New IcedID and QBot Phishing Campaigns Are Running Amuck

Jul 1, 2021 10:48:05 AM By Stu Sjouwerman

Researchers at Kaspersky recently spotted two widespread phishing campaigns delivering the IcedID and QBot banking Trojans. The majority of users targeted by the IcedID campaign were ...

New Phishing Attack Adds a Call Center Step to Get You to Download Malware

Jun 29, 2021 9:37:55 AM By Stu Sjouwerman

Unlike traditional phishing emails that simply attach or link to a malicious file, a new scam from cybercriminal group BazaCall makes victims call in and be instructed to download the ...

An Unusual Attachment is Most Likely a Phishing Campaign

Jun 29, 2021 9:37:48 AM By Stu Sjouwerman

A phishing campaign is using Windows Imaging Format (WIM) files to deliver malware, according to researchers at Trustwave. WIM files aren’t commonly thought of as potentially malicious, ...

Attackers Abuse Google Docs for Phishing Attacks

Jun 24, 2021 8:48:29 AM By Stu Sjouwerman

Attackers are using a new technique to exploit Google Docs for phishing attacks, according to researchers at Avanan. The attackers take advantage of the fact that Google Docs ...

Leaked Copies of Windows 11 Could Be Tempting Phishbait for Techies

Jun 22, 2021 10:15:55 AM By Stu Sjouwerman

The latest anticipated release of Windows should be a reminder that even IT folks can be driven into a frenzy enough to miss the signs of a malicious campaign.

Why Phishing Attacks Are So Easy, Successful and Profitable – and What to do About It

Jun 22, 2021 10:15:40 AM By Stu Sjouwerman

With phishing attacks being thought to have started literally 25 years ago, what makes this age-old method so continually valuable as a tool for cybercriminals and scammers?

The Number of Phishing Sites in March Was Twice That of the Previous Year

Jun 22, 2021 10:15:22 AM By Stu Sjouwerman

With the number of phishing sites in Q1 overall up 47%, according to new data from Phishlabs, the bad guys are starting their year off letting you know… they mean business.

[Heads Up] If You're an Amazon Prime Shopper, Heed This Prime Day Phishing Alert

Jun 17, 2021 10:00:25 AM By Stu Sjouwerman

Amazon Prime Day is approaching on June 21st with special promotions. This also mean cybercriminals are ready to strike with leveraging 'special deals' on the online days that they will ...

The Number of Phishing Websites Hits an All-Time High Reaching Nearly 350% Growth

Jun 16, 2021 3:55:58 PM By Stu Sjouwerman

According to the newly released data from the Anti-Phishing Working Group, every metric measuring phishing attacks is up this year over last, spelling trouble for organizations.

New BEC Phishing Attack Steals Office 365 Credentials and Bypasses MFA

Jun 15, 2021 2:01:41 PM By Stu Sjouwerman

Leveraging Microsoft Exchange’s Basic Authentication support, scammers were able to use harvested online credentials and bypass any MFA in place, giving them access to mailboxes.

New “Ransomware Update” Phishing Attack Seeks to Enjoy the Same Successes as the Recent Pipeline Attack

Jun 14, 2021 4:21:43 PM By Stu Sjouwerman

When your users receive a realistic-looking helpdesk email informing them they should update their system to prevent ransomware attacks, what could possibly go wrong?

Fax/Scan Phishing Attacks Jump Nearly 500% as Workers Return to the Office

Jun 14, 2021 4:21:40 PM By Stu Sjouwerman

The bad guys take advantage of any major event as the source of a new phishing campaign. According to new data from Avanan, this latest campaign aligns with heading back to the office.

Insights Into Credential Phishing

Jun 9, 2021 10:36:37 AM By Stu Sjouwerman

Cybercriminals are quick to put hacked accounts to use, according to Agari by Help Systems. The researchers found that 91% of compromised accounts are accessed by attackers within one ...

FINRA Warns U.S. Brokerage Firms of New Phishing Campaign Threatening Penalties for Non-Compliance

Jun 9, 2021 10:09:40 AM By Stu Sjouwerman

In the latest phishing campaign targeting FINRA member firms, attackers impersonate requests from the regulatory authority citing the potential to “attract penalties” if request ...

Phishing Trends Show Adult Themes Have Skyrocketed 974%

Jun 7, 2021 8:48:15 AM By Stu Sjouwerman

Phishing lures with adult themes have spiked over the past year, according to researchers at GreatHorn. The researchers explain that these emails are effective at getting people to click, ...

Use of TLS to Obfuscate Malicious C2 Communications Doubles in the Last Year

Jun 2, 2021 4:57:30 PM By Stu Sjouwerman

With 98% of all web traffic going over HTTPS, the malicious use of TLS (transport layer security) helps the cybercriminal conceal their activity specifics while also potentially doing so ...

Cyber Hygiene not a Focus for Cybersecurity Leaders, Despite Being Targets of Attacks Themselves

Jun 2, 2021 4:46:48 PM By Stu Sjouwerman

New findings from a survey of over 100 global cybersecurity leaders across all major industries sheds light on the apathy around needed proper cyber hygiene in their own lives.

New Email Attack Takes a Phishing-Turned-Vishing Angle to Steal Credit Card Info

May 28, 2021 9:56:51 AM By Stu Sjouwerman

Details on this new scam demonstrate how cybercriminal gangs are working to try use new mediums and social engineering methods to trick users into becoming victims.

Cybersecurity Insurance Landscape Is Fundamentally Changing Right Now

May 26, 2021 8:36:48 AM By Roger Grimes

By Roger Grimes. Ransomware is stealing so much money and interrupting so many businesses that it might be the beginning of their undoing. It is certainly radically changing the ...

UK Royal Mail Smishing Crew Nabbed By City Of London Police

May 24, 2021 3:34:30 PM By Stu Sjouwerman

According to a report by ZDNet, there were arrests made due to suspicions of sending 'smishing' texts. Smishing is a form of phishing that sends SMS messages in order to steal personal ...

Security Awareness Training Blog

Phishing Blog

View Topics