Security Awareness Training Blog

Phishing Blog

Learn about current phishing techniques, notable campaigns and attacks, what to watch out for 'in the wild', and more.

Online Credential Scam Becomes a Phone Port Attack and then Turns into a Sextortion Scam

If experiencing a single cyberattack isn’t enough, this complex attack that shifted mid-stream demonstrates how attackers take advantage of victim details as an attack unfolds.
Continue Reading

FBI Warns U.S. Companies About Maze Ransomware

The FBI is warning U.S. companies about a series of recent ransomware attacks in which the perpetrator, sometimes posing as a government agency, steals data and then encrypts it to ...
Continue Reading

Phishing Remains the Most Widespread Risk

As organizations look to improving their defenses, it’s worth remembering that attackers usually get through those defenses by manipulating the human beings those security measures are in ...
Continue Reading

The Good, the Better, and the Best in Information Security

Every day, there is news about the latest data breaches, phishing attacks, the number of records that were exposed, how organizations are not doing enough to protect themselves. All of ...
Continue Reading

Tax Season Warning: the IRS on Social Engineering

We have had occasion to warn of this before, but as 2020 begins and April 15th approaches, it may be worth another mention. The US Internal Revenue Service wants taxpayers to keep a sharp ...
Continue Reading

Major Dutch University Still Fighting Ransomware Downtime; Expert Says Russian Hacker Group Responsible

Major Dutch Maastricht University was still trying to recover from a crippling cyber attack nearly a week after the university's computer systems were infected by ransomware. New ...
Continue Reading

Phishing in a Port

Among the ransomware that caused so much disruption in the latter half of 2019 was the strain known as Ryuk, and Ryuk has typically been spread by phishing. According to ZDNet, a recent ...
Continue Reading

PayPal Scammers Want More than Just Your PayPal Credentials

Researchers at ESET have come across phishing sites that try to steal PayPal logins along with a wide range of personal and financial information. The scam begins with phishing emails ...
Continue Reading

Veterans are High-Payoff Social Engineering Targets for Scammers

Veterans are particularly valuable targets for various types of social engineering attacks, according to Mary K. Talbot at the Providence Journal. Veterans are often respected leaders in ...
Continue Reading

WIRED: "The Decade Big-Money Email Scams Took Over"

Excellent article in WIRED, where they observed that In the last few years, the "Nigerian prince" scams have gotten a major upgrade. Here is an extract and a link to the full article:
Continue Reading

Star Wars Rogue One: A Phish Story

We’ve heard that scammers are exploiting the release of the new Star Wars movie by distributing malware disguised as free copies of the film. But what if we turned this on its head and ...
Continue Reading

These Aren't the Droids You're Looking For

Researchers at Kaspersky have identified sixty-five malicious files masquerading as online copies of Star Wars: The Rise of Skywalker, TechRepublic reports. The files are spread via ...
Continue Reading

How Phishing is Evolving

Attackers are always using new tactics to stay ahead of defenders, and Microsoft’s Office 365 Threat Research Team describes three noteworthy phishing techniques they’ve observed in 2019. ...
Continue Reading

Whaling: Like Phishing, but After Bigger Game

Organizations have to acknowledge their responsibility for ensuring their employees are able to recognize targeted phishing attacks, according to James McGachie, Legal Director of DLA ...
Continue Reading

Royal Mail Scam: Sorry, You Haven't in Fact Won that iPhone 11 Pro

An SMS phishing scam is targeting people in the UK with fake notifications that appear to come from the Royal Mail postal service, The Sun reports. The messages are personalized, and they ...
Continue Reading

Dancing with Hackers

Dancing with the Stars pro Witney Carson announced on Twitter that her Facebook account had been hacked. Unknown miscreants gained control of Carson’s Facebook through a unique phishing ...
Continue Reading

Best Practices for Creating Order from Phish Reporting Chaos

When Greg Kras, KnowBe4’s Chief Product Officer, first rolled out our Phish Alert Button (your users can use it to report suspicious emails), he thought it would be a great way for you to ...
Continue Reading

Spear Phishing in the Royal Canadian Mint

The Royal Canadian Mint, which produces Canada’s coins, nearly sent an employee’s paycheck to an attacker following a spear phishing attack, CBC News reports. The attacker sent an email ...
Continue Reading

Identify & Respond to Email Threats Faster with PhishER

Your users are likely already reporting potentially dangerous emails in some fashion within your organization. The increase of this email traffic can present a new problem!
Continue Reading

Mysterious Global Phishing Campaign Uncovered

A mysterious phishing campaign was spotted by threat researchers from Anomali. The global credential gathering phishing campaign was directed primarily at government procurement ...
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews