Credential Phishing with Apple Gift Card Lures

Dec 5, 2022 8:57:57 AM By Stu Sjouwerman

A phishing campaign is impersonating Apple and informing the user that their Apple account has been suspended due to an invalid payment method, according to researchers at Armorblox.

Latest Netflix-Impersonated Phishing Attacks Surge in Frequency by 78% Since October

Dec 2, 2022 12:36:53 PM By Stu Sjouwerman

Using a mix of invisible and lookalike characters, this phishing attack attempts to get past security scanners by obfuscating both email content and domain names.

It’s Official: COVID-related Phishing is Dead as Scammers Return to Impersonating Famous Brands

Dec 2, 2022 12:36:50 PM By Stu Sjouwerman

New analysis of spam and malicious emails show the all but nonexistence of COVID-esque impersonation of government and pharm entities in lieu of international brands.

Spoofing-as-a-Service Site Taken Down

Dec 1, 2022 10:31:30 AM By Stu Sjouwerman

Law enforcement authorities across Europe, Australia, the United States, Ukraine, and Canada have taken down a popular website used by cybercriminals to impersonate major corporations in ...

WhatsApp data breach sees nearly 500 million user records up for sale

Nov 26, 2022 3:29:06 PM By Stu Sjouwerman

Craig Hale at Techradar reported: "A post on a “well-known hacking community forum” claims almost half a billion WhatsApp records have been breached and are up for sale.

A Recent, Complex, Ransomware Campaign

Nov 22, 2022 9:39:48 AM By Stu Sjouwerman

Microsoft has observed a threat actor that’s been running a phishing campaign since August 2022. The threat actor, which Microsoft tracks as “DEV-0569,” is using phishing emails to ...

New Instagram Support Phishing Attack Fakes “Unusual Logon” Experience Well Enough to Fool Victims

Nov 22, 2022 9:36:16 AM By Stu Sjouwerman

Long gone are the days of tacky landing pages that barely impersonate a brand; threat actors are improving their social engineering game well enough to make anyone believe it’s the real ...

Image-Based Phishing and Phone Scams Continue to Get Past Security Scanners

Nov 22, 2022 9:34:34 AM By Stu Sjouwerman

Using the simplest tactic of not including a single piece of content that can be considered malicious, these types of scams are making their way to inboxes every single time.

World Cup Phishing Attacks Doubled And Will Increase

Nov 21, 2022 4:17:16 PM By Stu Sjouwerman

Researchers at Trellix revealed that phishing email attacks targeting users in the Middle East doubled in October 2022 ahead of the World Cup in Qatar, as reported by The Record. The end ...

4 out of 10 Emails are Unwanted as nearly 40% of all Attacks Start with Phishing

Nov 21, 2022 3:59:17 PM By Stu Sjouwerman

New data focused on emails sent through Microsoft 365 highlights the methods used to ensure a successful attack beginning with a malicious email.

10 Million Health Records from Australian Insurer Medibank are Leaked After Refusing to Pay the Ransom

Nov 21, 2022 1:33:41 PM By Stu Sjouwerman

The aftermath of a ransomware attack last month demonstrates just how bad an attack can get when the cybercriminals don’t get what they want.

Retailers: Credential Harvesting Attacks Are the “Big Thing” This Year for the Holiday Season

Nov 21, 2022 11:31:25 AM By Stu Sjouwerman

New data polled from analysts and members of the retail industry about their security focus is this holiday season reveals the kinds of attacks every organization should be preparing for.

This New Phishing Kit Flies Under the Radar of Antivirus Software

Nov 21, 2022 11:29:44 AM By Stu Sjouwerman

Akamai researchers have discovered a new phishing campaign that targets United States consumers with fake holiday offers, TechRadar reports. Fake landing pages created by threat actors ...

Phishing Attacks Misuse Microsoft Dynamics 365 Customer Voice Functionality to Hide Malicious Links

Nov 17, 2022 1:41:23 PM By Stu Sjouwerman

Leveraging a legitimate feature of Dynamics 365, threat actors are able to obfuscate the malicious nature of the email within content that naturally requires user interaction.

Valid Accounts Rank as the Top Initial Access Infection Vector, Putting a Spotlight on Credentials

Nov 17, 2022 1:41:19 PM By Stu Sjouwerman

As ransomware, business email compromise, and phishing attacks continue to escalate, new data sheds light on where organizations need to focus to help put a stop to attack success.

Watch Out For This Tricky New Tactic Called Clone Phishing

Nov 17, 2022 8:49:53 AM By Stu Sjouwerman

Researchers at Vade Secure describe a type of phishing attack dubbed “clone phishing,” in which attackers follow up a legitimate email from a trusted sender with a replica, claiming that ...

[SCAM OF THE WEEK] Phishing Campaign Targets Crypto Users

Nov 16, 2022 2:46:22 PM By Stu Sjouwerman

Major cryptocurrency company FTX recently filed for bankruptcy, and there's a big phishing campaign on the loose targeting FTX users.

Fangxiao Domain-Spoofing for Revenue

Nov 16, 2022 9:07:56 AM By Stu Sjouwerman

Researchers at Cyjax describe a large phishing campaign being run by a China-based financially motivated threat actor called “Fangxiao.” The threat actor has been active since at least ...

The Rise in Unwanted Emails, Now Found to be Nearly 41%

Nov 14, 2022 9:10:54 AM By Stu Sjouwerman

How many business emails do the recipients actually want? Or, conversely, how many of them are unwanted? A study by Hornetsecurity looked at this question (along with a number of other ...

[HEADS UP] FBI Warns of Tech Support Scams That Impersonate Payment Portals for Fake Refunds

Nov 10, 2022 3:59:40 PM By Stu Sjouwerman

In the latest FBI warning, cybercriminals are now impersonating financial institutions' refund payment portals. This effort is to contain victims' personal information with legitimacy.

Security Awareness Training Blog

Phishing Blog

View Topics