Security Awareness Training Blog

Phishing Blog

Learn about current phishing techniques, notable campaigns and attacks, what to watch out for 'in the wild', and more.

Customer Care Numbers as Phishbait

Researchers at CloudSEK have published a report looking at fraudulent customer service phone numbers in India. The researchers found around 20,000 of these phone numbers targeting users ...
Continue Reading

NameCheap’s SendGrid Email Account Compromised, Used to Send Phishing Emails

Since phishing attacks need legitimacy to increase their deliverability, this latest twist shows how phishing scammers and hackers are working together to ensure phishing attacks continue.
Continue Reading

Blind Eagle Goes Phishing

BlackBerry has published a report on a threat actor, Blind Eagle, also known as APT-C-36, which has been operating against targets in Ecuador and Colombia since at least 2019. Its most ...
Continue Reading

Thousands of NPM Packages Used to Spread Phishing Links

Researchers at Checkmarx warn that attackers uploaded more than 15,000 packages to NPM, the open-source repository for JavaScript packages, to distribute phishing links. The packages ...
Continue Reading

Malware Report: The Number of Unique Phishing Emails in Q4 Rose by 36%

With nearly 280 million phishing emails detected by just one vendor, and the increase in the number of unique emails, organizations have a lot to be worried about in 2023.
Continue Reading

W-2s Are Just the Beginning of Tax-Related Scams This Year

Email scammers can’t pass up a tried and true theme that is almost guaranteed to produce results. And with W-2 forms being sent out, it marks the start of this year’s expected campaigns.
Continue Reading

Ransomware Attacks Using Extortion Tactics Reaches Critical Mass at 96% of all Attacks

New cyber attack data from 2022 is providing insight into what to expect in 2023, including ransomware campaigns.
Continue Reading

Should You Click on Unsubscribe?

Some common questions we get are “Should I click on an unwanted email’s ’Unsubscribe’ link? Will that lead to more or less unwanted email?”
Continue Reading

[HEADS UP] Russian Hacker Group Launches New Spear Phishing Campaign with Targets in US and Europe

The Russian-based hacking group Seaborgium is at it again with increased spear phishing attacks targeting US and European countries in the last year.
Continue Reading

New Survey Reveals Employees are the Attack Surface

A survey by Tanium has found that IT security professionals in the UK say that 64% of avoidable cyber attacks are due to human error, which usually involves falling for phishing attacks. ...
Continue Reading

Reddit is the Latest Victim of a Spear Phishing Attack Resulting in a Data Breach

There is a lot to learn from Reddit's recent data breach, which was the result of an employee falling for a “sophisticated and highly-targeted” spear phishing attack.
Continue Reading

FTC: Romance Scams Cost U.S. Victims a Total of $1.3 Billion

Seemingly repeating the previous year, the FTC’s latest report highlights that nearly 70,000 people reported being the victim of a romance scam last year.
Continue Reading

Cybercriminals are Using Geotargeted Phishing to Target Victims

Attackers are abusing a legitimate service called “GeoTargetly” to launch localized phishing attacks, according to Jeremy Fuchs at Avanan. GeoTargetly is meant to be used by advertisers ...
Continue Reading

Hackers Work Around ChatGPT Malicious Content Restrictions to Create Phishing Email Content

Active discussions in hacker forums on the dark web showcase how using a mixture of the Open AI API and automated bot from the Telegram messenger platform can create malicious emails.
Continue Reading

Be Wary of Survey Scams

Online surveys are too often scams designed to steal personal or financial information, warns Phil Muncaster at ESET. Muncaster explains that these surveys are usually distributed via ...
Continue Reading

[HEADS UP] If You're a Fan of 'The Last of Us' You May be Targeted for These Campaigns

The success of the TV adaption of this PlayStation game 'The Last of Us' has been a huge hit for fans. Unfortunately, this new series has attracted bad actors to exploit for their own ...
Continue Reading

Do Not Fall Victim to Cyber Attacks – Find Out What the Latest Hiscox Report Reveals!

Insurance provider Hiscox has published its fifth annual cyber readiness report, which has some eye-opening statistics.
Continue Reading

[Scam Of The Week] The Turkey-Syria Earthquake

Just when you think they cannot sink any lower, criminal internet scum is now exploiting the recent earthquake in Turkey and Syria.
Continue Reading

[New Feature] Immediately Add User-Reported Email Threats to Your Microsoft 365 Blocklist from Your PhishER Console

Now there’s a super easy way to keep malicious emails away from your users through the power of the KnowBe4 PhishER platform!
Continue Reading

A Close Call – PayPal Scam Warning

On Sunday, I received an urgent message from a friend. PayPal had sent him an email saying that a co-worker had sent him money. This was not unexpected, as he was collecting contributions ...
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews