New PDF-Based Phishing Attack Demonstrates that Office Docs Aren’t Passé – They are Just Obfuscated!

Jun 20, 2022 10:12:11 AM By Stu Sjouwerman

Security researchers have discovered a cunning PDF-based phishing attack that leverages social engineering and PDF prompt specifics to trick users into opening malicious Office docs.

142 Million Customer Records From MGM Resorts Leaked for Free Download

Jun 20, 2022 10:11:30 AM By Stu Sjouwerman

The availability of such a massive number of records at no cost to any cybercriminal interested is a recipe for countless phishing campaigns using the data itself as a means of ...

New Phishing Campaign Uses ChatBot Functionality to Build Trust and Steal Credit Card Details

Jun 20, 2022 10:11:18 AM By Stu Sjouwerman

Rather than go for the phishing jugular and point the victim immediately to a webpage to steal credentials or personal details, a new phishing campaign uses a chatbot to lower victim ...

Monkeypox Scams Continue to Increase

Jun 14, 2022 9:19:28 AM By Stu Sjouwerman

Attackers are taking advantage of the current news about monkeypox to trick people into clicking on malicious links, Pickr reports. Researchers at Mimecast have spotted a phishing ...

Facebook Phishing Scam Steals Millions of Credentials

Jun 13, 2022 8:32:18 AM By Stu Sjouwerman

Researchers at PIXM have uncovered a major Facebook Messenger phishing scam that’s “potentially impacted hundreds of millions of Facebook users.” More than eight million people have ...

40% of CSOs say Their Organization is Not Prepared for Cyberattacks as Phishing is the Top Likely Cause of Breaches

Jun 7, 2022 7:17:38 PM By Stu Sjouwerman

A new survey of executives sheds light on how well organizations fared with cyberattacks in the last 12 month as well as what attack vectors are going to increase future breaches.

Old Dog, New Trick: Hackers Use Logons in URLs to Bypass Email Scanners

Jun 7, 2022 7:17:26 PM By Stu Sjouwerman

A new phishing method uses a decades-old special URL format to take advantage of how security solutions and email clients interpret URLs, tricking victims into clicking.

Phishing Attacks Reach an All-Time High, More Than Tripling Attacks in Early 2022

Jun 7, 2022 7:16:28 PM By Stu Sjouwerman

Reaching more than 1 million attacks in a single quarter for the first time, new data on phishing attacks in Q1 of 2022 show an emphasis on impersonation and credential theft.

FTC Warns that Scammers are Turning to Cryptocurrencies

Jun 7, 2022 8:44:38 AM By Stu Sjouwerman

The US Federal Trade Commission (FTC) has warned that people have reported losing over $1 billion in crypto to scams since the beginning of 2021. The vast majority of these losses were ...

Homographic Domain Name Phishing Tactics

Jun 6, 2022 1:00:22 PM By Stu Sjouwerman

Bitdefender warns that Microsoft Office applications are vulnerable to phishing tactics that exploit international domain names (IDNs). Affected applications include Outlook, Word, Excel, ...

Why We Recommend Your Passwords Be Over 20-Characters Long

Jun 3, 2022 8:13:08 AM By Roger Grimes

KnowBe4 just released its official guidance and recommendations regarding password policy. It has been a project in the works for many months now, but we wanted to make sure we got it ...

Smishing and Home Delivery

Jun 2, 2022 9:10:57 AM By Stu Sjouwerman

A smishing campaign is impersonating the UK-based delivery company Evri with text messages informing recipients that their package couldn’t be delivered, according to Paul Ducklin at ...

SideWinder Targets Pakistani Entities With Phishing Attacks

Jun 2, 2022 9:09:56 AM By Stu Sjouwerman

The India-aligned APT SideWinder is using a variety of social engineering techniques to target Pakistani government and military entities, according to researchers at Group-IB. The threat ...

U.K.’s National Health Service Becomes the Latest Victim of a Credential Harvesting Phishing Operation

Jun 1, 2022 6:09:40 PM By Stu Sjouwerman

Part of a six-month attack, email accounts on the NHS’ Microsoft 365 instance were compromised, resulting in over 1,100 targeted email attacks used to obtain more credentials.

Phishing Attacks Rise 54% as the Initial Attack Vector Across All Threat Incidents

Jun 1, 2022 6:09:19 PM By Stu Sjouwerman

As cybercriminal groups hone their craft, one analysis shows them shying away from zero-day exploits, use of valid accounts, and third-party vulnerabilities to gain initial access during ...

Phishing Campaign Targets QuickBooks Users

Jun 1, 2022 8:23:44 AM By Stu Sjouwerman

Accounting software provider Intuit has warned of a phishing scam targeting its customers, BleepingComputer reports. The phishing campaign affected users of Intuit’s QuickBooks product, ...

The $44 Million Smishing Problem and How to Not Be a Victim

May 27, 2022 8:04:11 AM By Stu Sjouwerman

Consumer Affairs reported on how big of a problem SMS phishing scams have become, and how it's about to get a lot worse. According to a recent FBI report, more than 320,000 Americans were ...

Verizon: Ransomware Involved in 25% of Data Breaches as Credentials and Phishing are Seen as “Key Paths” for Attack Success

May 25, 2022 12:30:10 PM By Stu Sjouwerman

With the much-anticipated annual Verizon Data Breach Investigations Report finally released, we get a view of ransomware from the data breach perspective that points to a common weakness ...

Phishing Scammers Benefit from Shady SEO Practices to Rank Better Than Legitimate Domains

May 24, 2022 9:54:10 AM By Stu Sjouwerman

So-called “Black Hat SEO” services have popped up on Dark Web forums bringing advantageous search results to anyone willing to pay a small monthly fee.

New IRS Phishing Scam Uses Fake Notices to Steal Microsoft 365 Credentials

May 24, 2022 9:53:40 AM By Stu Sjouwerman

Scammers use an “overdue tax bill” along with a sophisticated and obfuscated javascript-based “invoice” attachment to identify targeted victims, validate credentials, and transmit them ...

Security Awareness Training Blog

Phishing Blog

View Topics