Cybercriminals Selling "Golden Tickets" to Phish Microsoft 365... $500,000 in Sales in 10 Months

Sep 12, 2023 7:45:00 AM By Stu Sjouwerman

In the movie, "Willy Wonka and the Chocolate Factory," kids unwrap chocolate bars in hopes of winning a golden ticket, giving the holder an inside tour of the sugar factory. The W3LL ...

Microsoft Teams Phishing Campaign Distributes DarkGate Malware

Sep 11, 2023 8:55:42 AM By Stu Sjouwerman

Researchers at Truesec are tracking a phishing campaign that’s distributing the DarkGate Loader malware via external Microsoft Teams messages.

[dot]US Domain Exploited for Phishing

Sep 8, 2023 8:14:23 AM By Stu Sjouwerman

The Interisle Consulting Group has published a paper looking at the phishing landscape in 2023, KrebsOnSecurity reports. Notably, Interisle found that the .us top-level domain is being ...

New Telekopye Phishing Toolkit Uses Telegram-Based Bots To Turn Novice Scammers into Experts

Sep 8, 2023 8:13:13 AM By Stu Sjouwerman

The Telekopye toolkit allows scammers to create phishing websites, send fraudulent SMS messages and emails, and target popular Russian and non-Russian online marketplaces.

Brand Impersonation Hits a New High with as Many as 73 Lookalike Domains Per Brand

Sep 8, 2023 8:12:44 AM By Stu Sjouwerman

The use of lookalike domains has reached critical mass with not just one counterfeit website, but many.

CISA Says to Exercise Caution For Disaster-Related Malicious Scams

Sep 6, 2023 9:45:36 AM By Stu Sjouwerman

The US Cybersecurity and Infrastructure Security Agency (CISA) has warned that scammers are exploiting the recent hurricanes that have hit the US. Criminals frequently impersonate ...

How Secure Is Your Authentication Method?

Sep 6, 2023 8:53:21 AM By Roger Grimes

I frequently write about authentication, including PKI, multi-factor authentication (MFA), password managers, FIDO, Open Authentication, and biometrics. I have written dozens of articles ...

Nearly One-Quarter of Financial-Themed Spam Emails are Phishing Attacks

Sep 1, 2023 10:23:14 AM By Stu Sjouwerman

While spam tends to be dismissed as being more of an annoyance, new research shows that there is a very real and ever-present threat in emails that are marked as “spam”.

New Adversary in the Middle Platform Circumvents MFA Protections “At Scale”

Sep 1, 2023 10:21:34 AM By Stu Sjouwerman

As Phishing as a Service (PhaaS) kits continue to evolve, news like recent attacks using the Greatness toolkit demonstrate how easy it is for novice attackers to access accounts despite ...

Labor Day Alert: Mobile Phishing Attacks on the Rise for Remote Employees

Aug 31, 2023 1:59:58 PM By Stu Sjouwerman

A recent survey by Lookout, Inc. warns for a specific attack vector as Labor Day approaches. The study shows that 85% of enterprise employees capable of remote work plan to do so on ...

[Live Demo] Ridiculously Easy Security Awareness Training and Phishing

Aug 31, 2023 12:18:44 PM By Stu Sjouwerman

Old-school awareness training does not hack it anymore. Your email filters have an average 7-10% failure rate; you need a strong human firewall as your last line of defense.

Customers of Cryptocurrency FTX are Target of Phishing Emails

Aug 31, 2023 11:06:04 AM By Stu Sjouwerman

Customers of the bankrupt cryptocurrency exchange FTX are already receiving phishing emails following a breach of personal data held by several crypto companies, CoinDesk reports.

Open Redirect Flaws: The Newest Phishing Trick

Aug 30, 2023 3:45:49 PM By Stu Sjouwerman

No surprise: phishing attacks are on the rise, and an old technique is now--again--getting increasingly popular: open redirect flaws. These flaws allow attackers to redirect victims to ...

Quishing: QR Codes as Phishbait

Aug 30, 2023 9:12:55 AM By Stu Sjouwerman

Researchers at Trustwave are tracking an increase in the use of QR codes to spread phishing links.

Use KnowBe4’s New Callback Phishing Feature to Boost Your Organization's Security Awareness

Aug 25, 2023 8:20:17 AM By Stu Sjouwerman

What's the Deal with Callback Phishing?

Duolingo Users Should Be on the Lookout for Targeted Phishing Attacks

Aug 24, 2023 8:58:30 AM By Stu Sjouwerman

Users of the language learning app Duolingo should be wary of targeted phishing attacks following a recent data leak, according to Anthony Spadafora at Tom’s Guide. Criminals scraped the ...

Phishing Tops the List as the Most Costly Initial Attack Vector in Data Breaches

Aug 23, 2023 8:59:37 AM By Stu Sjouwerman

After you come to grips with the massive average cost of a data breach to an enterprise organization measured in the millions, it’s time to look at the factors that increase – and lower – ...

Deceptive Links, Brand Impersonation, and Identity Deception Top the List of Phishing Attack Tactics

Aug 23, 2023 8:58:43 AM By Stu Sjouwerman

As phishing attacks continue to dominate as an initial attack vector, new data shows that attackers maintain the use of tried-and-true techniques as the means to successful attacks.

Phishing Campaigns Targeting Microsoft Login Credentials Jump an Unprecedented 6100%

Aug 23, 2023 8:58:36 AM By Stu Sjouwerman

Monitoring of traffic to phishing pages hosted on the free hosting service Cloudflare R2 show an unheard of spike of 6100%, many going undetected by many security solutions due to the ...

Scammers Impersonate the Australian Tax Office

Aug 23, 2023 8:55:31 AM By Stu Sjouwerman

The Australian Taxation Office (ATO) has warned of an increase in SMS and email phishing attacks targeting taxpayers, News.com.au reports. The scams attempt to steal credentials or ...

Security Awareness Training Blog

Phishing Blog

View Topics