Security Awareness Training Blog

Phishing Blog

Learn about current phishing techniques, notable campaigns and attacks, what to watch out for 'in the wild', and more.

Amazon, Paypal, and Gmail Users are the Latest Target in a Sophisticated Multistage Phishing Attack

The latest attack, dubbed “Heatstroke” uses new target-specific phishing kits that may be sold as a “phishing-as-a-service” using new techniques to avoid leaving a trail.
Continue Reading

Crime Sometimes Pays: $1.1M Recovered from U.K. Phishing Scammer 2 Years After Being Caught

We don’t often hear enough stories of cybercriminals being caught and paying back what they’ve stolen, but in the case of scammer Grant West, that’s exactly what has happened. 
Continue Reading

New Instagram Phishing Scam Uses Familiar (But Fake) 2FA Codes to Trick Victims

Scammers use familiar verification methods to establish credibility and lull the victim into a false sense of security to compromise Instagram accounts.
Continue Reading

FBI Issues ‘High-Impact’ Ransomware Attack Warning—What You Need To Know

The FBI has issued a new warning that healthcare organizations, industrial companies, and the transportation sector are being targeted with ransomware. The attack methodologies continue ...
Continue Reading

Cybersecurity Awareness Is Not Just For October!

By Joanna Huisman, KnowBe4's new SVP Strategic Insights & Research.  I have a big birthday coming up, and as you can probably guess, I’m less than thrilled about it. I tell myself it’s ...
Continue Reading

Join Us for a Live Demo on Simulated Phishing and Awareness Training

See Ridiculously Easy Security Awareness Training and Phishing in Action!
Continue Reading

Ransomware Incident To Cost Danish Company A Whopping $95 Million

Catalin Cimpanu for ZDNet's Zero Day reported: "Demant, one of the world's largest manufacturers of hearing aids, expects to incur losses of up to $95 million following what appears to be ...
Continue Reading

Copyright Infringement Warning as Phishbait

Scammers are using fake copyright infringement warnings to trick people into handing over their Instagram credentials, Naked Security reports. The warnings arrive in emails that appear to ...
Continue Reading

North Koreans Spear Phish U.S. Victims With Social Engineering Hidden In Obscure Kodak FlashPix Format

A suspected North Korean threat actor has been sending spear phishing emails targeting US organizations, according to Prevailion researchers Danny Adamitis and Elizabeth Wharton. Adamitis ...
Continue Reading

NetWire Remote Access Trojan Being Spread by Phishing Campaign

Researchers at Fortinet have come across a phishing campaign delivering a new version of the NetWire remote access Trojan (RAT). The phishing emails claim to contain invoices and ...
Continue Reading

"Mishperceptions": The Five Most Common Phishing Myths Busted!

By Joanna Huisman, KnowBe4's new SVP Strategic Insights & Research.  The bad guys know that the easiest way into your organization is through your employees. This is not an opinion. Of ...
Continue Reading

Scam Of The Week: Yahoo Massive Data Breach Settlement Phishing Attacks

Yahoo is close to reaching a $117.5 million settlement in a class-action lawsuit over a series of data breaches that affected users between 2012 and 2016 — and your employees are ...
Continue Reading

Chinese Hackers Target Airbus Suppliers in Quest for Commercial Secrets

European aerospace giant Airbus has been hit by a series of attacks by hackers targeting its suppliers in search of commercial secrets, sources told AFP, adding they suspected a Chinese ...
Continue Reading

The Emotet Trojan Botnet is Back in Business

The Emotet botnet is up and running again after four months of inactivity, according to Ars Technica. Multiple security firms have reported seeing phishing emails delivering the malware ...
Continue Reading

Massive phishing wave of account hijacks hits YouTube creators

Over the past few days, a massive wave of account hijacks has hit YouTube users, and especially creators in the auto-tuning and car review community, a ZDNet investigation discovered ...
Continue Reading

PDF Phishing Attacks Using Microsoft OneDrive Surge Nearly 200%

Scammers use a mixture of familiar brand, unsuspecting users, legitimate document types and locations, and credential harvesting in this attack aimed at getting into your Office 365.
Continue Reading

CEO Fraud Attacks Now Use Deepfake Audio and AI to Mimic Executives Over the Phone

While deepfake video gets most of the attention on social media, it’s deepfake audio that is quickly becoming the cybercriminal’s tools of choice for committing fraud.
Continue Reading

Amazon Phishing Scam in Progress

HackRead has come across a phishing scam that’s trying to trick Amazon customers into handing over their account credentials, personal information, and financial details. The phishing ...
Continue Reading

Microsoft Remains the Most Impersonated Brand in Phishing Attacks, with Facebook Phishing Surging

For the fifth quarter in a row, Microsoft is the favorite domain of choice for scammers using phishing attacks to lure their victims into clicking on malicious content.
Continue Reading

Phishing Attacks Up, Especially Against SaaS And Webmail Services

Phishing attacks continued to rise into the summer of 2019 with cybercrime gangs’ focus on branded webmail and SaaS providers remaining very keen, according to the APWG report. ...
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews