Security Awareness Training Blog

Phishing Blog

Learn about current phishing techniques, notable campaigns and attacks, what to watch out for 'in the wild', and more.

Malicious URLs In Phishing Emails: Hover, Click and Inspect Again

The most often recommended piece of anti-phishing advice is for all users to “hover” over a URL link before clicking on it. It is great advice.
Continue Reading

Generative AI and the Automation of Social Engineering Increasingly Used By Threat Actors

Threat actors continue to use generative AI tools to craft convincing social engineering attacks, according to Glory Kaburu at Cryptopolitan.
Continue Reading

[HEADS UP] Aurora Police Department Warns of Contactless Payment Processors Scams

If you didn't trust contactless payment processors before, you really won't after hearing about this recent scam.
Continue Reading

New SMS Phishing Campaign Impersonating The US Postal Service

DomainTools is tracking an increase in SMS phishing (or “smishing”) campaigns impersonating the US Postal Service (USPS). The text messages inform recipients that there’s a problem with ...
Continue Reading

[Live Demo] Ridiculously Easy Security Awareness Training and Phishing

Old-school awareness training does not hack it anymore. Your email filters have an average 7-10% failure rate; you need a strong human firewall as your last line of defense.
Continue Reading

Ransomware Now Considered a “Crisis” in the Financial Services Sector

A recent panel discussion of banking CISOs and experts at the SIBOS conference focused on the current state of ransomware and what institutions should do to protect themselves.
Continue Reading

It’s Official – Generative AI Has Made Phishing Emails Foolproof

The most basic use of tools like ChatGPT to script out professional-looking emails has all but eliminated improperly written content as an indicator of a potential phishing scam.
Continue Reading

Threat Group UNC3944 Continues to See Success Using Text-Based Social Engineering

A new update on UNC3944 group's activities shows how they are evolving their focus squarely on SMiShing credential harvesting attacks that result in data theft/extortion attacks.
Continue Reading

Pharma Industry Seeing Reduction in Data Breach Costs, But Still Have Much to Do

Insights from IBM’s Cost of a Data Breach Report on the Pharmaceutical Industry shows that while the overall cost has improved, there are clear areas of risk that need to be addressed.
Continue Reading

Facebook Messenger Becomes the Delivery Mechanism for Infostealer Malware Attack

Millions of business accounts on Facebook are the target of a new malware attack, which is seeing a success rate of 1 out of 70, causing concern for the security of corporate credentials.
Continue Reading

How Zero-Point Fonts in Phishing Emails Make Them Look Safe

Attackers are using zero-point fonts to make phishing emails appear as though they’ve been verified by security scanners, BleepingComputer reports.
Continue Reading

[HEADS UP] If You're a LastPass User, You May be the Next Phishing Email Target

Cybercriminals are not holding back on LastPass users as a new phishing campaign has recently launched with the intent to steal your data.
Continue Reading

New Threat Actor Impersonates the Red Cross to Deliver Malware

Researchers at NSFOCUS are tracking a phishing campaign by a new threat actor called “AtlasCross” that’s impersonating the Red Cross in order to deliver malware.
Continue Reading

Ukrainian Military Targeted in Sophisticated Phishing Attack Using Drone Manuals

Securonix is tracking a phishing campaign that’s targeting the Ukrainian military with malware-laden attachments posing as drone instruction manuals. The threat actor is using Microsoft ...
Continue Reading

New Wave of Hospitality Phishing Attacks: Compromise User Credentials, Then Go Phish

The hospitality sector is seeing a new wave of phishing attacks. These new attacks are more plausible because they begin with compromised credentials and move to fraudulent emails sent ...
Continue Reading

[NEW RELEASE]: Unleash the Power of Cybersecurity Education with KnowBe4’s 'Hack-A-Cat' on Roblox

What do cheese, fish and cybersecurity training have in common? Each of these comes together to help keep kids informed about cyber threats and cybersecurity best practices with KnowBe4’s ...
Continue Reading

Cybercriminals Use Google Looker Studio to Host Crypto Scam to Steal Money and Credentials

Security researchers at Check Point have discovered yet another attack that leverages legitimate web applications to host attacks in order to bypass security scanners.
Continue Reading

Tools From Cybercrime Software Vendor W3LL Found to be Behind the Compromise of 56K Microsoft 365 Accounts

A new report uncovers the scope and sophistication found in just one cybercrime vendor’s business that has aided credential harvesting and impersonation attacks for the last 6 years.
Continue Reading

MFA Defenses Fall Victim to New Phishing-As-A-Service Offerings

ZeroFox warns that phishing-as-a-service (PhaaS) offerings are increasingly including features to bypass multi-factor authentication.
Continue Reading

Vanishing Act: The Secret Weapon Cybercriminals Use in Your Inbox

Researchers at Barracuda describe how attackers use legitimate email inbox rules to control compromised accounts and evade detection.
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews