Security Awareness Training Blog

Phishing Blog

Learn about current phishing techniques, notable campaigns and attacks, what to watch out for 'in the wild', and more.

US Political Campaigns Targeted by Iranian Spear Phishing Attacks

Researchers at Recorded Future’s Insikt Group warn that the Iranian state-sponsored threat actor “GreenCharlie” is launching spear phishing attacks against US political campaigns.
Continue Reading

Phishing Scammers Leverage Microsoft Dynamics 365 to Target US Government Contractors

Analysis of a phishing campaign targeting thousands of government contractors, dubbed “Operation Uncle Sam,” takes advantage of some sophisticated steps to avoid detection.
Continue Reading

Threat Actors Abuse URL Rewriting to Mask Phishing Links

Threat actors are abusing a technique called “URL rewriting” to hide their phishing links from security filters, according to researchers at Perception Point.
Continue Reading

Cybersecurity in 2024: Reflecting on the Past, Preparing for the Future

As Europe is returning from summer breaks, it is time to reflect on the first half of 2024 and look forward to the rest of the year.
Continue Reading

U.K. Management Almost Twice as Likely to Fall for Phishing Attacks Versus Entry-Level Employees

Highlights from a new survey focused on employee compliance reveals just how targeted and susceptible U.K. businesses are to phishing attempts.
Continue Reading

Ransomware Group Known as ‘Royal’ Rebrands as BlackSuit and Is Leveraging New Attack Methods

The ransomware threat group formerly known as "Royal" has rebranded itself as BlackSuit and updated their attack methods, warns the FBI.
Continue Reading

Is Disabling Clickable URL Links Enough?

Recently, we had a customer reach out to ask if disabling clickable uniform resource locator (URL) links in emails was enough protection by itself to potentially not need employee ...
Continue Reading

File-Sharing Phishing Attacks Increased by 350% Over the Past Year

File-sharing phishing attacks have skyrocketed over the past year, according to a new report from Abnormal Security.
Continue Reading

Latest Phishing Scam Uses Cross-Site Scripting Attack to Harvest Personal Details

Cross-Site Scripting (XSS) is alive and well, and used in attacks to obfuscate malicious links in phishing emails to redirect users to threat-actor controlled websites.
Continue Reading

Chameleon Malware Poses as CRM App

Researchers at ThreatFabric warn that a phishing campaign is distributing the Chameleon Android malware by impersonating a Customer Relationship Management (CRM) app. The campaign is ...
Continue Reading

Attackers Abuse Google Drawings to Host Phishing Pages

Researchers at Menlo Security warn that a phishing campaign is exploiting Google Drawings to evade security filters.
Continue Reading

New Phishing Campaign Targets Israeli Organizations To Deliver Malware

A new phishing campaign is targeting Israeli organizations to deliver the RHADAMANTHYS information-stealing malware, Cyber Security News reports.
Continue Reading

[On-Demand Webinar] 2024 Phishing Insights: What 11.9 Million User Behaviors Reveal About Your Risk

Your secret weapon to combat cyber threats might be just under your nose! Cybercriminals continue to exploit vulnerabilities while upping their game with new and more sinister attack ...
Continue Reading

62% of Phishing Emails Bypassed DMARC Checks in 1H of 2024

A report from Darktrace has found that 62% of phishing emails in the first half of 2024 were able to bypass DMARC verification checks in order to reach users’ inboxes.
Continue Reading

“Pastejacking” Attacks Are Becoming a Thing (Because Users are Falling for Them)

New analysis shows users can be convinced to copy and paste malicious code on behalf of the attacker.
Continue Reading

AI Tools Have Increased the Sophistication of Social Engineering Attacks

The Cyber Security Agency of Singapore (CSA) has warned that threat actors are increasingly using AI to enhance phishing and other social engineering attacks, Channel News Asia reports.
Continue Reading

New Malvertising Campaign Impersonates Google Authenticator

Researchers at Malwarebytes spotted a malvertising campaign that abused Google Ads to target people searching for Google Authenticator.
Continue Reading

Brand Impersonation of Microsoft Increases 50% in One Quarter

The use of the Microsoft brand in phishing attacks demonstrates both its widespread credibility as well as the continued success of attacks leveraging it.
Continue Reading

Your Users Still Fall For Phishing Attacks Because of URL Shorteners

Analysis of current phishing attacks by security researchers have uncovered an increase in the use of trusted shortlink services.
Continue Reading

New Research: Smaller Companies Receiving Higher Rates Of Phishing Emails

Researchers at Barracuda have found that smaller companies tend to receive a higher rate of phishing attacks spread across the organization, according to a report looking at the phishing ...
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews