Large Phishing Campaign Abuses Open Redirects

Sep 1, 2021 9:56:19 AM By Stu Sjouwerman

Researchers at Microsoft have observed a widespread phishing campaign that’s abusing open redirectors to fool users into visiting credential-harvesting pages. Open redirects are often ...

When the URL Domain Is Not Enough To Avoid a Phish

Aug 31, 2021 2:44:06 PM By Roger Grimes

One of the most common mantras in security awareness training is “Examine the URL to determine if it points to the legitimate vendor or not!”

Cryptominers are Tricked out of Cryptocurrency Using Phishing Scams Involving the Purchase of Mining Equipment

Aug 26, 2021 1:02:05 PM By Stu Sjouwerman

The leveraging of Google Docs, a spoofed website, a realistic-feeling buying process, and asking for payment in cryptocurrency is all it takes to separate victims from thousands of ...

A COVID-19 Phishing Caper

Aug 26, 2021 8:47:02 AM By Stu Sjouwerman

A new phishing campaign is exploiting the ongoing uncertainty about company policies related to COVID-19, according to Roger Kay at INKY. The campaign uses emails that purport to come ...

Arrests in International Fraud Scheme Due to Social Engineering

Aug 24, 2021 11:35:39 AM By Stu Sjouwerman

Police in Romania, the Netherlands, and Ireland have arrested and charged twenty-three people accused of conducting sophisticated social engineering attacks. The organized crime group ...

Microsoft Warns of New Phishing-Turned-Vishing-Turned-Phishing Attack Aimed at Installing Ransomware

Aug 24, 2021 11:35:19 AM By Stu Sjouwerman

In what appears to be a phishing attack that includes a mix of emails and phone calls, Microsoft reminds us to be wary of only opening emails and attachments from known contacts.

Phishing Attacks Have Increased by 22% This Year

Aug 19, 2021 8:34:15 AM By Stu Sjouwerman

The volume of phishing attacks has increased 22% this year compared to the first half of 2020, according to researchers at PhishLabs.

Can the Microsoft 365 Platform Be Trusted to Stop Security Breaches?

Aug 18, 2021 2:00:29 PM By Stu Sjouwerman

Lax security policies, a lack of security measures and solutions in place, and an expectation that Microsoft will address any security issues is putting organizations at risk.

Attackers Use Morse Code to Encode Phishing Attachments

Aug 17, 2021 9:56:28 AM By Stu Sjouwerman

A phishing campaign is using morse code to encode malicious attachments in order to slip past security filters, according to researchers at Microsoft. The phishing emails contain HTML ...

The Anatomy of Smishing Attacks and How to Avoid Them

Aug 16, 2021 8:56:01 AM By Stu Sjouwerman

Cybercriminals and nation-state actors continue to launch smishing attacks to steal credentials and distribute malware, according to Michael Marriott, Senior Strategy and Research Analyst ...

Spear Phishing Becomes a Bigger Problem as the Average Organization is Targeted 700 Times a Year

Aug 11, 2021 8:21:16 AM By Stu Sjouwerman

With threat actors honing their trickery skills to craft the perfect email used to fool a would-be victim recipient, new data shows cybercriminals are stepping up their game on a number ...

FTC Warns of Unemployment Insurance Phishing Scheme

Aug 10, 2021 8:22:39 AM By Stu Sjouwerman

The US Federal Trade Commission (FTC) has issued a warning about scams targeting unemployed people via text messages.

Egress: 73% of Orgs Were Victims of Phishing Attacks in the Last Year

Aug 4, 2021 9:23:12 AM By Stu Sjouwerman

A survey sponsored by Egress found that 94% of organizations suffered insider data breaches over the past year. The survey offers the following results:

Phishing Attacks Target IT Professionals More Than Any Other Organizational Role

Aug 3, 2021 9:38:45 AM By Stu Sjouwerman

New data from security vendor Ivanti suggests that cybercriminals are focusing in on those in IT roles as targets of phishing attacks, with many admitting to falling victim for these ...

[HEADS UP] Microsoft Warns of Sneaky Phishing Campaign

Aug 3, 2021 8:34:53 AM By Stu Sjouwerman

Microsoft's Security Intelligence team recently sent an alert to Office 365 users and admins to watch out for a suspicious phishing email that uses spoofed sender addresses.

New Phishing Campaign Uses Blackmail to Lure Victims

Aug 2, 2021 8:42:02 AM By Stu Sjouwerman

Bitdefender has observed a phishing campaign that tries to blackmail users into sending money by claiming their computer has been hacked. The emails contain real passwords that have been ...

Scammers Use Milanote App to Host Phishing Content and Avoid Detection by Secure Email Gateways

Jul 29, 2021 2:40:16 PM By Stu Sjouwerman

The “Evernote for creatives” collaborative platform is being used to legitimately host malicious links that point victims to phishing links, bypassing detection mechanisms.

The World’s Most Impersonated Brand in Phishing Attacks Is… (and it’s NOT Microsoft!)

Jul 29, 2021 2:39:47 PM By Stu Sjouwerman

Despite so much news surrounding phishing attacks pretending to be from Microsoft’s Office 365 platform, a new report from Vade Secure provides a global perspective to impersonation.

Cybercriminals Are Growing More Organized

Jul 28, 2021 9:03:29 AM By Stu Sjouwerman

The cybercriminal underground is becoming increasingly organized, according to researchers at HP. The criminal underground functions like a regular economy, with people selling goods and ...

Phishing Attacks Surged in Q2 2021

Jul 27, 2021 8:37:21 AM By Stu Sjouwerman

Phishing activity increased dramatically in the second quarter of 2021, according to a recent report by Vade. The company observed 4.2 billion phishing emails in June alone.

Security Awareness Training Blog

Phishing Blog

View Topics