Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

Security Awareness Training Blog

Phishing Blog

Learn about current phishing techniques, notable campaigns and attacks, what to watch out for 'in the wild', and more.

View Topics

[Heads Up] Giant LastPass Breach Can Supercharge Spear Phishing Attacks

Dec 28, 2022 2:27:36 PM By Roger Grimes
By Roger A. Grimes. KnowBe4 recommends that everyone use a password manager to create and use strong passwords as a part of their password policy ...
Continue Reading

QBot Malware Attacks Use SVG files to Perform HTML Smuggling

Dec 27, 2022 9:20:16 AM By Stu Sjouwerman
QBot malware phishing campaigns have adopted a new distribution method using SVG files to perform HTML smuggling that locally creates a malicious installer for Windows.
Continue Reading

The Number of Phishing Attacks Grows 15% in One Quarter, Reaching an All-Time High

Dec 22, 2022 9:44:33 AM By Stu Sjouwerman
New data shows that while ransomware remains somewhat flat, massive increases in business email compromise and response-based email attacks were seen last quarter.
Continue Reading

Ivanti Report Shows Cybersecurity Practitioners Concentrating on Right Threats

Dec 21, 2022 9:25:23 AM By Roger Grimes
A recent Ivanti report shows cybersecurity practitioners getting more focused on the threat landscape, but defenders may need to hone their attention to focus on the right threats.
Continue Reading

Social Engineering, Money Mules, and Job Seekers

Dec 19, 2022 10:32:37 AM By Stu Sjouwerman
A small town in Manitoba, WestLake-Gladstone (population about 3300), fell victim to a social engineering campaign. The municipal government seems to have been a target of opportunity, ...
Continue Reading

Ten Charged with BEC Healthcare Scheme That Took More than $11 Million

Dec 14, 2022 2:03:59 PM By Stu Sjouwerman
Tricking five state Medicaid programs, two Medicare Administrative Contractors, and two private health insurers, the scammers posed as hospitals to alter payment details.
Continue Reading

Cybersecurity Experts Weigh in on Modern Email Attacks

Dec 14, 2022 2:03:19 PM By Stu Sjouwerman
Abnormal Security’s CISO, Mike Britton consolidates some of the best advice from a three-part webinar series on the current state of risk found in email-based cyberattacks
Continue Reading

Utility Bill is the New Phishbait for Cybercriminals

Dec 14, 2022 9:12:45 AM By Stu Sjouwerman
An SMS phishing (smishing) campaign is impersonating utility providers in the US, Cybernews reports. Researchers at Enea AdaptiveMobile Security spotted the campaign, which informs ...
Continue Reading

CISA Phishing Infographic Contains a Lot of Good Information

Dec 13, 2022 8:54:06 AM By Roger Grimes
On December 8th, the Cybersecurity & Infrastructure Security Agency (CISA) released a great phishing infographic about data collected, lessons learned and recommendations learned from ...
Continue Reading

[CASE STUDY] New-school Approach to Training and Simulated Phishing Shines Over Traditional LMS

Dec 12, 2022 1:49:34 PM By Stu Sjouwerman
A U.S.-based enterprise manufacturing organization cut their Phish-prone Percentage™ (PPP) by more than 80% after five months using the KnowBe4 security awareness training and simulated ...
Continue Reading

Russian Threat Actor Impersonates Aerospace and Defense Companies

Dec 7, 2022 8:54:58 AM By Stu Sjouwerman
A Russia-linked threat actor tracked as TAG-53 is running phishing campaigns impersonating various defense, aerospace, and logistic companies, according to The Record by Recorded Future. ...
Continue Reading

Holiday Shopping Scams Online Are Too Good to be True

Dec 7, 2022 8:54:49 AM By James McQuiggan
It's three weeks before Christmas, and the latest video game console is getting harder and harder to find in stores. You've checked all the large retail stores online and visited them ...
Continue Reading

Credential Phishing with Apple Gift Card Lures

Dec 5, 2022 8:57:57 AM By Stu Sjouwerman
A phishing campaign is impersonating Apple and informing the user that their Apple account has been suspended due to an invalid payment method, according to researchers at Armorblox.
Continue Reading

Latest Netflix-Impersonated Phishing Attacks Surge in Frequency by 78% Since October

Dec 2, 2022 12:36:53 PM By Stu Sjouwerman
Using a mix of invisible and lookalike characters, this phishing attack attempts to get past security scanners by obfuscating both email content and domain names.
Continue Reading

It’s Official: COVID-related Phishing is Dead as Scammers Return to Impersonating Famous Brands

Dec 2, 2022 12:36:50 PM By Stu Sjouwerman
New analysis of spam and malicious emails show the all but nonexistence of COVID-esque impersonation of government and pharm entities in lieu of international brands.
Continue Reading

Spoofing-as-a-Service Site Taken Down

Dec 1, 2022 10:31:30 AM By Stu Sjouwerman
Law enforcement authorities across Europe, Australia, the United States, Ukraine, and Canada have taken down a popular website used by cybercriminals to impersonate major corporations in ...
Continue Reading

WhatsApp data breach sees nearly 500 million user records up for sale

Nov 26, 2022 3:29:06 PM By Stu Sjouwerman
Craig Hale at Techradar reported: "A post on a “well-known hacking community forum” claims almost half a billion WhatsApp records have been breached and are up for sale.
Continue Reading

A Recent, Complex, Ransomware Campaign

Nov 22, 2022 9:39:48 AM By Stu Sjouwerman
Microsoft has observed a threat actor that’s been running a phishing campaign since August 2022. The threat actor, which Microsoft tracks as “DEV-0569,” is using phishing emails to ...
Continue Reading

New Instagram Support Phishing Attack Fakes “Unusual Logon” Experience Well Enough to Fool Victims

Nov 22, 2022 9:36:16 AM By Stu Sjouwerman
Long gone are the days of tacky landing pages that barely impersonate a brand; threat actors are improving their social engineering game well enough to make anyone believe it’s the real ...
Continue Reading

Image-Based Phishing and Phone Scams Continue to Get Past Security Scanners

Nov 22, 2022 9:34:34 AM By Stu Sjouwerman
Using the simplest tactic of not including a single piece of content that can be considered malicious, these types of scams are making their way to inboxes every single time.
Continue Reading
Subscribe

Search Our Blog


Comprehensive Anti-Phishing Guide

Subscribe To Our Blog

Posts By Topic

View all

Get the latest about social engineering

Subscribe to CyberheistNews