Security Awareness Training Blog

Phishing Blog

Learn about current phishing techniques, notable campaigns and attacks, what to watch out for 'in the wild', and more.

Why Is Windows Defender The World's No. 1 Antivirus With More Than Half A Billion EndPoints?

Having been inside the AntiVirus software industry for quite a while, and building an AV tool from the ground up, when I saw Redmond start acquiring several small AV companies in 2008 and ...
Continue Reading

Engineering Licensing as Phishbait

Researchers at Proofpoint have observed a state-sponsored spearphishing campaign targeting three US utilities companies. The emails convincingly posed as exam results from the National ...
Continue Reading

Freight Forwarding Email Scams are Business Killers

The Australian Cyber Security Centre (ACSC) has warned that multiple Australian IT suppliers have permanently closed their doors after falling victim to procurement scams, CRN reports. ...
Continue Reading

Scam Of The Week: Equifax Settlement Phishing

Well, that did not take long! The Equifax Data Breach resulted in a settlement and those affected have a choice between free credit monitoring or a $125 payment.
Continue Reading

Buyers of Facebook’s Libra Cryptocurrency are the Latest Target in Phishing Scams

Scammers are impersonating Facebook to trick potential buyers of Facebook’s new cryptocurrency into parting with their money.
Continue Reading

Russian Phishing: Swiss-based Email Provider ProtonMail Hit By Cyber Attack

Reporters investigating Russian military intelligence have been targeted by highly sophisticated cyber attacks through their encrypted email accounts, with evidence suggesting Moscow was ...
Continue Reading

CEO Fraud Phishing Scams Versus The U.K. Solicitors

The UK’s Solicitors Regulation Authority (SRA) has warned of another email scam that impersonated a real law firm in order to hijack a real estate transaction, according to Martin Parrin ...
Continue Reading

15-year old MyDoom Remains a Common Phish Hook

The destructive email worm MyDoom is still very active more than fifteen years after it was first spotted, according to ZDNet. Researchers at Palo Alto Networks’ Unit 42 observed 663,000 ...
Continue Reading

Office 365 Administrators are the Target of the Latest String of Phishing Attacks

Using a mix of fake admin alerts and a spoofed logon page, this newest campaign leverages IT’s urgency in fixing critical issues before they impact users.
Continue Reading

Iranian Hacker Group APT34 Use New ‘Tonedeaf’ Malware over LinkedIn in Latest Phishing Campaign

Targeting several key industries, this new campaign likely seeks to aid the Iranian government with information that could be of use to further Iran’s economic and security goals.
Continue Reading

[Heads-up] Nationwide Bomb Threat Extortion Phishing Attack Campaign With A Twist

IN OFFICES AND universities all across the country Thursday, the same threat appeared in email inboxes: Pay $20,000 worth of bitcoin, or a bomb will detonate in your building. Police ...
Continue Reading

Schools In Both The US And UK Victim Of Recent Phishing Attacks

A number of educational institutions have recently fallen victim to cyberattacks, highlighting the need for increased awareness training for students and faculty. SC Media UK has ...
Continue Reading

Romanian Cybercriminals Sentenced for Phishing Campaign

Our friends at Phishlabs wrote: "This week, the Department of Justice for the U.S. Attorney’s Office for the Northern District of Georgia announced the final of three sentences to be ...
Continue Reading

BEC = “Because it’s Easy Cash” Scammers Trick Employees Into Giving Away Customer Info

Business Email Compromise—also known as CEO Fraud—scammers are now targeting a company's customers using a new indirect attack method designed to collect information on future scam ...
Continue Reading

This Year, Phishing Causes Losses of $17,700 per minute And Ransomware Attacks Will Cost $22,184 Per Minute

Global losses to cybercrime total $1.5 trillion per year, which amounts to $2.9 million per minute, a new report by RiskIQ shows. Some of the largest companies are losing $25 each minute ...
Continue Reading

A Phishing Campaign Evades Email Gateways via WeTransfer

A phishing campaign is abusing the legitimate file hosting site WeTransfer to get malicious links through email filters, according to Jake Longden at Cofense. The attackers send real ...
Continue Reading

HoneyTrap, The Oldest In The World Now As Iranian Catphish on LinkedIn

Iranian state-sponsored hackers are increasing their targeting of civilian targets amid escalating tensions between the US and Iran, according to Zak Doffman at Forbes. Doffman cites a ...
Continue Reading

Q2 2019 Top-Clicked Phishing Email Subjects from KnowBe4 [INFOGRAPHIC]

KnowBe4 reports on the top-clicked phishing emails by subject lines each quarter in three different categories: subjects related to social media, general subjects, and 'In the Wild' - we ...
Continue Reading

[Scam of The Week] New 'US State Police' Phishing Extortion Scam Includes Contact Numbers

Our friend Larry Abrams at Bleeping computer warned: "A new extortion scam is underway that pretends to be from a US State Police detective who is willing to delete child porn evidence if ...
Continue Reading

U.S. Coast Guard Warns of Phishing Attacks Designed for Data Theft and Malware Infection

A new Marine Safety Information Bulletin from the U.S. Coast Guard demonstrates that cybercriminals aren’t just after land-based businesses.
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews