Image-Based Phishing and Phone Scams Continue to Get Past Security Scanners

Nov 22, 2022 9:34:34 AM By Stu Sjouwerman

Using the simplest tactic of not including a single piece of content that can be considered malicious, these types of scams are making their way to inboxes every single time.

World Cup Phishing Attacks Doubled And Will Increase

Nov 21, 2022 4:17:16 PM By Stu Sjouwerman

Researchers at Trellix revealed that phishing email attacks targeting users in the Middle East doubled in October 2022 ahead of the World Cup in Qatar, as reported by The Record. The end ...

4 out of 10 Emails are Unwanted as nearly 40% of all Attacks Start with Phishing

Nov 21, 2022 3:59:17 PM By Stu Sjouwerman

New data focused on emails sent through Microsoft 365 highlights the methods used to ensure a successful attack beginning with a malicious email.

10 Million Health Records from Australian Insurer Medibank are Leaked After Refusing to Pay the Ransom

Nov 21, 2022 1:33:41 PM By Stu Sjouwerman

The aftermath of a ransomware attack last month demonstrates just how bad an attack can get when the cybercriminals don’t get what they want.

Retailers: Credential Harvesting Attacks Are the “Big Thing” This Year for the Holiday Season

Nov 21, 2022 11:31:25 AM By Stu Sjouwerman

New data polled from analysts and members of the retail industry about their security focus is this holiday season reveals the kinds of attacks every organization should be preparing for.

This New Phishing Kit Flies Under the Radar of Antivirus Software

Nov 21, 2022 11:29:44 AM By Stu Sjouwerman

Akamai researchers have discovered a new phishing campaign that targets United States consumers with fake holiday offers, TechRadar reports. Fake landing pages created by threat actors ...

Phishing Attacks Misuse Microsoft Dynamics 365 Customer Voice Functionality to Hide Malicious Links

Nov 17, 2022 1:41:23 PM By Stu Sjouwerman

Leveraging a legitimate feature of Dynamics 365, threat actors are able to obfuscate the malicious nature of the email within content that naturally requires user interaction.

Valid Accounts Rank as the Top Initial Access Infection Vector, Putting a Spotlight on Credentials

Nov 17, 2022 1:41:19 PM By Stu Sjouwerman

As ransomware, business email compromise, and phishing attacks continue to escalate, new data sheds light on where organizations need to focus to help put a stop to attack success.

Watch Out For This Tricky New Tactic Called Clone Phishing

Nov 17, 2022 8:49:53 AM By Stu Sjouwerman

Researchers at Vade Secure describe a type of phishing attack dubbed “clone phishing,” in which attackers follow up a legitimate email from a trusted sender with a replica, claiming that ...

[SCAM OF THE WEEK] Phishing Campaign Targets Crypto Users

Nov 16, 2022 2:46:22 PM By Stu Sjouwerman

Major cryptocurrency company FTX recently filed for bankruptcy, and there's a big phishing campaign on the loose targeting FTX users.

Fangxiao Domain-Spoofing for Revenue

Nov 16, 2022 9:07:56 AM By Stu Sjouwerman

Researchers at Cyjax describe a large phishing campaign being run by a China-based financially motivated threat actor called “Fangxiao.” The threat actor has been active since at least ...

The Rise in Unwanted Emails, Now Found to be Nearly 41%

Nov 14, 2022 9:10:54 AM By Stu Sjouwerman

How many business emails do the recipients actually want? Or, conversely, how many of them are unwanted? A study by Hornetsecurity looked at this question (along with a number of other ...

[HEADS UP] FBI Warns of Tech Support Scams That Impersonate Payment Portals for Fake Refunds

Nov 10, 2022 3:59:40 PM By Stu Sjouwerman

In the latest FBI warning, cybercriminals are now impersonating financial institutions' refund payment portals. This effort is to contain victims' personal information with legitimacy.

Phishing Campaign Abuses Microsoft Customer Voice

Nov 10, 2022 11:28:15 AM By Stu Sjouwerman

Researchers at Avanan warn that a phishing campaign is using Microsoft’s Dynamic 365 Customer Voice feature to send malicious links. Customer Voice is designed to collect feedback from ...

Here Is What You Can Do To Inspect SMS URL Links Before Clicking

Nov 9, 2022 4:39:12 PM By Roger Grimes

Phishing via Short Message Service (SMS) texts, what is known as smishing, is becoming increasingly common (some examples are shown below). There is probably not a person on Earth who ...

Cookie-stealing Feature Added by Phishing-as-a-Service Provider To Bypass MFA

Nov 9, 2022 8:50:47 AM By Stu Sjouwerman

The Robin Banks phishing-as-a-service platform now has a feature to bypass multi-factor authentication by stealing login session cookies, according to researchers at IronNet. The phishing ...

PhishER Turns Golden Hour Into Golden Minute

Nov 8, 2022 10:00:35 AM By Roger Grimes

Hospital emergency rooms around the world are fine-tuned to meet the requirements of the “Golden Hour”. The Golden Hour is a well-accepted medical fact that critically injured or ill ...

[HEADS UP] Australia Continues to be Vulnerable to Cybercrimes as Half a Billion Has Been Lost to Scammers

Nov 7, 2022 10:23:44 AM By Stu Sjouwerman

Australia is the new hot spot for cyber attacks. The Australian Cyber Security Centre (ACSC) recently reported that Australia has been targeted by cybercriminals every 7 minutes, and the ...

DHL Tops the List of Most Impersonated Brand in Phishing Attacks

Nov 4, 2022 2:36:21 PM By Stu Sjouwerman

As scammers shift their campaigns and learn from their successes, new data shows that the global delivery service is the current brand of choice, with equally familiar brands trailing ...

New LinkedIn-Impersonated Phishing Attack Uses Bad Sign-In Attempts to Harvest Credentials

Nov 4, 2022 2:36:05 PM By Stu Sjouwerman

With compromised LinkedIn credentials providing cybercriminals with ample means to socially engineer business contacts, this campaign is a stark warning for organizations.

Security Awareness Training Blog

Phishing Blog

View Topics