Security Awareness Training Blog

Phishing Blog

Learn about current phishing techniques, notable campaigns and attacks, what to watch out for 'in the wild', and more.

U.K. Sees an Increase in Sophisticated Phishing Attacks Targeting Educational Institutions

Using a mix of identity deception, domain spoofing, credential theft, and bank fraud, scammers are taking advantage of soft targets in the U.K.’s education sector. 
Continue Reading

NSO spyware ‘targets Big Tech cloud services’

The Israeli company whose spyware hacked WhatsApp has told buyers its technology can surreptitiously scrape all of an individual’s data from the servers of Apple, Google, Facebook, Amazon ...
Continue Reading

Lateral Phishing Used To Attack Organizations On Global Scale

Warwick Ashford at ComputerWeekly reported: "Lateral phishing is a growing type of account takeover that has enabled attackers to target more than 100,000 people by hijacking just 154 ...
Continue Reading

Microsoft Notifies 10,000 Customers About Nation-state Cyber Attacks

In an article about cyber security related to voting machines, an interesting snippet of information surfaced: “Microsoft said it has notified almost 10,000 customers in the past year ...
Continue Reading

[INFOGRAPHIC] Employees receive nearly five phishing emails per work week, according to Avanan

One in every 99 work emails is a phishing attack, according to a recent Avanan report. With employees accustomed to a busy inbox, it's easy to fall victim to a phishing attack disguising ...
Continue Reading

Mimecast Identifies Brand New Phishing Tactic Called "SHTML"

In early April, the Mimecast Threat Center team discovered a rare type of server-parsed HTML (SHTML) based phishing attack emerging from the UK.
Continue Reading

UK Mid-Sized Firms Lost £30bn to CyberAttacks in 2018

Phil Muncaster at InfoSec Mag reported that "Cybersecurity incidents have cost UK mid-market firms a combined £30bn over the past year as automated attacks become the norm, according to ...
Continue Reading

NEW SANS Whitepaper: Automating Response to Phish Reporting

As part of his SANS Technology Institute Master's degree, Geoffrey Parker recently published a whitepaper called Automating Response to Phish Reporting that got an A, was made a gold ...
Continue Reading

An Amazon Phishing Scam Hits Just In Time For Prime Day

Amazon has confirmed that Prime Day 2019 will begin at 12 a.m. PT on Monday, July 15 and conclude at 11:59 p.m. PT on Tuesday, July 16.
Continue Reading

TrickBot Malware May Recently Have Hacked 250 Million Email Accounts

Endgadged reported that "TrickBot malware may recently have stolen as many as 250 million email accounts, including some belonging to governments in the US, UK and Canada. The malware ...
Continue Reading

Homeland Security Warning About Phishing As A Threat to 2020 Elections

The US Department of Homeland Security is warning state election officials that phishing attacks are one of the greatest threats to watch out for as the 2020 elections approach.
Continue Reading

Automated Tailored EBAY Spam Campaign Leads to Risky Sites

Automated spam on eBay is spreading tailored phishing messages offering to promote users’ products, and the links the spammers share can lead to dangerous websites, according to Paul ...
Continue Reading

Phishing And Impersonation Attacks Balloon in South Africa

South African companies saw an increase in phishing attacks containing malicious links or attachments in the past year. This is according to Mimecast’s 2019 State of ...
Continue Reading

Discovered This Year: 5,334 Kits Offering Evasive Criminal Phishing-as-a-Service

Commodity phishing kits are making it easier for unskilled criminals to run sophisticated phishing campaigns for a low price, according to a report from cloud security provider Cyren.
Continue Reading

80% of all Brand Deception Phishing Scams Targeting Execs Pretend to be Microsoft

The prevalence of Office 365 and the Windows OS has caused cybercriminals to choose the software titan as their primary brand used in identity deception phishing scams.
Continue Reading

Over Half of Employees Don’t Adhere to Email Security Protocols

A new survey by Barracuda Networks shows that the vast majority (87%) of decision makers believe email threats will rise in the coming year. However, companies are ill-prepared to defend ...
Continue Reading

Cyber Crime Refines Their Social Engineering Tactics

Attackers are improving their strategies by accounting for new developments in technology, Help Net Security reports. Researchers at FireEye analyzed 1.3 billion phishing emails and ...
Continue Reading

Dridex Credential Stealer Returns With New Antivirus Evasion - Including Application Whitelisting

SCMag reported that a new strain of the notorious Dridex malware has been spotted using polymorphism antivirus evasion techniques in phishing emails. The Dridex credential-stealer that ...
Continue Reading

Which Of The Four Types of Social Engineering Is The Most Damaging?

Cybercriminals know that targeted social engineering attacks lead to the highest payoffs, so the frequency and sophistication of these attacks is guaranteed to increase, writes Jasmine ...
Continue Reading

1.5 Billion Gmail Calendar Users are the Target of a Crafty New Phishing Scam

Users of Google’s Calendar app are being warned about a scam that takes advantage of the popularity of the free service and its ability to schedule meetings easily.
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews