Phishing For Industrial Control Systems

Jan 19, 2023 8:42:58 AM By Stu Sjouwerman

Mandiant has published a report describing phishing emails that have breached organizations in the industrial sector. Mandiant explains that the majority of phishing attacks are ...

The Amazing Thing Is that DHL Phishing Campaigns STILL Work

Jan 18, 2023 2:23:24 PM By Stu Sjouwerman

Researchers at Armorblox warn that a phishing campaign is impersonating DHL with fake shipping invoices.

Spear Phishing Campaign Targets Southeast Asia

Jan 17, 2023 8:52:07 AM By Stu Sjouwerman

Researchers at Group-IB are tracking a previously unknown threat actor dubbed “Dark Pink” that’s using spear phishing attacks to target government, military, and religious organizations. ...

[Heads Up] Phishing Attacks Are Now The Top Vector For Ransomware Delivery

Jan 13, 2023 6:57:21 AM By Stu Sjouwerman

Phishing attacks are now the top vector for ransomware delivery, according to researchers at Digital Defense. Phishing emails can be highly tailored to specific employees in order to ...

Government Workers as Phishing Targets

Jan 12, 2023 8:56:34 AM By Stu Sjouwerman

Government workers are prime targets for social engineering attacks, according to Kaitlyn Levinson at GCN. Attackers use different tactics to target government employees in specific ...

Italian Cybercriminal Pleads Guilty to Phishing for Book Manuscripts

Jan 11, 2023 9:28:06 AM By Stu Sjouwerman

An Italian citizen named Filippo Bernardini has pleaded guilty in New York to stealing more than a thousand unpublished book manuscripts from various well-known authors. The targeted ...

Phishing in the Service of Espionage

Jan 9, 2023 9:14:12 AM By Stu Sjouwerman

Reuters describes a cyberespionage campaign carried out by the hitherto little-known threat group researchers track as "Cold River." The group is circumstantially but convincingly linked ...

Phishing Campaigns Impersonate the UK Government

Jan 5, 2023 8:34:42 AM By Stu Sjouwerman

The UK’s National Cyber Security Centre (NCSC) has outlined the top six most impersonated UK government agencies in 2022. The most impersonated entity was the National Health Service ...

Using AI Large Language Models to Craft Phishing Campaigns

Jan 4, 2023 8:41:49 AM By Stu Sjouwerman

Researchers at Check Point have shown that Large Language Models (LLMs) like OpenAI’s ChatGPT can be used to generate entire infection chains, beginning with a spear phishing email. The ...

Phishing Activity Rose 130% in the Second Half of 2022, Representing Three-Quarters of All Email-Based Attacks

Dec 29, 2022 10:22:48 AM By Stu Sjouwerman

New data focused on cyberattacks in the second half of the year-to-date shows phishing taking the overwhelming lead as the initial attack vector of choice.

[Heads Up] Giant LastPass Breach Can Supercharge Spear Phishing Attacks

Dec 28, 2022 2:27:36 PM By Roger Grimes

By Roger A. Grimes. KnowBe4 recommends that everyone use a password manager to create and use strong passwords as a part of their password policy ...

QBot Malware Attacks Use SVG files to Perform HTML Smuggling

Dec 27, 2022 9:20:16 AM By Stu Sjouwerman

QBot malware phishing campaigns have adopted a new distribution method using SVG files to perform HTML smuggling that locally creates a malicious installer for Windows.

The Number of Phishing Attacks Grows 15% in One Quarter, Reaching an All-Time High

Dec 22, 2022 9:44:33 AM By Stu Sjouwerman

New data shows that while ransomware remains somewhat flat, massive increases in business email compromise and response-based email attacks were seen last quarter.

Ivanti Report Shows Cybersecurity Practitioners Concentrating on Right Threats

Dec 21, 2022 9:25:23 AM By Roger Grimes

A recent Ivanti report shows cybersecurity practitioners getting more focused on the threat landscape, but defenders may need to hone their attention to focus on the right threats.

Social Engineering, Money Mules, and Job Seekers

Dec 19, 2022 10:32:37 AM By Stu Sjouwerman

A small town in Manitoba, WestLake-Gladstone (population about 3300), fell victim to a social engineering campaign. The municipal government seems to have been a target of opportunity, ...

Ten Charged with BEC Healthcare Scheme That Took More than $11 Million

Dec 14, 2022 2:03:59 PM By Stu Sjouwerman

Tricking five state Medicaid programs, two Medicare Administrative Contractors, and two private health insurers, the scammers posed as hospitals to alter payment details.

Cybersecurity Experts Weigh in on Modern Email Attacks

Dec 14, 2022 2:03:19 PM By Stu Sjouwerman

Abnormal Security’s CISO, Mike Britton consolidates some of the best advice from a three-part webinar series on the current state of risk found in email-based cyberattacks

Utility Bill is the New Phishbait for Cybercriminals

Dec 14, 2022 9:12:45 AM By Stu Sjouwerman

An SMS phishing (smishing) campaign is impersonating utility providers in the US, Cybernews reports. Researchers at Enea AdaptiveMobile Security spotted the campaign, which informs ...

CISA Phishing Infographic Contains a Lot of Good Information

Dec 13, 2022 8:54:06 AM By Roger Grimes

On December 8th, the Cybersecurity & Infrastructure Security Agency (CISA) released a great phishing infographic about data collected, lessons learned and recommendations learned from ...

[CASE STUDY] New-school Approach to Training and Simulated Phishing Shines Over Traditional LMS

Dec 12, 2022 1:49:34 PM By Stu Sjouwerman

A U.S.-based enterprise manufacturing organization cut their Phish-prone Percentage™ (PPP) by more than 80% after five months using the KnowBe4 security awareness training and simulated ...

Security Awareness Training Blog

Phishing Blog

View Topics