KnowBe4

Security Awareness Training Blog

Phishing Blog

Learn about current phishing techniques, notable campaigns and attacks, what to watch out for 'in the wild', and more.

The Evolution Of "Friendly Name" Spoofing During Phishing Attacks

Our friends at Bleepingcomputer had a great article written by Ionut Ilascu I think you will like: "While phishing continues to be the prevalent threat in malware-less email-based ...
Continue Reading

WATCH IT - Current Events Will Be Misused for Phishing...AGAIN

Here are the latest Current Events phishes from the KnowBe4 team over the past few days, some prompted by warnings from US-CERT.
Continue Reading

Colleges Become Phishing Targets with Student Loans as the Payoff

Anytime there’s a transaction involving money, cybercriminals look for ways to hack in and intercept funds. Student Loans are the latest target.
Continue Reading

Phishing from Beyond the Grave...

By Eric Howes,  KnowBe4 Principal Lab Researcher. It's no secret that the threat of phishing emails has been growing at an alarming rate for a number of years. Indeed, ZDNet recently ...
Continue Reading

Details of North Korea Attacks Highlight Email’s Role in Attacks

When you think of cyber-espionage, you might be surprised it’s far less “Mission: Impossible” and a lot more basic phishing tactics.
Continue Reading

Phishing Scammers are Planning Well into 2020

Cybercriminals are already looking to take advantage of the 2020 Tokyo Olympics. Are you thinking years out? The bad guys are.
Continue Reading

New York State Universities Targeted by Phishing Scams

Students from Plattsburgh State and SUNY Adirondack were targeted by several types of scams over the summer, causing Plattsburgh State officials to send out warnings to the student body. ...
Continue Reading

Phishing warning: One in every one hundred emails is now a hacking attempt

And just one mistake can compromise an entire organisation. Danny Palmer at ZDNet wrote: "One in every one hundred emails sent round the globe has malicious intent, likely to deliver ...
Continue Reading

Weaponized IQY Files Make Excel Users an Easy Target

The Necurs botnet – most notably responsible for distributing Locky – is now pushing weaponized internet or web query (.IQY) file to evade detection and download malware.
Continue Reading

Only 40% of Business Phishing Scams Contain Links

This latest statistic takes the spotlight off of antivirus as the protector, and puts the focus squarely in the hands of your users to stop attacks.
Continue Reading

Mobile Phishing Campaign: Homograph Characters + "Free Flights"

Kacy Zurkus at the InfoSec group had the scoop on a campaign recently reported by Farsight Security involving an internationalized domain name (IDN) "homograph-based" phishing website ...
Continue Reading

Think Size Matters to Hackers? It Doesn’t

The largest of organizations aren’t the only ones being hit with cyberattacks. Everyone from the SMB on up is at risk and is actively a target.
Continue Reading

Google Warns of Govt-Backed Phishing

This latest heads-up around phishing-based warfare from a source as reputable as Google show the need to both be watchful for and responsive to phishing attacks.
Continue Reading

New Malicious PDFs Carry Stealthy Backdoor And Exfiltrate Data Via Email

The Turla threat group, certainly Russian-speaking and widely attributed to Russian intelligence services, is back with a new phishing technique. The threat actor is distributing emails ...
Continue Reading

Suspicious Emails Are a Problem…to the Tune of 6.4 Billion a Day!

Even with authentication, identification, and validation frameworks and solutions in place, the number of potentially malicious emails remains staggering.
Continue Reading

Universities Are Still Targeted With Phishing Attacks By Iranian Hackers

Secureworks® Counter Threat Unit™ (CTU) researchers reported that despite indictments in March 2018, the Iranian threat group is likely responsible for a large-scale campaign that ...
Continue Reading

Democratic National Committee Thought it was Under Attack (It Was A Red Team Phishing Test...)

The FBI received a report from the US Democratic National Committee (DNC) that unknown actors sought access to a voter database through a phishing campaign.
Continue Reading

[Heads-up] Russian Hackers Widen Their Cyber Attacks Again With Spear Phishing Political Targets

The GRU, the Russian military intelligence spy agency which was responsible for the 2016 election cyber attacks, is at it again and are now targeting the U.S. Senate and conservative ...
Continue Reading

Phishing is Still the #1 Cyber-Fraud Tactic

Online, e-commerce and mobile fraud are on the rise, according to RSA, with 41% of successful attacks enabled by phishing scams.
Continue Reading

Scam Of The Week: SharePoint Phishing Attack On Office 365 Users

The attack dubbed “PhishPoint” by Cloud Security vendor Avanan demonstrates the craftiness and extent cybercriminals will go to in order to harvest Office 365 credentials.
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews