Security Awareness Training Blog

Phishing Blog

Learn about current phishing techniques, notable campaigns and attacks, what to watch out for 'in the wild', and more.

“Picture in Picture” Phishing Attack Technique Is So Simple, It Works

Using credibility-building imagery and creating a need for the user to click what may or may not be perceived as an image is apparently all it takes to engage potential phishing victims.
Continue Reading

Banking and Retail Top the List of Industries Targeted by Social Media Phishing Attacks

Using an external platform trusted by potential victims is proving to be a vital tool in the cybercriminal’s arsenal. New data shows the state of the threat and who’s at risk.
Continue Reading

Extremely Persistent Threat Group Demonstrates a Strong Understanding of the Modern Incident Response Frameworks

A threat actor tracked as “Muddled Libra” is using the 0ktapus phishing kit to gain initial access to organizations in the software automation, business process outsourcing, ...
Continue Reading

Is AI-Generated Disinformation on Steroids About To Become a Real Threat for Organizations?

A researcher was alerted to a fake website containing fake quotes that appeared to be written by himself. The age of generative artificial intelligence (AI) toying with our public ...
Continue Reading

[Eyes Open] The FTC Reveals The Latest Top Five Text Message Scams

The U.S. Federal Trade Commission (FTC) has published a data spotlight outlining the most common text message scams. Phony bank fraud prevention alerts were the most common type of text ...
Continue Reading

KnowBe4’s 2023 Phishing By Industry Benchmarking Report Reveals that 33.2% of Untrained End Users Will Fail a Phishing Test

Cybercriminals still know that the easiest way to successfully infiltrate an organization is through its people.
Continue Reading

New Survey Shows 40% of People Searching for a Job Encountered a Scam

A survey by PasswordManager.com has found that one in three job seekers has fallen for, and responded to, fake job scams over the past two years.
Continue Reading

[INFOGRAPHIC] KnowBe4’s SecurityCoach: Top 10 Risky Behaviors

Real-time security coaching helps improve your organization’s security culture by enabling real-time coaching of your users in response to risky security behaviors.
Continue Reading

Microsoft Describes a Sophisticated Phishing Campaign that Targeted Several Financial Organizations

Microsoft describes a sophisticated phishing campaign that targeted several financial organizations.
Continue Reading

[SCAM OF THE WEEK] Summer Scams Your Users Should Watch Out For

While your users are getting ready for their next beach vacation, cybercriminals are preparing for their opportunity to strike. Check Point Research warns about this and common phishing ...
Continue Reading

Why Companies Have Great Success Training Employees With Simulated Phishing Tests

We occasionally learn of articles and papers that claim that security awareness training and/or simulated phishing campaigns are not effective. We don’t want to disparage what these ...
Continue Reading

Verizon: Pretexting Now Tops Phishing in Social Engineering Attacks

The New Verizon DBIR is a treasure trove of data. As we covered here, and here, people are one of the most common factors contributing to successful data breaches. Let’s drill down a bit ...
Continue Reading

Smishing Campaign Expands to the Middle East

A Chinese-speaking phishing gang has expanded its targeting from the Asia-Pacific region to the Middle East, researchers at Group-IB have found. The gang, which the researchers call ...
Continue Reading

Why Do You Still Need Security Awareness Training If You Use Phishing-Resistant MFA?

For years, KnowBe4 has been a long-time proponent of everyone using PHISHING-RESISTANT multi-factor authentication (MFA) whenever possible.
Continue Reading

North Korean Phishing Campaign Targeting Think Tanks, Academics and Media

The U.S. and South Korean governments have issued a joint advisory outlining a North Korean phishing campaign, The Register reports. The threat actor, known as “Kimsuky,” is targeting ...
Continue Reading

New Phishing Campaign Uses Hyperlinked Images for Fake Gift Cards and Promotions

A phishing campaign is using hyperlinked images in order to trick users into visiting malicious sites, according to Jeremy Fuchs at Avanan. The emails contain images that offer gift cards ...
Continue Reading

Protecting Patient Data: The Importance of Cybersecurity in Healthcare

As digital transformation continues to shape the healthcare industry, it is crucial for healthcare organizations to prioritize cybersecurity. These organizations are entrusted with ...
Continue Reading

[Wake-Up Call] It's Time to Focus More on Preventing Spear Phishing

Fighting spear phishing attacks is the single best thing you can do to prevent breaches.
Continue Reading

“Magic Link” Phishing Attacks Scamming Users With Fake McAfee Renewals

Threat actors are using encoded phishing links to evade security filters, according to Jeremy Fuchs at Avanan. The phishing emails purport to be notifications from McAfee informing the ...
Continue Reading

Verizon Sends New Smishing Warning

Verizon has renewed its warnings to customers about the threat of smishing, a social engineering approach that relies upon texts as opposed to other communication channels like the email ...
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews