Phishing Resistant MFA Does Not Mean Un-Phishable

Nov 2, 2022 3:16:23 PM By Stu Sjouwerman

Human societies have a bad habit of taking a specific, limited-in-scope fact and turning it into an overly broad generalization that gets incorrectly believed and perpetuated as if it ...

[Scam of The Week] New Phishing Email Exploits Twitter’s Plan to Charge for Blue Checkmark

Nov 1, 2022 2:48:13 PM By Stu Sjouwerman

Michael Kan at PCMag had the scoop: A hacker is already circulating one phishing email, warning users they'll need to submit some personal information to keep the blue verified checkmark ...

LinkedIn Phishing Attack Bypassed Email Filters Because it Passed Both SPF and DMARC Auth

Oct 31, 2022 10:43:11 AM By Stu Sjouwerman

Researchers at Armorblox have observed a phishing campaign impersonating LinkedIn. The emails inform the user that their LinkedIn account has been suspended due to suspicious activity.

[EYE OPENER] Phishing Attacks 61% Up Over 2021. A Whopping 255 Million Attacks This Year So Far

Oct 30, 2022 1:17:04 PM By Stu Sjouwerman

Security Magazine wrote this week about the recent eye opening SlashNext State of Phishing report. "SlashNext analyzed billions of link-based URLs, attachments and natural language ...

Stolen Devices and Phishing

Oct 27, 2022 10:08:53 AM By Stu Sjouwerman

Researchers at Cyren describe a phishing attack that resulted from the theft of a stolen iPad. The iPad was stolen on a train in Switzerland, and briefly appeared on Apple’s location ...

Major UK Outsourcer Hit With Multi-Million Dollar Fine Due to a Phishing Attack

Oct 24, 2022 1:58:54 PM By Stu Sjouwerman

Britain's data watchdog has fined major construction group Interserve with a £4.4m fine. This was due to a cyber attack stole personal and financial details for over 113,000 employees and ...

Phishing for Student Email Accounts

Oct 24, 2022 9:23:57 AM By Stu Sjouwerman

University student accounts are being exploited for business email compromise. Researchers at Avanan have observed a rise in attacks that compromise legitimate college student accounts in ...

BazarCall Expands Callback Phishing Campaigns to Include More Support Sites and Malicious Tactics

Oct 21, 2022 1:59:44 PM By Stu Sjouwerman

The king of callback phishing campaigns has evolved their methods to include better phishing emails, phone call scams, and final payloads to ensure they achieve their malicious goals.

New Credential Harvesting Scam Impersonates Google Translate to Trick Victims

Oct 21, 2022 1:59:35 PM By Stu Sjouwerman

In an interesting twist, this latest scam identified by security researchers at Avanan attempts to establish legitimacy by making the victim think the logon page is being translated.

New Phishing Attack Attempts to Steal Social Security Numbers

Oct 20, 2022 8:54:27 AM By Stu Sjouwerman

A phishing campaign is impersonating the US Social Security Administration (SSA) in an attempt to steal Social Security numbers, according to researchers at INKY.

Phishing Targets US Election Workers

Oct 19, 2022 2:24:49 PM By Stu Sjouwerman

Researchers at Trellix warn of phishing attacks targeting election workers in advance of the US midterm elections. These attacks spiked ahead of the primary elections in Arizona and ...

New COVID-19 Phishing Wave Misuses Google Forms to Steal Victim Information

Oct 18, 2022 2:41:20 PM By Stu Sjouwerman

This new credential harvesting scam impersonates a real U.S. Government COVID-related grant program to harvest credentials and personal details using a blatantly obvious Google form.

[HEADS UP] South African Post Office Sends Warning of Targeted Phishing Attacks

Oct 18, 2022 1:31:01 PM By Stu Sjouwerman

The South Africa Post Office (SAPO) recently warned customers of phishing emails to portray the post office. These cybercriminals are asking for outstanding customs fees that require ...

Name-and-Shame Scams on Discord

Oct 18, 2022 10:05:18 AM By Stu Sjouwerman

Scammers are sending Discord messages with phony accusations to trick users into clicking on phishing links, according to Shan Abdul at MakeUseOf. The messages are sent from compromised ...

How To Stop Job Scams

Oct 17, 2022 4:01:57 PM By Roger Grimes

I am reading and hearing about a ton of job scams these days. So many, I wondered how anyone could get a real job or employee, especially in these days of often full-time, work-from-home ...

New Phishing Campaign Uses Office Docs to Install Cobalt Strike Beacon

Oct 14, 2022 9:03:08 AM By Stu Sjouwerman

Under the guise of determining applicant eligibility for a U.S. federal government job, this latest phishing attack plants the seed for a future attack on the victim organization.

German Hackers Arrested for Stealing €4 Million in 7-Month Banking Phishing Scams

Oct 14, 2022 9:02:56 AM By Stu Sjouwerman

The recent arrest demonstrates how very small and unsophisticated a cybercriminal team can be to launch a very successful phishing campaign that takes victims for millions.

Small Business Grants as Phishbait

Oct 13, 2022 9:10:04 AM By Stu Sjouwerman

INKY has published a report on the use of small business grants as phishing lures. Scammers are impersonating the US Small Business Administration (SBA) to distribute phony grant ...

Three-Quarters of Ethical Hackers Can Collect and (Potentially) Exfiltrate Data in 10 Hours or Less

Oct 12, 2022 12:00:00 PM By Stu Sjouwerman

New insight from the SANS Institute surveying 300 ethical hackers sheds some light on how they perceive your security stance – and how easy it is for them to break in despite your efforts.

Could 100% of Phishing Be Eliminated One Day?

Oct 11, 2022 12:59:34 PM By Roger Grimes

Occasionally you will hear people or organizations claiming that they are on the verge of eliminating all social engineering from reaching end-users. Could it be true? Could it happen one ...

Security Awareness Training Blog

Phishing Blog

View Topics