Homographic Domain Name Phishing Tactics

Jun 6, 2022 1:00:22 PM By Stu Sjouwerman

Bitdefender warns that Microsoft Office applications are vulnerable to phishing tactics that exploit international domain names (IDNs). Affected applications include Outlook, Word, Excel, ...

Why We Recommend Your Passwords Be Over 20-Characters Long

Jun 3, 2022 8:13:08 AM By Roger Grimes

KnowBe4 just released its official guidance and recommendations regarding password policy. It has been a project in the works for many months now, but we wanted to make sure we got it ...

Smishing and Home Delivery

Jun 2, 2022 9:10:57 AM By Stu Sjouwerman

A smishing campaign is impersonating the UK-based delivery company Evri with text messages informing recipients that their package couldn’t be delivered, according to Paul Ducklin at ...

SideWinder Targets Pakistani Entities With Phishing Attacks

Jun 2, 2022 9:09:56 AM By Stu Sjouwerman

The India-aligned APT SideWinder is using a variety of social engineering techniques to target Pakistani government and military entities, according to researchers at Group-IB. The threat ...

U.K.’s National Health Service Becomes the Latest Victim of a Credential Harvesting Phishing Operation

Jun 1, 2022 6:09:40 PM By Stu Sjouwerman

Part of a six-month attack, email accounts on the NHS’ Microsoft 365 instance were compromised, resulting in over 1,100 targeted email attacks used to obtain more credentials.

Phishing Attacks Rise 54% as the Initial Attack Vector Across All Threat Incidents

Jun 1, 2022 6:09:19 PM By Stu Sjouwerman

As cybercriminal groups hone their craft, one analysis shows them shying away from zero-day exploits, use of valid accounts, and third-party vulnerabilities to gain initial access during ...

Phishing Campaign Targets QuickBooks Users

Jun 1, 2022 8:23:44 AM By Stu Sjouwerman

Accounting software provider Intuit has warned of a phishing scam targeting its customers, BleepingComputer reports. The phishing campaign affected users of Intuit’s QuickBooks product, ...

The $44 Million Smishing Problem and How to Not Be a Victim

May 27, 2022 8:04:11 AM By Stu Sjouwerman

Consumer Affairs reported on how big of a problem SMS phishing scams have become, and how it's about to get a lot worse. According to a recent FBI report, more than 320,000 Americans were ...

Verizon: Ransomware Involved in 25% of Data Breaches as Credentials and Phishing are Seen as “Key Paths” for Attack Success

May 25, 2022 12:30:10 PM By Stu Sjouwerman

With the much-anticipated annual Verizon Data Breach Investigations Report finally released, we get a view of ransomware from the data breach perspective that points to a common weakness ...

Phishing Scammers Benefit from Shady SEO Practices to Rank Better Than Legitimate Domains

May 24, 2022 9:54:10 AM By Stu Sjouwerman

So-called “Black Hat SEO” services have popped up on Dark Web forums bringing advantageous search results to anyone willing to pay a small monthly fee.

New IRS Phishing Scam Uses Fake Notices to Steal Microsoft 365 Credentials

May 24, 2022 9:53:40 AM By Stu Sjouwerman

Scammers use an “overdue tax bill” along with a sophisticated and obfuscated javascript-based “invoice” attachment to identify targeted victims, validate credentials, and transmit them ...

FBI Director Warns of “Unprecedented” Cyberespionage Attacks Originating in China

May 24, 2022 9:53:06 AM By Stu Sjouwerman

FBI Director Christopher Wray highlighted China’s role in cyberespionage in a recent 60-Minutes news segment, saying the level of attacks the U.S. is seeing is “unprecedented in history.”

New Phishing Attack Uses Malicious Chatbot For Real Time Social Engineering

May 24, 2022 9:52:21 AM By Stu Sjouwerman

Researchers at Trustwave have observed a phishing campaign that uses a chatbot to add legitimacy to the scam. The chatbot is on a harmless website, and is designed to convince the user to ...

Phishing Attacks Increase by 54% as Initial Attack Vector for Access and Extortion Attacks

May 20, 2022 8:33:23 AM By Stu Sjouwerman

New analysis of threat activity for the first quarter of this year shows anyone with access to corporate email is a now on the front lines of modern cyberattacks of all kinds.

It's More Than Phishing; How to Supercharge Your Security Awareness Training

May 19, 2022 4:12:55 PM By Stu Sjouwerman

Tell people not to click a link, pat each other on the back, and ride off into the sunset. If only security awareness training was that simple in Europe.

Phishing Campaign Impersonates Shipping Giant Maersk

May 19, 2022 8:56:27 AM By Stu Sjouwerman

Researchers at Vade Secure warn of a large phishing campaign that's impersonating shipping giant Maersk to target thousands of users in New Zealand.

Spear Phishing a Diplomat

May 17, 2022 9:30:09 AM By Stu Sjouwerman

Researchers at Fortinet observed a spear phishing attack that targeted a Jordanian diplomat late last month. The researchers attribute this attack to the Iranian state-sponsored threat ...

Think BEC Won’t Cost You Much? How Does $130 Million Sound?

May 13, 2022 8:05:12 AM By Stu Sjouwerman

A new lawsuit brings to light the all-too common occurrence of an attack, with this occurring during a business acquisition and costing the buyer more than they bargained for.

Homeland Security: U.S. Ransomware Attacks Have Doubled in the Last Year

May 13, 2022 8:04:41 AM By Stu Sjouwerman

A March 2022 report from the Senate Committee on Homeland Security and Governmental Affairs zeros in on the growing problem of ransomware and lessons learned so far.

Trezor Crypto Wallet Attacks Results in Class Action Lawsuit Against MailChimp Owner Intuit

May 12, 2022 12:23:17 PM By Stu Sjouwerman

Months after the MailChimp data breach targeting 102 companies in the crypto sector, a new lawsuit has been filed seeking millions of dollars in damages.

Security Awareness Training Blog

Phishing Blog

View Topics