Security Awareness Training Blog

Phishing Blog

Learn about current phishing techniques, notable campaigns and attacks, what to watch out for 'in the wild', and more.

Vishing Attacks Yield Phone Fraud Take of Over $100 Million

While not a new tactic, vishing presents cybercriminals with an attack method that’s perfectly aligned with the pandemic shifts to remote workforces.
Continue Reading

[HEADS UP] Office 365 Phishing Attacks Now Use Fake Zoom Suspension Alerts

Microsoft Office 365 users are targeted by a new phishing campaign using fake Zoom notifications to warn those who work in corporate environments that their Zoom accounts have been ...
Continue Reading

Back-to-School: a Buzzkill in More Ways than One

40% of the top twenty universities in the US aren’t using DMARC to mitigate phishing attacks that impersonate the universities’ domains, according to researchers at Tessian. Additionally, ...
Continue Reading

Gartner: You Should Focus On These 7 Specific COVID-19 IT Security Areas

Gartner observed: "Rapid responses to the coronavirus pandemic leave organizations vulnerable to security breaches. Security and risk teams must remain vigilant and focus on strategic ...
Continue Reading

Microsoft Seizes Six Domains Used in Sophisticated Phishing Scheme

Microsoft announced that the US District Court for the Eastern District of Virginia has ruled that the company can seize six domains that were being used in a widespread phishing ...
Continue Reading

[Heads Up] The First-Ever Russian BEC Gang, Cosmic Lynx, Was Uncovered. They Spear Phish Multinational & Fortune 500 Senior Executives

“This is a historic shift to the global email threat landscape and portends new and sophisticated social engineering attacks that CISOs around the world must brace for now,” according to ...
Continue Reading

FakeSpy Android Malware Distributed via Smishing

Researchers at Cybereason are tracking a sophisticated malware campaign targeting Android devices around the world. The campaign involves a new version of the FakeSpy information-stealing ...
Continue Reading

New Calendar Invitations as Phishbait Attack Wave

BleepingComputer warns that cybercriminals are using calendar invites to send phishing links to Wells Fargo customers. Researchers at Abnormal Security discovered this phishing campaign ...
Continue Reading

Half of all Remote Employees Aren’t the Slightest Bit Prepared for Cyberattacks

New data from IBM suggests that employees, their devices, training, and organizational policies are all lacking when it comes making sure remote workers don’t become a victim of ...
Continue Reading

Microsoft 365 Phishing Attacks Masterfully Use Brand Name Sites to Establish Legitimacy

New voicemail phishing scam uses legitimate branded domains from companies like Samsung and Adobe to facilitate redirects to compromised websites intent on stealing credentials.
Continue Reading

Business Email Compromise Attacks Focused on Invoice Fraud Surge by 75%

As attacks on the C-Suite decline, new data shows that employees in finance department roles are critical to the success of shifts in attack campaign strategy.
Continue Reading

A "Secure DNS" Scam: an Upgrade that's a Downgrade

A phishing campaign is targeting website owners with convincing, personalized emails that purport to come from WordPress, Naked Security reports. The emails claim that WordPress is ...
Continue Reading

COVID-19 Related Phishing Scams Target Passport Details

The Coronavirus phishing scams have only gotten more aggressive and targeted now than ever before, InfoSecurity Magazine reports. Now researchers at Griffin Law are tracking self-employed ...
Continue Reading

Australia Spending Nearly $1 Billion on Cyberdefense as China Tensions Rise

The NY Times reported some surprising numbers: "Officials promised to recruit at least 500 cyberspies and build on the country’s offensive capabilities to take the online battle overseas. ...
Continue Reading

Phishing in Irish Streams

Netflix is warning users in Ireland to be on the lookout for another phishing campaign that’s impersonating the streaming service, Extra.ie reports. The emails inform recipients that ...
Continue Reading

It's the Best of 2020! Cyber CSI: Learn How to Forensically Examine Phishing Emails to Better  Protect Your Organization

Roger Grimes' lesson on how to forensically examine phishing emails received the highest viewer rating of any webinar so far this year. In case you missed it, make sure to watch this ...
Continue Reading

New Dropbox-Based Pandemic Relief Payment Scam Targets U.K. Microsoft 365 Users, Bypassing Email Security

Using a Dropbox Transfer page, this new scam presses all the urgency buttons while eluding detection as being malicious in an effort to steal the victim’s online credentials.
Continue Reading

One Letter Away: Impersonation, Bitcoin, and Phishing Expeditions

KrebsOnSecurity reports that a phishing website has been impersonating the private messaging service Privnote.com in order to steal Bitcoin. The real Privnote is a free site that allows ...
Continue Reading

Phishing Attacks Significantly Increase in Singapore During COVID-19 Pandemic

The number of phishing attacks in Singapore to give up personal information has almost tripled in the last year and doubled during the COVID-19 pandemic, according to the Cybersecurity ...
Continue Reading

‘New VPN Configuration’ Email Tricks Microsoft 365 Users Out of Credentials

Scammers are taking advantage of the prominent use of VPNs by remote workforces to send out this very topically relevant phishing email that just wants to steal your credentials.
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews