Security Awareness Training Blog

Phishing Blog

Learn about current phishing techniques, notable campaigns and attacks, what to watch out for 'in the wild', and more.

Financial Services Industry Experiences a Massive Increase in Brand Abuse

Industry analysis of the domains used behind phishing and brand impersonation attacks show financial institutions are being leveraged at an alarming rate.
Continue Reading

New VPN Credential Attack Goes to Great Lengths to Obtain Access

A new “so-phish-ticated” attack uses phone calls, social engineering, lookalike domains, and impersonated company VPN sites to gain initial access to a victim network.
Continue Reading

Dick’s Sporting Goods Cyber Attack Underscores Importance of Email Security and Internal Controls

The recent cyber attack on Dick's Sporting Goods makes it clear that email played a critical role and emphasizes the need for better security controls.
Continue Reading

Scammers Use QR Code Stickers to Target UK Motorists

Netcraft warns that scammers are posting QR code stickers on parking meters in the UK and other European countries.
Continue Reading

Election-Themed Phishing Threats Are on the Rise

Researchers at ReliaQuest have published a report looking at cyber threats surrounding the upcoming US presidential election, warning that election-related phishing will continue to ...
Continue Reading

McAfee Discovers New Phishing Campaign Targeting GitHub Users

A phishing campaign is targeting GitHub users with phony CAPTCHA pages, according to researchers at McAfee. The phishing emails ask users to address a security vulnerability in a GitHub ...
Continue Reading

Half of all Financial Services Cyber Attacks Start with a Very Costly Phish

New analysis of attacks on the financial sector shows that the combination of phishing emails and compromised credentials is a recurring — and financially impactful — threat.
Continue Reading

Educate Your Users About Malicious SEO Poisoning Attacks

Since the beginning of computers, social engineering has been the number one way that computers and networks have been compromised. Social engineering is involved in 70% to 90% of all ...
Continue Reading

Online Scams Are Shortening Their Cycles and Making More Money

New analysis of blockchain activity shows scammers are needing less time to obtain crypto payments and are seeing higher payoffs per scam.
Continue Reading

Phishing Attacks Abuse Content Creation and Collaboration Platforms

Researchers at Barracuda have observed an increase in phishing attacks that abuse popular content creation and collaboration platforms. These include online graphic design platforms and ...
Continue Reading

SANS Releases Guide to Address Rise in Attacks on Manufacturing and Industrial Control Systems

Increased ransomware attacks on industrial control systems (ICS), mixed with general ICS insecurity found across the manufacturing sector, has given rise to a guide specifically ...
Continue Reading

New Ransomware Threat Group, RansomHub, is so Effective, the NSA is Already Warning You About Them

The latest evolution of the ransomware service model, RansomHub, has only been around since February of this year, but its affiliates are already successfully exfiltrating data.
Continue Reading

Attackers Using HTTP Response Headers to Redirect Victims to Phishing Pages

Researchers at Palo Alto Networks’ Unit 42 warn that attackers are using refresh entries in HTTP response headers to automatically redirect users to phishing pages without user ...
Continue Reading

Your Lawyers Are Increasingly Targeted by Phishing Attacks, Ransomware

Researchers at Bitdefender warn that law firms are high-value targets for ransomware gangs and other criminal threat actors. Attackers frequently use phishing to gain initial access to an ...
Continue Reading

Election-Themed Scams Are on the Rise

Researchers at Malwarebytes warn of a surge in election-themed scams ahead of November’s presidential election in the US. These attacks can be expected to increase as the election grows ...
Continue Reading

Use of Malicious Links Surges by 133% in Q1, Setting the Tone for the First Half of 2024

Threat actors are opting for malicious links over attachments in email-based attacks because it gives them a critical advantage that many solutions can’t address.
Continue Reading

Phishing is Still the Top Initial Access Vector

Phishing remains a top initial access vector for threat actors, according to researchers at ReliaQuest. Phishing and other social engineering tactics can bypass security technologies by ...
Continue Reading

Scammers Use Fake Funeral LiveStream Social Media Posts to Extort Victims

In a troubling new low, cybercriminals are targeting individuals grieving the loss of a loved one by charging their credit cards with excessive fees through a heartless scam. According to ...
Continue Reading

Nearly Half of Mid-Market and Enterprise Organizations Have Experienced Four or More Ransomware Attacks in the Last Year

New data exposes the reality of ransomware attacks today, including their frequency, impact, ransom payment – and the involvement of human error.
Continue Reading

Threat Actors Abuse Microsoft Sway to Launch QR Code Phishing Attacks

Researchers at Netskope last month observed a 2000-fold increase in traffic to phishing pages delivered through Microsoft Sway.
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews