The TodayZoo Phishing Kit Has All the Obfuscation and Impersonation Needed to Fool Your Users

Nov 9, 2021 1:38:18 PM By Stu Sjouwerman

New details from Microsoft on this pieced-together phishing kit reveal some unique tactics designed to avoid detection by security solutions and users alike while stealing credentials.

New 'Frankenphishing' Tactic Combines Other Phishing Kits Into One

Nov 9, 2021 9:27:05 AM By Stu Sjouwerman

RiskIQ has observed another phishing kit that’s been pieced together from portions of other phishing kits.

New Browser Cookie “Smash and Grab” Attack Targets YouTube Creators

Nov 8, 2021 2:24:31 PM By Stu Sjouwerman

New attack details from Google’s Threat Analysis Group show how cybercriminals are innovating ways to use an initial attack to aid in additional crypto scams.

Enabling and Securing Remote Workers are Top Concerns as 80% of Organizations Experience Cyberattacks as Often as Once per Hour

Nov 8, 2021 2:24:27 PM By Stu Sjouwerman

Organizations appear to be overconfident in their ability to protect themselves, despite glaring gaps in security, according to new data from cyber protection vendor, Acronis.

Preparing for Black Friday Scams

Nov 8, 2021 8:56:54 AM By Stu Sjouwerman

Researchers at Tessian caution that people should be wary of scams as Black Friday approaches. The researchers found that thirty percent of people in the US reported receiving a phishing ...

How Not To Get Phished: It Is the Message Not the Medium

Nov 5, 2021 8:45:10 AM By Roger Grimes

Back in the early 1990s, when I was first getting into the IT field as a full-time network administrator, I was tasked with writing up our corporation’s new email policy. Email was just ...

Multi-Stage Vishing Attacks are Coming to an Inbox Near You

Oct 29, 2021 2:16:15 PM By Stu Sjouwerman

New attacks initially coming in via email are directing victims to make phone calls to attacker-controlled call centers in order to provide banking and credit card details.

Eight Romance Phishing Scammers with Ties to Nigerian Organized Crime Arrested After Stealing Nearly $7 Million

Oct 29, 2021 2:02:43 PM By Stu Sjouwerman

This latest arrest by the South African Police Service (SAPS) demonstrates how romance scams that have been around for decades remain alive and well… and profitable.

Over Half of all Impersonation Attacks Target Non-Executive Employees

Oct 29, 2021 2:02:26 PM By Stu Sjouwerman

A new report shows how cybercriminals focus on users that are less vigilant and more prone to falling for social engineering and impersonation tactics designed to gain access to finances.

KnowBe4's Q3 2021 Top-Clicked Phishing Email Report Includes New Global Data [INFOGRAPHIC]

Oct 29, 2021 10:39:26 AM By Stu Sjouwerman

KnowBe4's latest quarterly report on top-clicked phishing email subjects is here. We are now looking at the top categories globally, general subjects (in the United States and Europe, ...

Cybercriminals are using Craigslist email notifications to send phishing links

Oct 27, 2021 9:16:47 AM By Stu Sjouwerman

Cybercriminals are using Craigslist email notifications to send phishing links, according to Roger Kay at INKY. The emails contain links to download a document with malicious macros.

Russian SolarWinds Hackers Newly Attack Supply Chain With Password-Spraying and Phishing

Oct 26, 2021 9:38:10 AM By Stu Sjouwerman

Researchers at Microsoft have observed an attack phishing campaign by Russia’s SVR that’s targeting resellers and managed service providers. Microsoft tracks this threat actor as ...

Phishing Campaign Targets Organizations in India and Afghanistan

Oct 21, 2021 9:31:57 AM By Stu Sjouwerman

A threat actor based in Pakistan is targeting entities in India and Afghanistan with malware-laden websites, according to researchers at Cisco Talos.

New Impersonation Attack Demonstrates That Threat Actors Don’t Need to Get the Logo Correct

Oct 20, 2021 10:15:50 AM By Stu Sjouwerman

A new trend in social engineering and impersonation emerges as cybercriminals take advantage of a user’s inability to properly identify fake corporate logos in phishing attacks.

U.S. Government Says To Use Phishing-Resistant MFA

Oct 20, 2021 10:15:13 AM By Roger Grimes

The U.S. government has been pushing people to avoid SMS- and voice call-based multi-factor authentication (MFA) for years, but their most recent warning is to avoid any MFA that is ...

Iranian Phishing Campaigns Are Running Rampant

Oct 18, 2021 8:45:54 AM By Stu Sjouwerman

Researchers at Google’s Threat Analysis Group (TAG) are tracking phishing campaigns by the Iranian threat actor APT35 (also known as Charming Kitten). The attackers used compromised ...

A Novel Form of Homographic Attack

Oct 14, 2021 9:02:42 AM By Stu Sjouwerman

A phishing campaign is using mathematical symbols to impersonate Verizon’s logo, according to researchers at Verizon. The emails use either a red square root symbol or a logical NOR ...

U.K. Residents Experience a 116% Increase in Nuisance Calls, Texts, and Emails in 2021

Oct 13, 2021 8:52:53 AM By Stu Sjouwerman

New data from the U.K.’s Information Commissioner’s Office (ICO) shows a massive rise in the first six months of this year – and the belief that cyberattacks are to blame.

NIST on Phishing Awareness

Oct 13, 2021 8:49:33 AM By Stu Sjouwerman

People need to be conscious of the fact that anyone can fall for social engineering tactics, according to Shaneé Dawkins at NIST, the US National Institute of Standards and Technology. ...

Man Spends Thousands and is Exposed for Typosquatting with Cryptocurrency

Oct 12, 2021 9:22:38 AM By Stu Sjouwerman

A man in Brazil spent more than $200,000 on typosquatting domains between November 2020 and February 2021, the Washington Post reports. Typosquatting is a phishing technique in which ...

Security Awareness Training Blog

Phishing Blog

View Topics