Security Awareness Training Blog

Phishing Blog

Learn about current phishing techniques, notable campaigns and attacks, what to watch out for 'in the wild', and more.

Phishing campaign targets Instagram users with fake copyright notices

A new phishing campaign targeting Instagram users is using fake copyright infringement notices to steal user credentials.
Continue Reading

Blackmail and Sextortion Attacks Use Panic and Threats to Lure Their Victims

Preying on a victim’s fear of having “private” browsing details leaked sits at the center of these well-crafted attacks that leverage stolen or harvested passwords to establish ...
Continue Reading

Very Few Professionals are Confident in Their Phishing Defense Assessments

New research from ISACA and Terranova Security found that just 12% of security, assurance, risk and governance professionals are confident in their ability to assess the effectiveness of ...
Continue Reading

One in Seven Healthcare Employees Will Fall for Phishing Emails

A study recently published in the Journal of the American Medical Association highlights how vulnerable the healthcare sector is to phishing attacks, according to Jessica Davis at Health ...
Continue Reading

The Phishing Bait is Bitcoin; the Hook is a Clipboard Hijacker

A new phishing campaign is spreading malware through emails that claim to have Bitcoin investment updates, according to My Online Security. The emails direct the victim to download an ...
Continue Reading

[SCAM OF THE WEEK] Phishing Attack Warns About Boeing 737 Max Crashes And Infects Workstations

  Large airline crashes tend to uniquely focus almost everyone's attention. Lowlife internet criminals are exploiting the fear connected to these incidents, and leverage it in phishing ...
Continue Reading

[SCAM OF THE WEEK] New "Final Warning" Sextortion Emails State Adult Sites Infected You

Bleepingcomputer reported this week: "A new sextortion email campaign is underway that states a hacker infected the recipient's computer while they were visiting an adult web site. The ...
Continue Reading

Three Romanian Men Commit Vishing And Smishing Crimes Worth $21 Million

Three Romanian citizens have pleaded guilty to carrying out a scheme that used recorded messages and cellphone texts to trick thousands of people into revealing their social security ...
Continue Reading

Phishing Attack Use of Encryption Increases 400% for Malware Delivery, Communications, and Data Exfiltration

Encryption has become the norm for many cybercriminals looking to obfuscate all parts of an attack, according to Zscaler’s 2019 Cloud Security Insights Threat Report. One of the goals of ...
Continue Reading

Software Supply Chains and Phishing Top Microsoft’s List of Greatest Cyberthreats

Microsoft’s latest Security Intelligence Report highlights the trends seen in 2018 with phishing as the preferred attack method and supply chains as a primary attack target.
Continue Reading

Cyber Criminals use Domino Effect Chain Attacks to Leverage One Compromised Bank to Infect the Next

New details from international security company Group-IB show how cybercriminals are no longer looking to just steal from one bank. Instead they chain their attacks to improve their ...
Continue Reading

Malware Blindness in the Enterprise

A growing percentage of cyberattacks are using encryption to avoid detection, according to a new report by Zscaler’s ThreatLabZ researchers. Their report, summarized by Help Net Security, ...
Continue Reading

FINRA Warns of New Phishing Attack Targeting Brokerage Firms

The latest warning from Financial Industry Regulatory Authority (FINRA) puts firms on notice of yet another tailored attack seeking to gain access to firms networks.
Continue Reading

New Facebook Phishing Scam is So Good It Will Fool Even You

Scams seeking to harvest online credentials have long tried to replicate known logon pages. But this newly found instance is just about perfect.
Continue Reading

Organizations Need an Anti-Phishing Plan to Stop Cyberattacks

With the massive rise in phishing attacks, 2019 is the year for organizations to realize the concept of becoming a victim is an issue of when and no longer if.
Continue Reading

reCAPTCHA Phishbait Targets Google Users

A phishing campaign is using a phony Google reCAPTCHA system to deliver banking malware, according to researchers at Sucuri. The attackers are sending emails, supposedly from a Polish ...
Continue Reading

It's The Season for Tax Scams... Again

America's Internal Revenue Service is warning taxpayers about a surge in phishing emails, links, and phone calls during tax season, according to Toni Birdsong at McAfee. The scammers pose ...
Continue Reading

Bogus Job Offers as Phishbait

A series of phishing campaigns are targeting companies in various industries with phony job offers using direct messages on LinkedIn, according to researchers at Proofpoint. The attacker ...
Continue Reading

The NoRelationship Attack Bypasses Office 365 Email Attachment Security

Attackers are bypassing Office 365 email attachment security by editing the relationship files that are included with Office documents, according to Yoav Nathaniel at Avanan. A ...
Continue Reading

Phishing campaign attempts to spread a new brand of snooping malware

Danny Palmer at ZDNet had the scoop: "A cyber espionage campaign is targeting national security think tanks and academic institutions in the US in what's believed to be an intelligence ...
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews