Security Awareness Training Blog

Phishing Blog

Learn about current phishing techniques, notable campaigns and attacks, what to watch out for 'in the wild', and more.

Phishing Attacks Reach an All-Time High, Quadrupling That of Early 2020

New quarterly data from the Anti-Phishing Working Group shows unprecedented phishing activity with increases in BEC, use of social media, vishing, and smishing.
Continue Reading

Do Not Use Easily Phishable MFA and That Is Most MFA!

Everyone should use multifactor authentication (MFA), where they can, to protect valuable information. Everyone!
Continue Reading

Social Engineering Targets Healthcare Payment Processors

The US Federal Bureau of Investigation (FBI) has issued an alert warning of an increase in phishing and other social engineering attacks against healthcare payment processors.
Continue Reading

[HEADS UP] Bank of America Warns About Recent Scams That Request Zelle Payment Due to 'Suspicious Activity'

Bank of America recently sent a customer service email warning users to watch out for this new phishing attack.
Continue Reading

Phishing from a French Government Career Website

Attackers are exploiting a legitimate French government website to send phishing messages, according to researchers at Vade. The website, Pôle Emploi, is a career site for companies ...
Continue Reading

[MSP News] Manage Your Multiple KnowBe4 Accounts Faster with Managed Training and Phishing Rolled Into One

You wanted the ability to manage both phishing and training campaigns across multiple KnowBe4 accounts, and we listened!
Continue Reading

Cisco Attempt Attributed to Lapsus$ Group

Security researchers at Cisco Talos have issued an update on the cyberattack Cisco sustained earlier this year. The attack began with a phishing attack against a Cisco employee, which led ...
Continue Reading

[HEADS UP] The Online Scams exploiting Queen Elizabeth's Death are Here

The Sun just reported that experts are sending a warning about online scams in relation to Queen Elizabeth's passing.
Continue Reading

Scammer Continues Phishing From Prison

Dutch authorities have announced that an imprisoned scammer was running a phishing operation from his jail cell, Cybernews reports. The crook used four mobile phones to post malicious ads ...
Continue Reading

Report: 80% of Phishing Attacks Leverage Legitimate Web Infrastructure and Services

Threat actors are taking advantage of every free tool and service they can to improve their changes of successfully fooling security solutions, with compromised websites taking the lead.
Continue Reading

Gaming-Related Phishing Trends

Researchers at Kaspersky have found that the vast majority of gaming-related malware lures are targeted at Minecraft players. Roblox came in at a distant second, and the researchers note ...
Continue Reading

Singapore: Top Ten Scams in the First Half of 2022 Cost Over $227 Million, Scam Frequency Rises by 94%

Queries of reported cases to Singapore Police reveal a rise in scam costs by 59% as phishing cases double and job-related scams increase 7x from the first half of 2021.
Continue Reading

New Phishing-as-a-Service Platform

Researchers at Resecurity have discovered a new Phishing-as-a-Service (PhaaS) platform called “EvilProxy” that’s being offered on the dark web. EvilProxy is designed to target accounts on ...
Continue Reading

[On-Demand Webinar] Combatting Rogue URL Tricks: Quickly Identify and Investigate the Latest Phishing Attacks

Everyone knows you shouldn’t click phishy links. But are your end users prepared to quickly identify the trickiest tactics bad actors use before it’s too late? Probably not.
Continue Reading

Spear Phishing Campaign Targets Financial Institutions in African Countries

Researchers at Check Point have discovered a spear phishing campaign dubbed “DangerousSavanna” that's targeting financial entities in at least five African countries.
Continue Reading

The Number of Phishing Attack Cases in Japan Hit an All-Time High

The number of reported cases of phishing to Japan’s Council of Anti-Phishing reached over 100,000 in July, just as a notice of scams impersonating Japan’s National Tax Agency is released.
Continue Reading

So, Your MFA is Phishable, What To Do Next

We’ve written a lot about multi-factor authentication (MFA) not being the Holy Grail to prevent phishing attacks, including here:
Continue Reading

Phishing Attacks Leveraging Legitimate SaaS Platforms Soars 1100%

As threat actors look for ways to evade detection by security solutions, the use of cloud applications has seen a material jump in the last 12 months, according to new data.
Continue Reading

Phishing and Malicious Emails Are Still the Primary Initial Attack Vector

As cybercriminals continue to evolve their techniques, they continue to rely on phishing as the most successful tried and true method of initial attack, according to new data from Acronis.
Continue Reading

[KREBS ON SECURITY] How 1-Time Passcodes Became a Corporate Liability

[The following article is at it appears at Krebs on Security here.] Phishers are enjoying remarkable success using text messages to steal remote access credentials and one-time passcodes ...
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews