Security Awareness Training Blog

Phishing Blog

Learn about current phishing techniques, notable campaigns and attacks, what to watch out for 'in the wild', and more.

By the Way, There's No Draft - Smishing Campaign Alert

Scammers are sending phony text messages (aka Smishing or SMS Phishing) informing people in the US that they’ve been drafted by the US Army, according to Army Times.
Continue Reading

Phishing Attacks Impersonating LinkedIn are up 232% in the Last Month Alone!

During the period the world has dubbed “the great resignation”, phishing scammers are shifting tactics to take advantage of those looking for a new career or place of employment.
Continue Reading

Data Breach Volumes in the U.S. Grow by 10% in 2021

New data shows despite decreases in global data breach levels (-5%) in 2021, the U.S. experienced proportionally more data breaches than in the previous year.
Continue Reading

UK ICO Sees a Massive Increase in Targeted Email Attacks

New data obtained from the UK’s Information Commissioner’s Office by think tank Parliament Street shows an unprecedented rise in attacks against the UK’s information rights organization.
Continue Reading

Phishing Emails Warn of a Suspicious Login From Russia

Researchers at Malwarebytes warn that a phishing campaign is informing users that someone logged into their account from an IP address in Moscow. The email contains a button to report the ...
Continue Reading

Scammers Will Take Advantage of New IRS Rules

New IRS requirements will soon be used as phishbait, according to Gene Marks, owner of Marks Group PC and a columnist for the Guardian.
Continue Reading

Wartime Suffering as Phishbait

It’s easy to forget, when a hybrid war like the one currently raging in Ukraine is occupying so much attention, that ordinary criminal lowlifes continue to seek victims, and the war only ...
Continue Reading

When the Phishers Want a Reply, not a Click

A sextortion phishing campaign is targeting French speakers accusing them of viewing child abuse content, according to Paul Ducklin at Naked Security. The emails purport to come from the ...
Continue Reading

New Phishing Campaign Angles for Monzo Banking Customers

A phishing campaign is targeting users of the UK-based digital banking company Monzo, BleepingComputer reports. Security researcher William Thomas came across an SMS phishing (smishing) ...
Continue Reading

Phishing Campaign Targets NFT Speculators

Scams follow fashion because money follows fashion. So it’s no surprise that non-fungible tokens (NFTs), which have become a hot speculative property, have drawn scam artists for phishing ...
Continue Reading

[Heads Up] There Is A Whole New Type of Blockchain Scam Called "Ice phishing"

In a post Wednesday last week, Microsoft issued a warning that they are seeing a brand new type of blockchain-centric attack aimed at web3 -- a term used to describe the decentralized ...
Continue Reading

Coinbase’s QR Code Superbowl Ad Only Helps Normalize QR-Based Scams

Use of QR codes is becoming a mainstream part of advertising, but also is getting the attention of scammers intent on redirecting you to a malicious site they control.
Continue Reading

Scammers Use a Mix of Stolen Credentials, Inbox Rules, and a Rogue Outlook Client Install to Phish Internal and External Victims

Organizations that are not using Microsoft’s multi-factor authentication are finding themselves victims of credential attacks that involve threat actors installing Outlook on a controlled ...
Continue Reading

Traits of Most Scams

There are a lot of scams in the world, and they seem to be proliferating at an exponential rate. My Facebook friend’s accounts are compromised all the time and I get sent scam requests ...
Continue Reading

Phishing Attacks on Social Media Doubled Over 2021

Phishing attacks on social media doubled over the course of 2021, according to a new report from PhishLabs by HelpSystems. Most (68%) of these attacks targeted organizations in the ...
Continue Reading

Meta Files Lawsuit Over Phishing Attacks

Meta (Facebook’s corporate parent) and the digital banking company Chime have filed a joint lawsuit against two Nigerian citizens for allegedly impersonating Chime in phishing attacks, ...
Continue Reading

New Cyberattack Campaign Delivers Multiple RATs via Trusted Cloud Services

Abusing cloud providers including Microsoft Azure and AWS, cybercriminals are setting up malicious infrastructure to hide their operations and avoid detection.
Continue Reading

Brand Impersonation and the Healthcare Sector

The healthcare sector is particularly vulnerable to phishing attacks, according to Mike Azzara at Mimecast. Employees in the healthcare industry need to be wary of brand impersonation ...
Continue Reading

Use of Excel .XLL Add-Ins Soars Nearly 600% to Infect Systems in Phishing Attacks

Cybercriminals are taking to more advanced functionality than traditional VBA scripting to both execute complex malicious actions via Excel and to obfuscate their true intention - ...
Continue Reading

Scammers Now Exploit 'Slinks' in LinkedIn

Scammers are exploiting LinkedIn redirect links, or “Slinks,” to fool users and bypass email security filters, Brian Krebs reports. These links allow companies to track their marketing ...
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews