Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

Security Awareness Training Blog

Phishing Blog

Learn about current phishing techniques, notable campaigns and attacks, what to watch out for 'in the wild', and more.

View Topics

Use of Excel .XLL Add-Ins Soars Nearly 600% to Infect Systems in Phishing Attacks

Feb 8, 2022 6:25:28 PM By Stu Sjouwerman
Cybercriminals are taking to more advanced functionality than traditional VBA scripting to both execute complex malicious actions via Excel and to obfuscate their true intention - ...
Continue Reading

Scammers Now Exploit 'Slinks' in LinkedIn

Feb 8, 2022 9:53:21 AM By Stu Sjouwerman
Scammers are exploiting LinkedIn redirect links, or “Slinks,” to fool users and bypass email security filters, Brian Krebs reports. These links allow companies to track their marketing ...
Continue Reading

QR Codes in the Time of Cybercrime

Feb 7, 2022 1:55:27 PM By Javvad Malik
QR codes have been around for many years. While they were adopted for certain niche uses, they never did quite reach their full potential. They are a bit like Rick Astley in that regard, ...
Continue Reading

As Tax Season Starts, So Do IRS Scams - Here’s What to Look For

Feb 7, 2022 9:55:24 AM By Stu Sjouwerman
It’s that time again, when we all dread finding out if we owe money or not. And cybercriminals are banking on it with a wide range of scams that all impersonate the IRS.
Continue Reading

Phone Number Only Phishing on the Rise

Feb 4, 2022 8:59:55 AM By Stu Sjouwerman
I do not have the data to support my conclusion, but myself and others have noticed the sharp increase in email phishing attempts that include only a phishing message and a phone number ...
Continue Reading

COVID-19 Test-Related Phishing Scams Jump 521% Into January

Feb 1, 2022 2:40:11 PM By Stu Sjouwerman
New data shows a massive increase between October 2021 and January 2022 in phishing attacks focusing on one of the world’s current concerns for home and in-office testing.
Continue Reading

New Phishing Campaign is Impersonating Zoom to Steal Credentials

Feb 1, 2022 2:40:04 PM By Stu Sjouwerman
A phishing campaign is impersonating Zoom in order to steal users’ Microsoft credentials, according to Lauryn Cash at Armorblox. The emails landed in about 10,000 inboxes, and targeted “a ...
Continue Reading

Beware of QuickBooks Payment Scams

Jan 31, 2022 9:16:17 AM By Roger Grimes
Many small and mid-sized companies use Intuit’s very popular QuickBooks program. They usually start out using its easy-to-use base accounting program and then the QuickBooks program ...
Continue Reading

Increased “Shipping Delays” Now Served as Phishbait

Jan 31, 2022 9:16:14 AM By Stu Sjouwerman
Attackers are exploiting pandemic-related supply-chain disruptions to launch phishing campaigns, according to Troy Gill, senior manager of threat intelligence at Zix. In an article for ...
Continue Reading

Microsoft Warns of Latest “Consent Phishing” Attack Intent on Reading Your Email

Jan 27, 2022 9:13:57 AM By Stu Sjouwerman
Rather than steal your user’s credentials, this latest attack takes the OAuth route to gain access to the victim’s mailbox. This gives cybercriminals continual access, regardless of ...
Continue Reading

Dark Web Service Sells Access to Compromised Accounts and Browser Sessions

Jan 27, 2022 9:13:53 AM By Stu Sjouwerman
When we hear about compromised credentials, there’s always the question of “How are they used post-compromise?” In one case, they are fully on display for sale to the highest bidder.
Continue Reading

Malicious Office Documents Jump to 37% of All Malware Downloads at the End of 2021

Jan 27, 2022 9:13:49 AM By Stu Sjouwerman
With the ubiquitous use of Microsoft Office today, it should come as no surprise that malicious macro-laden documents continue to reign, with PPT files delivering AgentTesla taking the ...
Continue Reading

Irish Teaching Council Fined €60,000 for Phishing-Induced Breach

Jan 25, 2022 10:30:43 AM By Stu Sjouwerman
Ireland’s Teaching Council has been fined €60,000 by the country’s Data Protection Commission (DPC) over a breach of nearly ten thousand teachers’ data, the Irish Examiner reports. An ...
Continue Reading

New U.K. Vishing Scam Offers Significant Phone Plan Discounts in Exchange for your Phone Provider's One-Time Security Code

Jan 21, 2022 8:24:37 AM By Stu Sjouwerman
Scammers targeting customers of mobile carrier O2 are enticing victim engagement by offering discounts on their mobile plan as much as 40%.
Continue Reading

DHL is Now the Most Spoofed Brand in Phishing

Jan 20, 2022 9:26:04 AM By Stu Sjouwerman
International shipping company DHL was the most impersonated brand in phishing attacks during the fourth quarter of 2022, researchers at Check Point have found.
Continue Reading

Google Docs Comment Feature is the Key to a New Wave of Phishing Campaigns

Jan 20, 2022 9:25:58 AM By Stu Sjouwerman
Hackers take advantage of legitimate comment functionality as a way to look legitimate, reach the Inbox, and avoid detection, despite using malicious links for phishing attacks.
Continue Reading

KnowBe4's Top-Clicked Phishing Email Results for Q4 2021 Compare the U.S. and EMEA [INFOGRAPHIC]

Jan 19, 2022 3:33:56 PM By Stu Sjouwerman
KnowBe4's latest quarterly report on top-clicked phishing email subjects is here. We analyze the top categories, general subjects (in both the United States and Europe, Middle East and ...
Continue Reading

“Information Disorder”: Giving a Name to One of the Most Impactful Parts of Phishing Scams

Jan 12, 2022 9:37:18 AM By Stu Sjouwerman
At the core of every phishing scam is a combination of a bunch of lies and (sometimes) a few truths. A new focus on better defining the misuse of information provides insight into why ...
Continue Reading

Over 1200 Man-in-the-Middle Phishing Toolkits Designed to Intercept 2FA Found in the Wild

Jan 6, 2022 2:19:54 PM By Stu Sjouwerman
An academic partnership between Stony Brook University and Palo Alto Networks uncovered a massive use of tools that will steal authentication cookies mid-stream instead of credentials.
Continue Reading

Reducing Stress with CBD Is the Latest Theming for Phishing Attacks

Jan 4, 2022 10:03:58 AM By Stu Sjouwerman
Spanning three languages and at least 15,000 unique phishing emails, this latest phishing campaign targets stressed out workers in the U.S. and France, avoiding detection and promising to ...
Continue Reading
Subscribe

Search Our Blog


Comprehensive Anti-Phishing Guide

Subscribe To Our Blog

Posts By Topic

View all

Get the latest about social engineering

Subscribe to CyberheistNews