Security Awareness Training Blog

Phishing Blog

Learn about current phishing techniques, notable campaigns and attacks, what to watch out for 'in the wild', and more.

62% of Phishing Emails Bypassed DMARC Checks in 1H of 2024

A report from Darktrace has found that 62% of phishing emails in the first half of 2024 were able to bypass DMARC verification checks in order to reach users’ inboxes.
Continue Reading

“Pastejacking” Attacks Are Becoming a Thing (Because Users are Falling for Them)

New analysis shows users can be convinced to copy and paste malicious code on behalf of the attacker.
Continue Reading

AI Tools Have Increased the Sophistication of Social Engineering Attacks

The Cyber Security Agency of Singapore (CSA) has warned that threat actors are increasingly using AI to enhance phishing and other social engineering attacks, Channel News Asia reports.
Continue Reading

New Malvertising Campaign Impersonates Google Authenticator

Researchers at Malwarebytes spotted a malvertising campaign that abused Google Ads to target people searching for Google Authenticator.
Continue Reading

Brand Impersonation of Microsoft Increases 50% in One Quarter

The use of the Microsoft brand in phishing attacks demonstrates both its widespread credibility as well as the continued success of attacks leveraging it.
Continue Reading

Your Users Still Fall For Phishing Attacks Because of URL Shorteners

Analysis of current phishing attacks by security researchers have uncovered an increase in the use of trusted shortlink services.
Continue Reading

New Research: Smaller Companies Receiving Higher Rates Of Phishing Emails

Researchers at Barracuda have found that smaller companies tend to receive a higher rate of phishing attacks spread across the organization, according to a report looking at the phishing ...
Continue Reading

Half of Travel-Themed Spam Emails Are Scams

Researchers at Bitdefender have found that half of all travel-themed spam emails contain scams.
Continue Reading

The First Half of 2024 Results in More Than 1 Billion Data Breach Victims

New data shows that cyber attacks have resulted in double the number of data breaches in 2024 than throughout all of 2023.
Continue Reading

New Phishing Kit Uses Voice Call Generator to Impersonate Spanish Banks

A new cybercriminal group is selling “a sophisticated AI-powered phishing-as-a-service platform” that targets 36 Spanish banks, according to researchers at Group-IB.
Continue Reading

Scammers Exploit Interest in Generative AI Tools

Researchers at Palo Alto Networks’s Unit 42 are tracking phishing attacks exploiting interest in generative AI tools. The researchers observed spikes in suspicious domain registrations ...
Continue Reading

QR Code Phishing is Still on the Rise. The SEG is Dead.

Organizations need to be aware of the threat posed by QR code phishing (quishing), according to researchers at Trend Micro.
Continue Reading

New Phishing Scam Leverages Chat To Add Credibility And Ensure Success

A new phishing scam is leveraging trusted aspects of ecommerce to make their scams look legitimate.
Continue Reading

Phishing Campaigns Continue To Exploit CrowdStrike Outage

As expected, threat actors are taking advantage of the global IT outage caused by a faulty CrowdStrike update last Friday, SC Media reports.
Continue Reading

Russian Super-Threat Group Fin7 Comes Back from the Dead

Declared “dead” by the U.S. Attorney’s Office in 2023, the Russian cyber crime group Fin7 is impersonating some of the top global brands.
Continue Reading

Phishing Campaigns Abuse Cloud Platforms to Target Latin America

Several threat actors are abusing legitimate cloud services to launch phishing attacks against users in Latin America, according to Google’s latest Threat Horizons Report.
Continue Reading

Phishing Attacks Will Likely Follow Last Week’s Global IT Outage

Organizations should expect to see phishing attacks exploiting the global IT outage that occurred last Friday, the Business Post reports.
Continue Reading

CrowdStrike Phishing Attacks Appear in Record Time

I have been the CEO of an anti-virus software developer. We had a special acronym for catastrophic events like this, a so-called "CEE". As in Company Extinction Event. But first: Our ...
Continue Reading

CISA’s Red Team Exercise Shows Value of Phishing, but Misses the Best Recommendation

Phishing is used to completely compromise the victim’s environment after other repeated methods failed.
Continue Reading

Cyber Threats Targeting the 2024 Paris Olympics

Our friends at the CyberWire reported: "ZeroFox and Fortinet have both published reports on threats facing the 2024 Olympics in Paris. ZeroFox says the primary cybersecurity threat will ...
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews