Security Awareness Training Blog

Phishing Blog

Learn about current phishing techniques, notable campaigns and attacks, what to watch out for 'in the wild', and more.

Students Phished with Bogus Job Offers

A phishing campaign is targeting college students with phony part-time job opportunities, according to Jeremy Fuchs at Avanan. The emails purport to come from the colleges’ job placement ...
Continue Reading

Yahoo Suddenly Rises in Popularity in Q4 to Become the Most Impersonated Brand in Phishing Attacks

Completely absent from the top 10 brands for more than two years, Yahoo’s impersonation may indicate that scammers are looking for new attack angles using lesser-used brands.
Continue Reading

OneNote Attachments Used as Phish Hooks

Threat actors are using malicious attachments in OneNote in order to distribute malware, BleepingComputer reports. The attackers attach VBS files that instruct the user to double-click on ...
Continue Reading

Alert: Refund Scam Targeting Federal Agencies via RMM Software

At least two federal civilian agencies were the unfortunate victims of a refund scam campaign, perpetrated through the use of remote monitoring and management (RMM) software. CISA, the ...
Continue Reading

Do Not Get Fooled Twice: Mailchimp's Latest Breach Raises Alarm Bells – Protect Yourself Now!

For the second time in less than a year, Mailchimp has found itself in a precarious situation, having to admit that it has been breached. It appears that a social engineering attack ...
Continue Reading

Phishing Campaign Impersonates Japanese Rail Company

Researchers at Safeguard Cyber describe a phishing campaign that’s posing as a Japanese rail ticket reservation company.
Continue Reading

2022 Report Confirms Business-Related Phishing Emails Trend [INFOGRAPHIC]

KnowBe4's latest reports on top-clicked phishing email subjects have been released for 2022 and Q4 2022. We analyze 'in the wild' attacks reported via our Phish Alert Button, top subjects ...
Continue Reading

New QR Code Phishing Campaign is Impersonating the Chinese Ministry of Finance

Researchers at Fortinet warn that a phishing campaign is impersonating the Chinese Ministry of Finance. The phishing emails contain a document with a QR code that leads to a ...
Continue Reading

Ransomware Has SMBs Reprioritizing Their Cybersecurity Spending to Combat Attacks

New data shows that SMBs can clearly see where they have cybersecurity issues and are taking great strides to put their devoted budget to security technology and services that actually ...
Continue Reading

The Current State of Cybersecurity Should Fear AI Tools Like ChatGPT

Malicious use of the text-based AI has already begun to be seen in the wild, and speculative ways attackers can use ChatGPT may spell temporary doom for cybersecurity solutions.
Continue Reading

Unusual Blank-Image Phishing Attacks Impersonate DocuSign

An unusual phishing technique has surfaced this week. Avanan, a Check Point Software company, released a blog Thursday morning detailing a new attack in which hackers hide malicious ...
Continue Reading

Phishing For Industrial Control Systems

Mandiant has published a report describing phishing emails that have breached organizations in the industrial sector. Mandiant explains that the majority of phishing attacks are ...
Continue Reading

The Amazing Thing Is that DHL Phishing Campaigns STILL Work

Researchers at Armorblox warn that a phishing campaign is impersonating DHL with fake shipping invoices.
Continue Reading

Spear Phishing Campaign Targets Southeast Asia

Researchers at Group-IB are tracking a previously unknown threat actor dubbed “Dark Pink” that’s using spear phishing attacks to target government, military, and religious organizations. ...
Continue Reading

[Heads Up] Phishing Attacks Are Now The Top Vector For Ransomware Delivery

Phishing attacks are now the top vector for ransomware delivery, according to researchers at Digital Defense. Phishing emails can be highly tailored to specific employees in order to ...
Continue Reading

Government Workers as Phishing Targets

Government workers are prime targets for social engineering attacks, according to Kaitlyn Levinson at GCN. Attackers use different tactics to target government employees in specific ...
Continue Reading

Italian Cybercriminal Pleads Guilty to Phishing for Book Manuscripts

An Italian citizen named Filippo Bernardini has pleaded guilty in New York to stealing more than a thousand unpublished book manuscripts from various well-known authors. The targeted ...
Continue Reading

Phishing in the Service of Espionage

Reuters describes a cyberespionage campaign carried out by the hitherto little-known threat group researchers track as "Cold River." The group is circumstantially but convincingly linked ...
Continue Reading

Phishing Campaigns Impersonate the UK Government

The UK’s National Cyber Security Centre (NCSC) has outlined the top six most impersonated UK government agencies in 2022. The most impersonated entity was the National Health Service ...
Continue Reading

Using AI Large Language Models to Craft Phishing Campaigns

Researchers at Check Point have shown that Large Language Models (LLMs) like OpenAI’s ChatGPT can be used to generate entire infection chains, beginning with a spear phishing email. The ...
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews