SANS Internet Storm Center. The Wikipedia page for the ...
Continue Reading

Organizations Routinely Phish Their Own Employees to Test Their Systems for Human Vulnerability

As compliance mandates and consumer privacy laws get tougher, businesses are taking matters into their own hands, launching internal phishing attacks to identify at-risk users. 
Continue Reading

Here is the Phish-prone percentage that a customer sent us today

"We’ve had great success with the KnowBe4 solution.  I think the key differentiator for KnowBe4 is the integration of the simulated phishing and analytics in conjunction with the ...
Continue Reading

Today I was attacked through an existing vendor using a real email thread

We have been dealing with a vendor of ours for on-hold messages for many years. I send them a Word file with the hold messages, their studio records them, and they send us a wave file ...
Continue Reading

Sextortion Phishing Scam Exploits Recent Breach Fears

Sextortion scam emails are circulating which claim that a popular adult site has been hacked, allowing an attacker to record videos of users through their webcams, according to Lawrence ...
Continue Reading

Voicemail Phishing Email Scams are Targeting User Passwords

A devilishly ingenious scam plays on your user’s familiarity with business voicemail, seeking to compromise online credentials without raising concerns.
Continue Reading

This password-stealing phishing attack comes disguised as a fake meeting request from the boss

Danny Palmer at ZDNet reported: "A widespread phishing campaign is targeting executives across a number of industries with messages asking to reschedule a board meeting in an effort to ...
Continue Reading

[New Phishing Template] See The Big Game SnoozeFest Highlights In 5 Minutes

Here is a template that you can use to test your users and see if they will click on a Big Game related phishing attack. There are bad guys out there trying several scams to entice ...
Continue Reading

[Brilliant New Social Engineering Phish] "Please Docusign: Funding For Your Business"

A friend was sent this email and he forwarded it to me. It's a brilliant new social engineering phishing scam. It will sail through all your spam / malware filters and email protection ...
Continue Reading

Scam Of The Week: CEO Fraud bad guys are now bribing your users

Today saw the arrival of yet another interesting variant of the gift card phishing campaigns that have grown into a deluge over the past few months (see below). Today's email demonstrates ...
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews