Security Awareness Training Blog

Phishing Blog

Learn about current phishing techniques, notable campaigns and attacks, what to watch out for 'in the wild', and more.

Business Detections of Ransomware Attacks Have Grown by 365%

The latest data from Malwarebyte’s report Cybercrime Tactics and Techniques: Ransomware Retrospective shows businesses are at risk of ransomware attack now more than ever.
Continue Reading

MegaCortex Ransomware goes Fully Automated, Putting Enterprises at Risk of Ransoms in the Millions

A new version of MegaCortex has been spotted, upgrading it from a manual, targeted form of ransomware, to one that can be spread and do damage enterprise-wide.
Continue Reading

Microsoft, PayPal, and Facebook are the Top Three Impersonated Brands

Back in June, we discussed Vade Secure’s “Phisher’s Favorite” report for Q1 2019, which found that Microsoft had been the most impersonated brand used in phishing attacks for four ...
Continue Reading

Even ‘Unsubscribe’ Emails Can Put the Organization at Risk

Social Engineering tactics seek to use any means that’s familiar to the intended victim – and unsubscribing is perceived as being so benign, it may just be the perfect way to fool your ...
Continue Reading

U.S. Utilities Face Phishing Attacks Intent on Gaining Remote Access

Last month saw a number of utility sector businesses targeted with spear phishing attacks that utilize a new remote access Trojan (RAT) that provides attackers with admin access.
Continue Reading

Georgia Gov. Kemp Orders Cybersecurity Training For State Employees After Crippling Attacks

StateScoop reports: "Citing several recent ransomware attacks at the state and local levels, Georgia Gov. Brian Kemp this week issued an executive order instructing state employees to ...
Continue Reading

A State-of-the-Art Spoof  (or, Why Turning Your Users Into Grammar Nazis Won't Keep the Bad Guys Out)

By Eric Howes,  KnowBe4 Principal Lab Researcher. Malicious actors are becoming very skilled at exploiting popular online services that enjoy the familiarity and trust of millions of ...
Continue Reading

Lateral Phishing Affects One in Seven Organizations

A survey by Barracuda found that one in seven organizations experienced lateral phishing attacks over the course of seven months, and that 42% of these attacks were not reported by ...
Continue Reading

Is The Ransomware Debate Over? To Pay Or Not To Pay, The Conference Of Mayors Made Up Their Mind

The long-standing argument over whether or not to pay may have come to an end, with a resolution from the U.S. Conference of Mayors calling on cities to not pay up. 
Continue Reading

Gift Cards Are Now the #1 Business Email Compromise Cash-Out Mechanism for Fraudsters

Overtaking wire transfers and payroll diversion, gift cards have taken a material lead as one of the easiest and least recoverable ways to cash out of a fraud scam. 
Continue Reading

Game Phishing Scams Steal Steam Accounts

A phishing scam is stealing Steam accounts by promising free games to victims if they log in to a website with their Steam credentials, according to a recent post by BleepingComputer.
Continue Reading

[LIVE WEBINAR] How to Prevent 81% of Phishing Attacks With DMARC

Only ~20% of companies use DMARC, SPF, and DKIM, global anti-domain-spoofing standards, which could significantly cut down on phishing attacks. But even when they are enabled and your ...
Continue Reading

Blank Emails Come Before BEC Fraud Attack

Business email compromise (or CEO fraud) has its reconnaissance phase, too. Researchers at Agari say they’ve found that blank, unsolicited emails are often an early sign that a BEC gang ...
Continue Reading

Are Local Government and Municipalities Part of a Coordinated Attack on the U.S.?

There are too many ransomware attacks to ignore the similarities. It’s either government networks are easy prey, or someone is trying to cash out on the U.S., one attack at a time.
Continue Reading

Social Engineering Testing is Necessary to Fend off Phishing Attacks

The success of social engineering as part of phishing and spear phishing attacks has caused organizations to realize they need an effective tactic to make employees vigilant.
Continue Reading

The Unusual Activity Would be the Warning Itself

BleepingComputer has come across a phishing campaign that’s spoofing “Unusual sign-in” warnings from Microsoft to steal users’ credentials. The emails look nearly identical to Microsoft’s ...
Continue Reading

Even when your users don't click...

...they can still be helping the bad guys compromise your organization. Sad but true.
Continue Reading

Still Dodging that Sextortion Bullet

It has long been true that sextortionists really had nothing on their intended victims. No video, no screen captures, nothing at all beyond shame and an uneasy conscience. Unfortunately ...
Continue Reading

Security warning for software developers: You are now prime targets for phishing attacks

Danny Palmer at ZDNet wrote: "Software developers are the people most targeted by hackers conducting cyberattacks against the technology industry, with the hackers taking advantage of the ...
Continue Reading

Scam Of The Week: See Jeffrey Epstein Last Words On Video

This weekend, news broke that Jeffrey Epstein was found dead in his cell, apparently a suicide. This is a celebrity death that the bad  guys are going to be exploiting in a variety of ...
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews