Phishing Attacks Impersonating Big Brands Start to Zero in on Just One Brand

Dec 3, 2024 2:43:22 PM By Stu Sjouwerman

The latest data on brand phishing trends shows one brand dominating quarter over quarter, but also continuing to take on a larger share of the brand impersonation.

Cruel Year-End Twist: When Fake Firing Is A Real Phishing Attack

Dec 2, 2024 2:42:51 PM By Stu Sjouwerman

Cybercriminals are constantly evolving their tactics to exploit our vulnerabilities. A recent phishing campaign has taken this to a new low, preying on people's fear of job loss to trick ...

Nearly Every Hacker Believes AI Tools Have Created a New Attack Vector

Nov 27, 2024 12:19:44 PM By Stu Sjouwerman

A new survey of hackers shows that AI is not only empowering hackers to be more effective, but that AI itself is “ripe for exploitation.”

CISA Strongly Recommends Phishing-Resistant MFA

Nov 27, 2024 10:16:09 AM By Roger Grimes

We are excited to see the Cybersecurity Infrastructure Security Agency (CISA) and outgoing Director Jen Easterly strongly recommend PHISHING-RESISTANT multi-factor authentication (MFA).

Chinese Threat Actor Targets Black Friday Shoppers With Phishing Campaign

Nov 26, 2024 9:39:08 AM By Stu Sjouwerman

Researchers at EclecticIQ warn that the financially motivated Chinese threat actor “SilkSpecter” has launched a phishing campaign targeting Black Friday shoppers across Europe and the US.

U.K. Residents are Victims of the Latest Phishing Scam Targeting Starbuck Customer Credentials

Nov 26, 2024 9:38:48 AM By Stu Sjouwerman

Analysis of a new phishing attack highlight just how easy it can be to spot these kinds of attacks if recipients were properly educated.

Phishing Emails Use SVG Files to Avoid Detection

Nov 22, 2024 11:39:14 AM By Stu Sjouwerman

Phishing emails are increasingly using Scalable Vector Graphics (SVG) attachments to display malicious forms or deliver malware, BleepingComputer reports.

[Heads Up] Bad Actor Uses Deepnude AI Image Generator to Lure And Infect Users

Nov 22, 2024 11:39:11 AM By Stu Sjouwerman

The threat group FIN7 is using the lure of generating nude images of favorite celebrities to get victims to download their NetSupport RAT.

Phishing Attacks Exploits the Open Enrollment Period

Nov 22, 2024 9:18:17 AM By Stu Sjouwerman

A phishing campaign is impersonating HR to target employees who are making annual insurance changes during the open enrollment period, according to researchers at Abnormal Security.

Out of 29 Billion Cybersecurity Events, Phishing was the Primary Method of Initial Attack

Nov 20, 2024 2:22:11 PM By Stu Sjouwerman

The newly released single largest analysis of cyber attacks across all of 2023 show a strong tie between the use of phishing and techniques designed to gain credentialed access.

Beware of Fake Tech Support Scams

Nov 20, 2024 2:22:06 PM By Roger Grimes

About five years ago, I was having trouble with an expensive brand-name refrigerator that my wife and I had bought. It was a great refrigerator feature-wise. My wife and I initially loved ...

Dark Side of Deals: Emerging Scams for Black Friday, Cyber Monday and Giving Tuesday

Nov 20, 2024 10:41:06 AM By Javvad Malik

As the holiday shopping season kicks into high gear, cybercriminals are gearing up too. This year, alongside the usual suspects, we're seeing some crafty new scams, so let’s take a look ...

Threat Actors are Sending Malicious QR Codes Via Snail Mail

Nov 20, 2024 10:40:54 AM By Stu Sjouwerman

The Swiss National Cyber Security Centre (NCSC) has warned of a QR code phishing (quishing) campaign that’s targeting people in Switzerland via physical letters sent through the mail, ...

Purina’s Champions Program Is the Best I Have Seen

Nov 19, 2024 9:02:42 AM By Roger Grimes

In my most recent book, Fighting Phishing: Everything You Can Do to Fight Social Engineering and Phishing, I highlight the use of “champions," which are co-workers in your organization ...

Phishing Attacks Exploit Microsoft Visio Files and SharePoint

Nov 15, 2024 10:06:32 AM By Stu Sjouwerman

Threat actors are exploiting Microsoft Visio files and SharePoint to launch two-step phishing attacks, according to researchers at Perception Point.

Half of all Ransomware Attacks This Year Targeted Small Businesses

Nov 15, 2024 10:05:57 AM By Stu Sjouwerman

New data shows just how crippling ransomware has been on small businesses that have fallen victim to an attack and needed to pay the ransom.

Fortifying Defenses Against AI-Powered OSINT Cyber Attacks

Nov 13, 2024 3:08:55 PM By James McQuiggan

In the ever-evolving landscape of cybersecurity, the convergence of Artificial Intelligence (AI) and Open-Source Intelligence (OSINT) has created new opportunities for risk.

Criminal Threat Actor Uses Stolen Invoices to Distribute Malware

Nov 13, 2024 3:08:32 PM By Stu Sjouwerman

Researchers at IBM X-Force are tracking a phishing campaign by the criminal threat actor “Hive0145” that’s using stolen invoice notifications to trick users into installing malware.

Nation-State Threat Actors Rely on Social Engineering First

Nov 12, 2024 3:38:33 PM By Stu Sjouwerman

A new report from ESET has found that most nation-state threat actors rely on spear phishing as a primary initial access technique.

Criminals Use Search Engine Poisoning to Boost Phishing Pages

Nov 11, 2024 4:46:36 PM By Stu Sjouwerman

Researchers at Malwarebytes warn that cybercriminals are using search engine poisoning to boost phishing pages to the top of Bing’s search results.

Security Awareness Training Blog

Phishing Blog

View Topics