Security Awareness Training Blog

Phishing Blog

Learn about current phishing techniques, notable campaigns and attacks, what to watch out for 'in the wild', and more.

State Unemployment Programs Are the Latest Victim of Massive Fraud

Leveraging PII from victims in Washington, North Carolina, Massachusetts, Rhode Island, Oklahoma, Wyoming and Florida, scammers from Nigeria are filing fraudulent unemployment claims.
Continue Reading

[Heads Up] Ransomware Damage Skyrockets As Ransoms Grew 14 Times In Just 12 Months

Last year was highly profitable for ransomware actors but with the prices we've seen recently, 2020 is likely to surpass it as actors continue to target large companies in key industries. ...
Continue Reading

Beware of Phony LogMeIn Security Updates

Researchers at Abnormal Security warn that a phishing campaign is trying to steal LogMeIn remote desktop credentials. The attackers are sending phishing emails that purport to come from ...
Continue Reading

Phishing Campaigns Using Google Firebase Storage

Scammers are hosting phishing pages on Google Firebase Storage to bypass email security filters, Threatpost reports. Firebase is a Google-owned application development platform that ...
Continue Reading

[Scam Of The Week] Microsoft Warns To Look Out for This Massive Covid-19 Excel Phishing Attack

Microsoft this week warned about a massive phishing attack that started on May 12. The campaign sends emails that look like they are from the "Johns Hopkins Center", and they have an ...
Continue Reading

Preying on the Unemployed

An SMS phishing campaign has been exploiting the COVID-19 crisis by spoofing the website of a job placement agency, the New York Daily News reports. The scammers set up a website that ...
Continue Reading

The Three Pillars of the Three Computer Security Pillars

Much of the world, or at least the United States, is coalescing around the NIST Cybersecurity Framework. It’s a pretty good one to follow out of the many dozens that have been proposed ...
Continue Reading

Scammers Exploit Rollout of COVID-19 Contact-Tracing Apps

An SMS phishing campaign is telling people they’ve come into contact with someone who’s contracted COVID-19, Computing reports. The UK’s Chartered Trading Standards Institute (CTSI) ...
Continue Reading

Dutch Online Retailer Wehkamp Loses 144,000 Euros in Bankruptcy Business Email Compromise

Cyber criminals successfully gained access to email traffic between bankruptcy trustees and Wehkamp – one of the biggest online retailers in The Netherlands – writes RTL Z. Employees of ...
Continue Reading

That Email from President Trump? Yeah, That’s a Phishing Scam

New phishing scams impersonating President Trump and Vice President Pence are designed to install malware or be the start of an extortion scam.
Continue Reading

World's Largest Sovereign Wealth Fund Falls For $10m Social Engineering Attack

The Norwegian Investment Fund has been swindled out of 10 million dollars by fraudsters who pulled off a social engineering attack that the Norfund called "an advanced data breach" but ...
Continue Reading

Watch Out for the Coming Tsunami of Mortgage Rescue Phishing Scams

At this point in time, with 10 years of phishing attack analysis under our belt, we can predict with a high reliability level what will be showing up in the near future. We see two scams ...
Continue Reading

[HEADS UP] Coronavirus Phishing Attacks Skyrocket to 30% Increase

Scammers riding the COVID-19 wave are adapting to new scenarios as the pandemic evolves. Checkpoint recently discovered that over 192,000 coronavirus-related phishing attacks per week ...
Continue Reading

Hacker Group Compromises the Email Accounts of More Than 150 Company’s High-Ranking Executives

The latest string of attacks leverage traditional spear-phishing techniques mixed with the use of Microsoft’s newsletter service, Sway, to trick executives into giving up their Office 365 ...
Continue Reading

[Scam of The Week] Unemployed Americans Are Now Deceived Into Grabbing ‘Remote Jobs’ As Money Mules

There are now tens of millions of people suddenly unemployed, looking for ways to make ends meet.
Continue Reading

Fake Zoom Downloader is the Latest Method of Attack on Remote Workers

Riding on the coattails of the massive rise in popularity in the video conference solution, remote workers new to Zoom need to be wary of where they download the installer.
Continue Reading

Some Phishers Who Know Their Trade

Researchers at Votiro have come across well-crafted phishing emails that purport to come from UPS, FedEx, and DHL. All of the emails contain malicious Excel attachments that will install ...
Continue Reading

What is the Right Password Policy?

What is the right password policy? Conventional password policies say you must have a password at least 8-12 characters long…16 characters or longer if it belongs to an elevated ...
Continue Reading

Q&A With Data-Driven Evangelist Roger Grimes on the Great Password Debate

I get asked a lot about password policy during my travels around the globe giving presentations and from people who email after webinars. Many of the questions are the same and I’ve ...
Continue Reading

Implausible Phishbait, But Someone May Bite

Scammers are impersonating FINRA, the Financial Industry Regulatory Authority, in an attempt to deliver malware or steal SharePoint credentials, Help Net Security reports. FINRA issued an ...
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews