Security Awareness Training Blog

Phishing Blog

Learn about current phishing techniques, notable campaigns and attacks, what to watch out for 'in the wild', and more.

“Hack for Hire” Groups Offer Single Account Break-In Services For Just $750

  Along with everything else malicious that’s available “as-a-Service”, the latest addition takes the burden of trying to initially hack an organization off of the plate of would-be ...
Continue Reading

Global GozNym Takedown Shows The Anatomy Of A Modern Cybercrime Supply Chain

By Javvad Malik, our new Security Awareness Advocate for EMEA. A multi-national collaborative law enforcement effort has arrested individuals allegedly behind Nymaim and Gozi, also known ...
Continue Reading

Account Takeover Attacks Increase as Cybercriminals Fine-Tune Their Brand Impersonation, Social Engineering, and Phishing Skills

The latest Spear Phishing Report from Barracuda highlights how cybercriminals are systematically improving their game… and are becoming more successful for it. The capturing of user ...
Continue Reading

Phishing Attacks Top Verizon’s List of Threat Actions Used in Data Breaches

Verizon’s latest Data Breach Investigations Report provides valuable insight into exactly how attacks are carried out, what tactics are working, and how users are helping.
Continue Reading

Phishing Continues to Rise as Attacks Go Malwareless

Cybercriminals seem to be honing their craft, picking specific attack types, victim demographics, and methods, according to new data from the latest PhishLab’s report.
Continue Reading

Russian cyberspies are using one hell of a clever Microsoft Exchange backdoor

A Russian cyber-espionage group has developed and has been using one of the most complex backdoors ever spotted on an email server, according to new research published by cyber-security ...
Continue Reading

IT and Executives are (Mostly) in Alignment and Both Fear the Phish

According to the latest from AT&T Cybersecurity, enterprise IT and boardrooms largely see eye-to-eye… and those eyes are watching some very common, yet pervasive, threats.
Continue Reading

[Heads-up] Scary New MegaCortex Ransomware Strain Discovered That Targets Your Business Network

Sophos has discovered a scary new strain of very sophisticated ransomware called MegaCortex. It was purpose-built to target corporate networks, and once penetrated, the attackers infect ...
Continue Reading

Exploiting Google on the Cheap

By Eric Howes,  KnowBe4 Principal Lab Researcher.  So, maybe you're a bad guy who doesn't have fancy code monkeys who can cook up an exploit that effectively converts Google into a ...
Continue Reading

New Phishing Campaign From 'FBI Director Wray' is Hysterical

Our friend Larry Abrams who runs the bleepingcomputer site had something highly entertaining: "We regularly write about phishing emails at BleepingComputer.com in order to warn our ...
Continue Reading

Social Media Phishing Attacks Up More Than 70 Percent

Social media phishing, primarily on Facebook and Instagram, has seen a 74.7 percent increase in the first quarter of 2019. A new report on the current phishing landscape from predictive ...
Continue Reading

Brunswick Church Falls For Phishing Scam Of Almost $2 Million

Staff at St. Ambrose Roman Catholic Church in Brunswick say the church was scammed out of nearly $2 million. The church said a phishing email led it to believe that a construction firm ...
Continue Reading

Cryptojacking Phishing Attacks Target Enterprises With NSA-Linked Exploits

  Summary: Researchers at Symantec are tracking a cryptojacking campaign that —for now—seems mostly to affect businesses in China. They're calling the campaign "Beapy," and the worm ...
Continue Reading

PDFs Return as Phishbait

The use of malware-laden PDF email attachments has spiked in recent months, internet security company SonicWall has found. Over the course of 2018, SonicWall detected 47,000 new attack ...
Continue Reading

Scott County Schools victim of $3.7 million CEO Fraud Phishing Scam

GEORGETOWN, Ky. (WKYT) - Scott County Schools has announced the district is a victim of a multi-million dollar online scam. 
Continue Reading

[BREAKING NEWS] US Supreme Court Curbs Class Action Lawsuits Caused By W-2 Phishing Fraud

BREAKING NEWS: The upshot: This case made it all the way to the Supreme Court and sets a new precedent. A phished employee sent out 1,300 confidential employee W-2 data.
Continue Reading

[Heads up] Sneaky Phishing Attacks Exploit Legitimate Services & Platforms to Fly Below Your AV's Radar

By Eric Howes,  KnowBe4 Principal Lab Researcher. Over the last few months, we have seen a rising trend of the bad guys using legitimate services—mainly file hosting platforms, but also ...
Continue Reading

Phishing Emails Will Always Get Through

Attackers have proven their ability to adapt to improved security measures, and organizations should never assume they’re safe from phishing emails, says Paul Gillin at SiliconANGLE.
Continue Reading

Executives are Out and Employees are In as Cybercriminals Change Their Primary Targets for Cyberattack

Phishing and Social Engineering scammers are shifting tactics, focusing efforts on low-level employees using a variety of methods as a means to cast a wider net within a targeted ...
Continue Reading

Phishing Attacks See Massive Increases and Improvements in Execution with Social Engineering at the Helm

With 98% of malicious emails that hit inboxes containing no malware, the evolution and future of the phish lies squarely in the hands of effective social engineering.
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews