Phishing Campaign Abuses Microsoft Customer Voice

Nov 10, 2022 11:28:15 AM By Stu Sjouwerman

Researchers at Avanan warn that a phishing campaign is using Microsoft’s Dynamic 365 Customer Voice feature to send malicious links. Customer Voice is designed to collect feedback from ...

Here Is What You Can Do To Inspect SMS URL Links Before Clicking

Nov 9, 2022 4:39:12 PM By Roger Grimes

Phishing via Short Message Service (SMS) texts, what is known as smishing, is becoming increasingly common (some examples are shown below). There is probably not a person on Earth who ...

Cookie-stealing Feature Added by Phishing-as-a-Service Provider To Bypass MFA

Nov 9, 2022 8:50:47 AM By Stu Sjouwerman

The Robin Banks phishing-as-a-service platform now has a feature to bypass multi-factor authentication by stealing login session cookies, according to researchers at IronNet. The phishing ...

PhishER Turns Golden Hour Into Golden Minute

Nov 8, 2022 10:00:35 AM By Roger Grimes

Hospital emergency rooms around the world are fine-tuned to meet the requirements of the “Golden Hour”. The Golden Hour is a well-accepted medical fact that critically injured or ill ...

[HEADS UP] Australia Continues to be Vulnerable to Cybercrimes as Half a Billion Has Been Lost to Scammers

Nov 7, 2022 10:23:44 AM By Stu Sjouwerman

Australia is the new hot spot for cyber attacks. The Australian Cyber Security Centre (ACSC) recently reported that Australia has been targeted by cybercriminals every 7 minutes, and the ...

DHL Tops the List of Most Impersonated Brand in Phishing Attacks

Nov 4, 2022 2:36:21 PM By Stu Sjouwerman

As scammers shift their campaigns and learn from their successes, new data shows that the global delivery service is the current brand of choice, with equally familiar brands trailing ...

New LinkedIn-Impersonated Phishing Attack Uses Bad Sign-In Attempts to Harvest Credentials

Nov 4, 2022 2:36:05 PM By Stu Sjouwerman

With compromised LinkedIn credentials providing cybercriminals with ample means to socially engineer business contacts, this campaign is a stark warning for organizations.

Phishing for Feds: Credential-Harvesting Attacks Found in New Study

Nov 3, 2022 1:47:30 PM By Stu Sjouwerman

A study by researchers at Lookout has found that credential-harvesting phishing attacks against US government employees rose by 30% last year. The researchers also found that nearly 50% ...

FBI: Watch Out for Student Loan Forgiveness Scams!

Nov 3, 2022 1:14:46 PM By Stu Sjouwerman

Scammers are taking advantage of the victims desire to take advantage of debt cancellation up to $20,000 – with the only one cashing in being the scammer!

Phishing Resistant MFA Does Not Mean Un-Phishable

Nov 2, 2022 3:16:23 PM By Stu Sjouwerman

Human societies have a bad habit of taking a specific, limited-in-scope fact and turning it into an overly broad generalization that gets incorrectly believed and perpetuated as if it ...

[Scam of The Week] New Phishing Email Exploits Twitter’s Plan to Charge for Blue Checkmark

Nov 1, 2022 2:48:13 PM By Stu Sjouwerman

Michael Kan at PCMag had the scoop: A hacker is already circulating one phishing email, warning users they'll need to submit some personal information to keep the blue verified checkmark ...

LinkedIn Phishing Attack Bypassed Email Filters Because it Passed Both SPF and DMARC Auth

Oct 31, 2022 10:43:11 AM By Stu Sjouwerman

Researchers at Armorblox have observed a phishing campaign impersonating LinkedIn. The emails inform the user that their LinkedIn account has been suspended due to suspicious activity.

[EYE OPENER] Phishing Attacks 61% Up Over 2021. A Whopping 255 Million Attacks This Year So Far

Oct 30, 2022 1:17:04 PM By Stu Sjouwerman

Security Magazine wrote this week about the recent eye opening SlashNext State of Phishing report. "SlashNext analyzed billions of link-based URLs, attachments and natural language ...

Stolen Devices and Phishing

Oct 27, 2022 10:08:53 AM By Stu Sjouwerman

Researchers at Cyren describe a phishing attack that resulted from the theft of a stolen iPad. The iPad was stolen on a train in Switzerland, and briefly appeared on Apple’s location ...

Major UK Outsourcer Hit With Multi-Million Dollar Fine Due to a Phishing Attack

Oct 24, 2022 1:58:54 PM By Stu Sjouwerman

Britain's data watchdog has fined major construction group Interserve with a £4.4m fine. This was due to a cyber attack stole personal and financial details for over 113,000 employees and ...

Phishing for Student Email Accounts

Oct 24, 2022 9:23:57 AM By Stu Sjouwerman

University student accounts are being exploited for business email compromise. Researchers at Avanan have observed a rise in attacks that compromise legitimate college student accounts in ...

BazarCall Expands Callback Phishing Campaigns to Include More Support Sites and Malicious Tactics

Oct 21, 2022 1:59:44 PM By Stu Sjouwerman

The king of callback phishing campaigns has evolved their methods to include better phishing emails, phone call scams, and final payloads to ensure they achieve their malicious goals.

New Credential Harvesting Scam Impersonates Google Translate to Trick Victims

Oct 21, 2022 1:59:35 PM By Stu Sjouwerman

In an interesting twist, this latest scam identified by security researchers at Avanan attempts to establish legitimacy by making the victim think the logon page is being translated.

New Phishing Attack Attempts to Steal Social Security Numbers

Oct 20, 2022 8:54:27 AM By Stu Sjouwerman

A phishing campaign is impersonating the US Social Security Administration (SSA) in an attempt to steal Social Security numbers, according to researchers at INKY.

Phishing Targets US Election Workers

Oct 19, 2022 2:24:49 PM By Stu Sjouwerman

Researchers at Trellix warn of phishing attacks targeting election workers in advance of the US midterm elections. These attacks spiked ahead of the primary elections in Arizona and ...

Security Awareness Training Blog

Phishing Blog

View Topics