More InterPlanetary File System Services Use Also Means Phishing Abuse by Cybercriminals

May 9, 2023 9:01:02 AM By Stu Sjouwerman

The InterPlanetary File System (IPFS), a distributed file-sharing system that represents an alternative to the more familiar location-based hypermedia server protocols (like HTTPS), is ...

[Eye Opener] HTML Phishing Attacks Surge by 100% in 12 Months

May 7, 2023 11:57:55 AM By Stu Sjouwerman

The Cyberwire reported: "Barracuda released a study this morning indicating that HTML attacks have doubled since last year.

[On-Demand] A Master Class on IT Security: Roger Grimes Teaches You Phishing Mitigation

May 5, 2023 8:35:23 AM By Stu Sjouwerman

Phishing attacks have come a long way from the spray-and-pray emails of just a few decades ago. Now they’re more targeted, more cunning and more dangerous. And this enormous security gap ...

Walmart Jumps to Top of the List of the Worlds Most Impersonated Brands Used in Phishing Attacks

May 4, 2023 8:38:24 AM By Stu Sjouwerman

Walmart’s rise to become the brand most likely to be impersonated in Q1 of this year is a real problem.

Phishing Attack Frequency Rises Nearly 50% as Some Sectors Increase by as Much as 576%

May 1, 2023 10:31:33 AM By Stu Sjouwerman

New data provides a multi-faceted look at the changing face of phishing attacks. This data includes who’s being targeted, the tactics being used, and why phishing attacks continue to work.

Automate Reporting for Security Awareness Training Events and Suspicious Email Remediation Management with Cortex XSOAR and KnowBe4

May 1, 2023 8:00:00 AM By Stu Sjouwerman

Security teams face unique challenges in today’s rapidly-changing landscape of phishing, malware, and other social engineering and cybersecurity threats. Collaboration across disparate ...

Latest QBot Attacks Use a Mixture of PDF Attachments and Windows Scripting Host Files to Infect Victims

Apr 27, 2023 8:08:22 AM By Stu Sjouwerman

QBot malware seems to be outliving its competitors through innovative new ways to socially engineer victims into helping install it.

Scammers Impersonate Zelle via the Lure of “Getting Paid” to Get Paid Themselves

Apr 27, 2023 8:08:07 AM By Stu Sjouwerman

A new impersonation scam targets users of the popular pay platform under the guise of the victim having money coming to them and with the goal to obtain Zelle credentials.

Despite a Majority of Organizations Believing They’re Prepared for Cyber Attacks, Half Were Still Victims

Apr 27, 2023 8:07:48 AM By Stu Sjouwerman

A new survey points to an overconfidence around organization’s preparedness, despite admitting to falling victim to ransomware attacks – in some cases multiple times.

Organizations Have No Idea of a Data Breach’s Root Cause in 42% of Reported Cases

Apr 27, 2023 8:07:38 AM By Stu Sjouwerman

New data shows how poorly organizations are at identifying – let alone removing – an attacker's foothold, putting themselves at continued risk of further attacks and data breaches.

Fake Meta Tech Support Profiles for Fraud

Apr 26, 2023 8:06:56 AM By Stu Sjouwerman

Researchers at Group-IB have found an extensive campaign in which criminal operators have created a large number of fake Facebook profiles that repost messages in which the scammers ...

Another Perspective on ChatGPT's Social Engineering Potential

Apr 24, 2023 3:54:51 PM By Stu Sjouwerman

We’ve had occasion to write about ChatGPT’s potential for malign use in social engineering, both in the generation of phishbait at scale and as a topical theme that can appear in lures. ...

Phishing for Credentials in Social Media-Based Platform Linktree

Apr 21, 2023 8:14:44 AM By Stu Sjouwerman

Social media is designed of course to connect, but legitimate modes of doing so can be abused. One such case of abuse that’s currently running involves Linktree, a kind of meta-medium for ...

Phishing Email Volume Doubles in Q1 as the use of Malware in Attacks Slightly Declines

Apr 20, 2023 8:21:53 AM By Stu Sjouwerman

New data shows that cybercriminals started this year off with a massive effort using new techniques and increased levels of attack sophistication.

Affinity Phishing Attacks Use Social Engineering Tactics to Prey on Victims

Apr 13, 2023 9:14:14 AM By Stu Sjouwerman

Affinity phishing scams are ones in which criminals cultivate trust in their prospective victims by trading on common background, either real or feigned. Thus a fraudster might claim a ...

‘Support’ Tops the List of Combosquatted Domains Used in Phishing Attacks

Apr 13, 2023 9:14:11 AM By Stu Sjouwerman

A method used in domain impersonation attacks, combosquatting aids the threat actor by using a modified domain name to further increase the credibility of an attack.

Recent Artificial Intelligence Hype is Used for Phishbait

Apr 12, 2023 8:51:10 AM By Stu Sjouwerman

Curiosity leads people to suspend their better judgment as a new campaign of credential theft exploits a person’s excitement about the newest AI systems not yet available to the general ...

Alarming Tax Phishing Campaign Targets US with Malware

Apr 10, 2023 10:21:40 AM By Stu Sjouwerman

Researchers at Securonix are tracking an ongoing phishing campaign dubbed “TACTICAL#OCTOPUS” that’s been targeting users in the US with tax-related phishing emails.

Recently Exposed North Korean Threat Actor APT43 Targeting Organizations With Spear Phishing

Apr 6, 2023 9:02:08 AM By Stu Sjouwerman

Google’s Threat Analysis Group (TAG) has published a report describing the activities of “ARCHIPELAGO,” a subset of the North Korean state-sponsored threat actor APT43. ARCHIPELAGO’s ...

New Emotet Phishing Campaign Pretends to be the IRS Delivering W-9 Forms

Apr 6, 2023 8:33:39 AM By Stu Sjouwerman

A newly documented phishing campaign demonstrates how timely themes can be impactful in creating a successful attack that gets the recipient to engage with malicious content.

Security Awareness Training Blog

Phishing Blog

View Topics