Security Awareness Training Blog

Phishing Blog

Learn about current phishing techniques, notable campaigns and attacks, what to watch out for 'in the wild', and more.

The Latest in Phishing Tackle

Phishing kits are using increasingly sophisticated techniques to avoid detection and make their scams more convincing, according to Prakhar Shrotriya at Zscaler.
Continue Reading

New Phishing Attacks Make 2FA Useless

These latest attacks are designed to proxy login requests that incorporate SMS-based authentication as a way to seamlessly bypass 2FA protection without being noticed.
Continue Reading

90 Percent Of Critical Infrastructure Hit By Cyberattacks

  A new survey of professionals in industries using industrial control systems (ICS) and operational technology (OT) finds 90 percent of respondents say their environment has been damaged ...
Continue Reading

Scam of The Week: Realistic Phishing Attacks Take Advantage of U.S. Tax Season

With Tax Day only a few days away, cybercriminals are trying to take advantage of tax season through widespread phishing campaigns that aim to trick people into providing sensitive ...
Continue Reading

NCAA-themed Scams During Basketball Playoffs

Scammers are capitalizing on the hype for March Madness with a bevy of malicious streaming sites and phishing scams, according to Lindsey O’Donnell at Threatpost. Researchers at Zscaler ...
Continue Reading

Game of Thrones as Phishbait, with Hook

Game of Thrones is the top TV show used to deliver malware-infected pirated content, researchers at Kaspersky Lab have found. Threatpost says the researchers saw nearly 21,000 users ...
Continue Reading

Brand-New Tool: Phishing Reply Test Identifies Users Likely to Fall Victim to Fraudsters

Highly targeted phishing attacks, known as Business Email Compromise or CEO fraud scams have exceeded $12.5 billion in total known losses worldwide. These social engineering attacks are ...
Continue Reading

The Famous Fall Victim To Phishing, Too

A Georgia resident has taken a guilty plea to charges of hacking numerous Apple accounts belonging to high-profile athletes and musicians and stealing their credit card information, ...
Continue Reading

ISACA Recommends Phishing Simulations and Measurement as Appropriate Defense to Reduce Risk of Successful Phishing Attacks

Organizations are working to limit the effectiveness of phishing attacks using both internal and external collateral and programs. According to ISACA, the important thing is to have ...
Continue Reading

Mobile Devices Rise as a Top Attack Vector for Cybercriminals; Malware and Phishing Remain Primary Concerns

Cybercriminals are using every means available to reach their victims. According to Verizon’s latest data, attacks on mobile devices are increasing while security efforts fall behind.
Continue Reading

90% of large tech companies vulnerable to email spoofing

Most companies have not implemented standards for authenticating emails and preventing hackers from successful phishing attacks, according to Valimail.
Continue Reading

Which Employees are the Cyber Criminals After?

Lower-level employees are the workers most likely to face highly-targeted attacks, according to the online marketing firm Reboot. Citing information from Proofpoint’s most recent ...
Continue Reading

Microsoft Takes Control Of 99 Phishing Domains Operated By Iranian State Hackers

The domains had been used as part of spear-phishing campaigns aimed at users in the US and across the world. Court documents unsealed today revealed that Microsoft has been waging a ...
Continue Reading

Cybercriminals Double-Down on What Works, Nearly Doubling the Number of Phishing Attacks in 2018

Using a combination of old and new tactics and distribution channels, cybercriminals continue to seek to compromise endpoints and obtain online credentials.    The targets haven’t ...
Continue Reading

Find out which of your users' emails are exposed before the bad guys do

Do you know how big your email attack surface really is? Open Source Intelligence (OSINT) is the collection of information from public sources on the Internet that both red teams and bad ...
Continue Reading

Phishing Attack Compromises Spanish Defense Intranet By Foreign State

Reuters reported that a "computer virus" infected the Spanish Defense Ministry’s intranet this month with the aim of stealing high tech military secrets, El País newspaper said on ...
Continue Reading

U.S. Healthcare Employee Engagement with Simulated Phishing Emails Drop by 67% With Repeated Exposure

A long-term phishing study involving 6 healthcare institutions shows employees are vulnerable to phishing attacks, and that they can become more vigilant through exposure.
Continue Reading

[Heads-up] This Evil New Child Porn Phishing Attack Could Absolutely Ruin Your Life

Oh my. Bad guys have come up with a sinister new strain of blackmail/sextortion. Just when you thought things couldn't get worse, the bad guys sink lower.  Eric Howes, KnowBe4's Principal ...
Continue Reading

WOW, Phishing Attacks Are Now More Common Than Malware!

Microsoft’s security team is uniquely positioned to analyze trends in cyber security threats. Their frequent Security Intelligence Reports (SIR) are an excellent indicator of these ...
Continue Reading

[Heads-up] Bad Guys Are Moving To Mobile Phishing for Gift Cards Scams

Scammers are shifting to SMS to carry out business email compromise (BEC) attacks, since text messaging offers less visibility to the victim and more flexibility to the attacker, says ...
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews