Security Awareness Training Blog

Phishing Blog

Learn about current phishing techniques, notable campaigns and attacks, what to watch out for 'in the wild', and more.

Phishing Attack Frequency Rises Nearly 50% as Some Sectors Increase by as Much as 576%

New data provides a multi-faceted look at the changing face of phishing attacks. This data includes who’s being targeted, the tactics being used, and why phishing attacks continue to work.
Continue Reading

Automate Reporting for Security Awareness Training Events and Suspicious Email Remediation Management with Cortex XSOAR and KnowBe4

Security teams face unique challenges in today’s rapidly-changing landscape of phishing, malware, and other social engineering and cybersecurity threats. Collaboration across disparate ...
Continue Reading

Latest QBot Attacks Use a Mixture of PDF Attachments and Windows Scripting Host Files to Infect Victims

QBot malware seems to be outliving its competitors through innovative new ways to socially engineer victims into helping install it.
Continue Reading

Scammers Impersonate Zelle via the Lure of “Getting Paid” to Get Paid Themselves

A new impersonation scam targets users of the popular pay platform under the guise of the victim having money coming to them and with the goal to obtain Zelle credentials.
Continue Reading

Despite a Majority of Organizations Believing They’re Prepared for Cyber Attacks, Half Were Still Victims

A new survey points to an overconfidence around organization’s preparedness, despite admitting to falling victim to ransomware attacks – in some cases multiple times.
Continue Reading

Organizations Have No Idea of a Data Breach’s Root Cause in 42% of Reported Cases

New data shows how poorly organizations are at identifying – let alone removing – an attacker's foothold, putting themselves at continued risk of further attacks and data breaches.
Continue Reading

Fake Meta Tech Support Profiles for Fraud

Researchers at Group-IB have found an extensive campaign in which criminal operators have created a large number of fake Facebook profiles that repost messages in which the scammers ...
Continue Reading

Another Perspective on ChatGPT's Social Engineering Potential

We’ve had occasion to write about ChatGPT’s potential for malign use in social engineering, both in the generation of phishbait at scale and as a topical theme that can appear in lures. ...
Continue Reading

Phishing for Credentials in Social Media-Based Platform Linktree

Social media is designed of course to connect, but legitimate modes of doing so can be abused. One such case of abuse that’s currently running involves Linktree, a kind of meta-medium for ...
Continue Reading

Phishing Email Volume Doubles in Q1 as the use of Malware in Attacks Slightly Declines

New data shows that cybercriminals started this year off with a massive effort using new techniques and increased levels of attack sophistication.
Continue Reading

Affinity Phishing Attacks Use Social Engineering Tactics to Prey on Victims

Affinity phishing scams are ones in which criminals cultivate trust in their prospective victims by trading on common background, either real or feigned. Thus a fraudster might claim a ...
Continue Reading

‘Support’ Tops the List of Combosquatted Domains Used in Phishing Attacks

A method used in domain impersonation attacks, combosquatting aids the threat actor by using a modified domain name to further increase the credibility of an attack.
Continue Reading

Recent Artificial Intelligence Hype is Used for Phishbait

Curiosity leads people to suspend their better judgment as a new campaign of credential theft exploits a person’s excitement about the newest AI systems not yet available to the general ...
Continue Reading

Alarming Tax Phishing Campaign Targets US with Malware

Researchers at Securonix are tracking an ongoing phishing campaign dubbed “TACTICAL#OCTOPUS” that’s been targeting users in the US with tax-related phishing emails.
Continue Reading

Recently Exposed North Korean Threat Actor APT43 Targeting Organizations With Spear Phishing

Google’s Threat Analysis Group (TAG) has published a report describing the activities of “ARCHIPELAGO,” a subset of the North Korean state-sponsored threat actor APT43. ARCHIPELAGO’s ...
Continue Reading

New Emotet Phishing Campaign Pretends to be the IRS Delivering W-9 Forms

A newly documented phishing campaign demonstrates how timely themes can be impactful in creating a successful attack that gets the recipient to engage with malicious content.
Continue Reading

1 in 8 Email Threats Now Make It Past Email Security Solutions

Phishing attacks that can evade detection by email scanners are improving their chances of reaching the inbox, thanks to an increase in the use of one specific attachment type.
Continue Reading

Fake ChatGPT Scam Turns into a Fraudulent Money-Making Scheme

Using the lure of ChatGPT’s AI as a means to find new ways to make money, scammers trick victims using a phishing-turned-vishing attack that eventually takes victim’s money.
Continue Reading

Artificial Intelligence Makes Phishing Text More Plausible

Cybersecurity experts continue to warn that advanced chatbots like ChatGPT are making it easier for cybercriminals to craft phishing emails with pristine spelling and grammar, The ...
Continue Reading

The Dangers of Vishing Campaigns and How To Protect Yourself

In recent years, cybercrime has evolved to become more sophisticated than ever before. One of the up and coming methods used by criminals is vishing (voice phishing). This is where an ...
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews