Security Awareness Training Blog

Phishing Blog

Learn about current phishing techniques, notable campaigns and attacks, what to watch out for 'in the wild', and more.

[Phishing Alert] UK Home Office primes Brexit spam cannon for a million texts reminding folk to check passports

The Register reported: "The UK Home Office will send a million text messages reminding people that the rules for travelling to the European Union will change in the event of a no-deal ...
Continue Reading

Video Becomes the Next Big Bait for Social Engineering

Scammers are always looking for new ways to get potential victims to engage. It appears that the latest trend is to leverage our familiarity with watching video to spawn an attack.
Continue Reading

Global Phishing Campaign Targets Universities

Researchers at Secureworks’ Counter Threat Unit (CTU) have been tracking a major phishing campaign that’s using library-themed emails to target more than sixty universities around the ...
Continue Reading

Phishing Nightmare? New "Deadline" Email From Equifax Settlement Administrator Notifies of Changes in Filing.

You’d better check your email queue for a new email from The Equifax Breach Settlement Administrator that was sent out several days ago to those who previously filed a claim. It will ...
Continue Reading

[Brand New Webinar] Crafty Ways the Bad Guys Use Pretexting to Own Your Network

Today’s phishing attacks have evolved way beyond spray-and-pray emails that mass target victims. Instead, the bad guys have carefully researched your organization in order to set the ...
Continue Reading

FBI Cyber Warning: Attacks On Key Employees Up 100%, As 281 Are Arrested

Zak Doffman, contributor at Forbes reported: "There is a cyberattack epidemic hitting businesses around the world, targeting individuals responsible for requesting fund transfers or ...
Continue Reading

The Legal Profession's Catfishing Problem

Scammers frequently impersonate lawyers in fraudulent emails in order to get recipients to take those emails seriously, according to Victoria Hudgins at Legaltech News. Legal threats or ...
Continue Reading

The FBI Updates Their Numbers And BEC Is Now A 26 Billion Dollar Scam

FBI's Internet Crime Complaint Center (IC3) says that Business Email Compromise (BEC) scams —aka CEO Fraud—are continuing to grow every year, with a 100% increase in the identified global ...
Continue Reading

Cybersecurity: 99% of email attacks rely on victims clicking links

Danny Palmer at ZDNet had the scoop: "Social engineering is by far the biggest factor in malicious hacking campaigns, warn researchers – so how can it be stopped?"
Continue Reading

Nemty Ransomware Infests Bogus PayPal Site

BleepingComputer describes a PayPal phishing site that’s delivering a new strain of Nemty ransomware. The attackers used Unicode characters from different alphabets to make their URL look ...
Continue Reading

Cybercriminals Unleash Ransomware Attack Designed to Compromise the Security of 120 French Hospitals

A ransomware infection has left one hospital in a group of 120 resorting to pen and paper as they work to remediate an attack custom-designed to attempt to take down all 120.
Continue Reading

Targeted Business Email Compromise Now Includes Validating Your Email

A new scammer group out of Nigeria is taking additional steps to verify email addresses are valid before launching BEC campaigns designed to commit fraud.
Continue Reading

Social Media and Their Exploitation in Social Engineering

Phishing is most commonly associated with email, but social media are quickly becoming a major hunting grounds for scammers, according to Elliot Volkman from PhishLabs. Social media ...
Continue Reading

U.K. Charity Workers Most At Risk From Phishing

Tessian report finds a large amount of U.K. charity workers aren't getting proper security awareness training. Michael Moore at ITProPortal wrote: "UK charities are leaving themselves ...
Continue Reading

Advanced Android SMS Phishing

Attackers can launch SMS phishing attacks to remotely change settings on a victim’s Android device, researchers at Check Point have found. These attacks take advantage of weak ...
Continue Reading

Email Account Takeover and Lateral Phishing Attacks Increase Risk to Enterprises

The latest method of attack uses sender familiarity to lower victim defenses and increase the potential for scams, attacks, or fraud to succeed.
Continue Reading

New Ursnif Malware Attacks Use Phishing, Social Engineering and Microsoft Word

The decade-old malware traditionally used to capture banking details has been given new life and spotted in the wild, being distributed via malicious Word documents.
Continue Reading

Phishing for Cloud Providers A New Supply Chain Threat

Attackers are going after cloud-based customer relationship management (CRM) providers in order to launch unusually convincing phishing campaigns, KrebsOnSecurity reports.
Continue Reading

Watch Out For Hurricane Dorian Phishing Scams. We have Templates Ready For You.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warns users to remain vigilant for malicious cyber activity targeting Hurricane Dorian disaster victims and potential ...
Continue Reading

Multistage Phishing Attacks Target Financial Information

Trend Micro researchers have published details about a sophisticated phishing campaign they’ve named “Heatstroke.” The attackers behind Heatstroke go after victims’ private email ...
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews