Security Awareness Training Blog

Phishing Blog

Learn about current phishing techniques, notable campaigns and attacks, what to watch out for 'in the wild', and more.

Homeland Security: U.S. Ransomware Attacks Have Doubled in the Last Year

A March 2022 report from the Senate Committee on Homeland Security and Governmental Affairs zeros in on the growing problem of ransomware and lessons learned so far.
Continue Reading

Trezor Crypto Wallet Attacks Results in Class Action Lawsuit Against MailChimp Owner Intuit

Months after the MailChimp data breach targeting 102 companies in the crypto sector, a new lawsuit has been filed seeking millions of dollars in damages.
Continue Reading

Happy Credit Union Customers Become the Target of Spoofing Scams Due to a Lack of Email Security

Taking advantage of heightened levels of customer trust and satisfaction, along with lowered levels of properly implemented security, credit unions are seeing a rise in email-based scams.
Continue Reading

European Wind-Energy Sector Is the Latest Target of Russian State-Sponsored Attacks

While Russia consistently denies any launching of cyberattacks, attack details point to reasonable intent by and cybercriminal ties to the Russian government.
Continue Reading

Beware of Spoofed Vanity URLs

Researchers at Varonis warn that attackers are using customizable URLs (also known as vanity URLS) on SaaS services to craft more convincing phishing links. The attackers have used this ...
Continue Reading

Another Report of SEO in Phishing

Researchers at Netskope have observed a 450% increase in phishing downloads over the past twelve months, largely driven by attackers using SEO (search engine optimization) to improve the ...
Continue Reading

Cozy Bear Goes Typosquatting

Researchers at Recorded Future’s Insikt Group warn that the Russian threat actor NOBELIUM (also known as APT29 or Cozy Bear) is using typosquatting domains to target the news and media ...
Continue Reading

89% of Organizations Experienced One or More Successful Email Breach Types During the Last 12 Months

With the number of email breaches per year almost doubling in the last three years, organizations still don’t see email security solutions as being an effective means of stopping attacks.
Continue Reading

Organizations Have a 76% Likelihood of a Successful Cyberattack in the Next Year

New data from TrendMicro and Ponemon shows how almost organizations globally are not fully prepared for the looming threat of almost-certain cyberattacks.
Continue Reading

Man Convicted for $23 Million Phishing Scam Against the US DoD

A man in California has been convicted for stealing $23.5 million from the US Department of Defense in a phishing attack. The Justice Department explained in a press release that the man, ...
Continue Reading

Holding a Great Employee Education Meeting

I recently attended a customer’s annual security awareness training employee event. I have attended a bunch of these over the years and I have loved them all. But this particular customer ...
Continue Reading

Phishing Campaign Uses Simple Email Templates

A phishing campaign is using short, terse emails to trick people into visiting a credential-harvesting site, according to Paul Ducklin at Naked Security. The email informs recipients that ...
Continue Reading

Criminal Gang Impersonates Russian Government in Phishing Campaign

Researchers at IBM Security X-Force are tracking a financially motivated cybercriminal group called “Hive0117” that’s impersonating a Russian government agency to target users in Eastern ...
Continue Reading

Hacking the Hacker: An Inside Look at the Karakurt Cyber Extortion Group

By breaking into an attack server, security researchers have uncovered new details that show the connection between the Karakurt group and Conti ransomware.
Continue Reading

Nearly all Data Breaches in Q1 2022 Were the Result of a Cyber Attack

New data from the Identity Theft Resource Center shows rises in the number of data compromises following 2021’s record-setting year, all stemming from cyber attacks.
Continue Reading

More_eggs Malware Distributed Via Spear Phishing

Threat actors are sending out the stealthy “more_eggs” malware in spear phishing emails that target hiring managers, according to researchers at eSentire’s Threat Response Unit (TRU).
Continue Reading

If You Got a “Your Bill Is Paid For” Text, You’re Part of a Massive T-Mobile Texting Scam

The latest scam targeting T-Mobile customers impersonating T-Mobile and focused on collecting your personal data by tempting you with free “gifts”.
Continue Reading

LinkedIn is the Most Impersonated Brand in Phishing Attacks

Social media companies, particularly LinkedIn, are now the most impersonated brands in phishing campaigns, researchers at Check Point have found.
Continue Reading

New Phishing Attack Targets MetaMask Users for their Crypto Wallet Private Keys

A new phishing campaign impersonates MetaMask, informs victims their cryptocurrency wallets aren’t “verified” and threatens suspension.
Continue Reading

UK Information Commissioner: Many Cybersecurity Incidents are “Preventable”

In a recent article about the largest cyberthreats currently facing the UK, John Edwards – the UK’s newly-appointed information commissioner- talks about the need for a security culture ...
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews