Security Awareness Training Blog

Phishing Blog

Learn about current phishing techniques, notable campaigns and attacks, what to watch out for 'in the wild', and more.

Phishing Attacks Impersonating Canadian Banks Work So Well, the Campaign Has Been Running for Two Years

As part of a massive ongoing phishing campaign, the same group of attackers leverage hundreds of lookalike phishing websites to steal from unsuspecting banking customers. Security ...
Continue Reading

The Top 5 Eyeopener Strategies To Improve Your IT Defenses And Keep Bad Guys Out Of Your Network

Last year, in 2019 according to CVEdetails, there were 12,174 new, publicly announced vulnerabilities. If that sounds like a high number, it’s a lot less than the previous two years. We ...
Continue Reading

New Office 365 Phishing Attack Targets OAuth Apps Instead of Credentials

Trying to steal your username and password is so “yesterday.” The 2020 Hacker is now leveraging Office 365 OAuth APIs to gain control over user mailboxes with phishing tactics.
Continue Reading

The Better the Phishing Protection Gets, the More Sophisticated Phishing Attacks Are Getting

Microsoft’s review of how phishing has evolved over the last year highlights some of the great lengths attackers will go to in order to avoid being detected as a phishing campaign.
Continue Reading

Of Course, Scammers Exploit Fears of Iranian Hacking

A new phishing campaign is attempting to frighten people into handing over their credentials by claiming Microsoft was hacked by Iran, BleepingComputer reports. The campaign is ...
Continue Reading

December Content Update: Includes New Versions of Email Exposure Check Pro and Phishing Security Test Tools

Here are a few important updates to share with you from the month of December. 
Continue Reading

Smishing 101 and Defenses

Smishing is phishing via Short Message Service (SMS) on a participating device, usually a cell phone. Long neglected by phishers and spammers, smishing has recently become a very common ...
Continue Reading

Mobile Threats Shouldn't be Overlooked

Phishing attacks against mobile devices can be just as damaging to an organization as attacks targeting workstations and laptops, according to a market report by Cyber Security Hub. ...
Continue Reading

Phishing Emails on the Rise as Spear Phishing Continues to Return Bigger Payouts

New data from Microsoft Security Insights sheds some needed light on exactly what the bad guys are doing and how they’re shifting tactics. Sometimes it feels like the bad guys are ...
Continue Reading

Smishing and Deepfakes Top the List of Cyber Attack Methods Expected in 2020

You want to know what to expect from data breaches, phishing attacks, and other calculated methods in 2020? There’s no better source than Experian’s seventh-annual Data Breach Industry ...
Continue Reading

New TrickBot Malware Attack Leverages Google Drive to Deliver Its Payload and Ensure Infection

New details from Palo Alto Network’s Unit 42 research team show TrickBot rearing its ugly head once again, using legitimate cloud services – and employee greed – as its path to success. ...
Continue Reading

Penn State Warns of Spear Phishing Attacks

Penn State is warning its community about a recent spike in phishing attacks targeting the university’s employees. Attackers are sending emails posing as real Penn State employees and ...
Continue Reading

Security Generation Gaps

People from different generations tend to approach cybersecurity differently. Organizations should tailor their security programs and phishing tests with this in mind. According to Azeem ...
Continue Reading

U.S. Government Issues Warning About Possible Iranian Cyberattacks

Christopher C. Krebs, Director of Cybersecurity and Infrastructure Security Agency issued a warning about a potential new wave of Iranian cyber-attacks targeting U.S. assets after Maj. ...
Continue Reading

Seven Kinds of Malware, and all Arrive by Social Engineering

Naked Security outlines seven different categories of malware and describes how each of them through social engineering techniques can affect your organization. Some or all of these ...
Continue Reading

Global Climate Change Phishbait

A number of phishing campaigns have been using Christmas-themed emails encouraging recipients to support climate activist Greta Thunberg, according to Paul Ducklin at Naked Security. ...
Continue Reading

More Fake Windows 10 Updates Spell Hefty Ransoms for Victims

With Windows 7 ending support this month, organizations moving to or already on Windows 10 need to be wary of “update” phishing scams intent on installing ransomware.
Continue Reading

New Report Shows the Success of Business Email Compromise Come from a Calculated Attack Approach

The newest data from security vendor Barracuda provides insight into exactly how attackers execute BEC attacks and what makes them so successful.
Continue Reading

[Heads-up] Sextortion Crime Gang Now Uses New Tactics To Bypass Your Spam Filters

In a business environment, employees use Google Translate on a regular basis to get access to documents they need to work with, or websites that are in another language.
Continue Reading

Cities and Governments are the Latest Target in a New “Leakware” Attack

This new type of attack focuses on threatening to steal and publish data on the web, asking for a ransom to be paid to keep the attackers from doing so.
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews