Security Awareness Training Blog

Phishing Blog

Learn about current phishing techniques, notable campaigns and attacks, what to watch out for 'in the wild', and more.

Phishing Campaign Impersonates Email Alerts From DHS

An ongoing email-based phishing scam is attempting to fool recipients into opening malicious attachments disguised as notifications from the U.S. Department of Homeland Security (DHS), ...
Continue Reading

Bogus Emails: 3.4 Billion Are Sent Every Day...

Research from Valimail shows that at least 3.4 billion phony emails are sent every day, Help Net Security reports. Despite this staggering number, most organizations still aren’t ...
Continue Reading

How Hackers Emptied Church Coffers with a Phishing Attack and Social Engineering Phone Call

Cyber thieves aren't bound by a code of ethics. They look for weak targets and high rewards, which is exactly what Saint Ambrose Catholic offered.
Continue Reading

Voicemail Phishing Scam Steals Credentials

A new phishing campaign is asking victims to click on a link in an email to download a voicemail, My Online Security reports. When recipients click on the link, they’ll be redirected to a ...
Continue Reading

FBI’s Advice on Spotting Phishing

The FBI’s Internet Crime Complaint Center (IC3) released a PSA warning that attackers are exploiting people’s trust in sites that use HTTPS. Cybersecurity training has in the past rightly ...
Continue Reading

Tax Phishing in the UK

Her Majesty's Revenue and Customs (HMRC) has processed 2.6 million reports of attempted phishing attacks since 2016, Infosecurity Magazine reports. More than 1.9 million of these phishing ...
Continue Reading

Corporate Email Creates Unavoidable Phishing Risk

It’s impossible to avoid the risk of phishing attacks entirely, since employees still need to do their jobs, as Kelly Sheridan at Dark Reading puts it. Sheridan points to a recent report ...
Continue Reading

[Heads-Up] How Hackers Use Ransomware To Hide Data Breaches And Other Devastating Attacks

Different sources claim that ransomware attacks are either going up or going down. The very real threat remains though and it is clear that the bad guys are moving from consumers as their ...
Continue Reading

Why Polymorphic Phishing Attacks Are Skyrocketing And How They Make It In Your User's Inbox

IronScales just released data showing that 42% of phishing email attacks are polymorphic, enabling them to evade many security filters. The company has observed 11,733 polymorphic ...
Continue Reading

Microsoft is Still the Most Impersonated Brand in Phishing Attacks

Cybercriminals are constantly looking for the easiest way to make a buck. And, in the case of phishing attacks, it appears that pretending to be Microsoft is the path of least resistance.
Continue Reading

Biometrics Can’t Replace Passwords: A Cybercriminal's Dream

In the quest to create a more secure environment, new ways to authenticate that replace the password are being sought. But it’s looking like passwords are here to stay.
Continue Reading

It only takes three seconds...

“Statistics suggest the average human being falls for a social engineering attack about four times — with training — before they become ‘inoculated’ against that type of attack,” “Helpful ...
Continue Reading

"Delete" Notification as Office 365 Phishbait

Attackers are posing as Office 365 support in phishing emails that warn users about an “unusual volume of file deletion” on their accounts, BleepingComputer has found. The emails claim ...
Continue Reading

Impersonation Phishing Attacks Up 67% in Last 12 Months

Social engineering attacks using impersonation tactics increased by 67% over the past twelve months, according to Mimecast’s annual State of Email Security report. Mimecast surveyed more ...
Continue Reading

Red Flags Warn of Social Engineering

The easiest way to avoid falling for scams and other social engineering attacks is to have an understanding of the tactics employed by attackers, according to Roger A. Grimes, writing in ...
Continue Reading

Phishing Canadian Targets

We have recently blogged about KrebsOnSecurity's story on compromised Canadian business email addresses. Here is some updated background on threats to Canadian organizations.
Continue Reading

A Single Tweet Saw One Woman's Bank Account Entirely Wiped Out

Dean Dunham at The Mirror in the UK reported: "Social media is often disgruntled customers first port of call when they want to make a complaint about goods or services these days, but ...
Continue Reading

Phishing Sites Increase by 30% in the First Quarter of 2019 Putting SaaS and Webmail at Risk

Cybercriminals seem to be increasing their efforts in quantity, frequency, and obfuscation, according to the latest data from the international cybercrime coalition, the Anti-Phishing ...
Continue Reading

[Heads-up] Scary Phishing Attack Uses Legal Threats From Law Firm

Brian Krebs just posted the following alert: "Some of the most convincing email phishing and malware attacks come disguised as nastygrams from a law firm. Such scams typically notify the ...
Continue Reading

U.S. Department of Homeland Security Issues List of Office 365 Security Vulnerabilities and Best Practices

The latest Analysis Report covers both areas of concern around Office 365 configurations that impact security, and offers up some simple recommendations to shore up vulnerabilities.
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews