Security Awareness Training Blog

Phishing Blog

Learn about current phishing techniques, notable campaigns and attacks, what to watch out for 'in the wild', and more.

Researchers Warn of EtterSilent Facilitating Risky Malware Delivery

Cybercriminals are using a new malicious document builder dubbed “EtterSilent,” according to researchers at Intel 471. The builder is used to craft Microsoft Office documents with macros ...
Continue Reading

Lazarus Group Uses New Technique to Avoid Detection

North Korea’s Lazarus group is using an interesting method to evade security measures, according to researchers at Malwarebytes. The threat actor is sending phishing emails with malicious ...
Continue Reading

Phishing Campaign Abuses Contact Forms

Attackers are abusing websites’ contact forms to send malicious emails to the websites’ owners, according to researchers at Microsoft. The emails contain bogus copyright claims with a ...
Continue Reading

Phishing Tactics Help Legitimate Pension Fund to Secure Meetings with Prospective Customers

Security researchers uncover a marketing campaign that takes a page from the cybercriminal phishing handbook to “trick” pensioners to have an introductory call with their fund expert.
Continue Reading

COVID-Related Phishing Attacks Return to Mid-Pandemic Heights

New data from Palo Alto Network’s Unit42 provides a wealth of insight into specifically how cybercriminals have leveraged COVID-related theming to ensure a successful phishing attack.
Continue Reading

[INFOGRAPHIC] Q1 2021 Report Shows Users are More Savvy to COVID-19 Phishing Scams

KnowBe4's latest quarterly report on top-clicked phishing email subjects is here. These are broken down into three different categories: social media related subjects, general subjects, ...
Continue Reading

2021 Phishing Trends Face Alarming Predictions and Will Likely Include Automated Attacks

Researchers at INKY warn that targeted phishing attacks will continue throughout 2021, as some employees return to the office and others continue working from home. They predict that ...
Continue Reading

[HEADS UP] DocuSign Issues Alert of Malicious New Hacking Tool

Earlier this week, DocuSign issued an alert that notified users of a new hacking tool. This tool is imitating DocuSign so then the bad guys can drop malware into victims' systems.
Continue Reading

Australian Organizations Increase Cyber Security Spend to Nearly A$5B in 2021

The rise in cyberattacks in Australia is seeing its natural result – organisations realizing the need to put more budget focused on cybersecurity, with the largest portion going towards ...
Continue Reading

New Phishing Attacks Bypass Secure Email Gateways Using Some Very Creative Methods

Microsoft Security Intelligence warns of phishing attacks being sent from legitimate email addresses and IP ranges, taking advantage of gateway configuration settings to ensure delivery.
Continue Reading

Phishing Attacks Using PDF Files Have Skyrocketed

Phishing attacks using PDF files have spiked over the past year, according to researchers at Palo Alto Networks’ Unit 42.
Continue Reading

The Growing WeTransfer Phishing Campaign Can Put Your Users at Risk

Researchers at Avanan have observed a phishing campaign that’s impersonating the WeTransfer file-sharing app in an attempt to steal users’ credentials. The email’s subject line states, ...
Continue Reading

[HEADS UP] New Phishing Attack With .TXT Attachment Can Steal All Your Secrets

The 360 security blog just came up with an eye opener. Recently, 360 Security Center’s threat monitoring platform has detected a new email phishing attack. This attack uses a ...
Continue Reading

UK Users Should Be Aware of Census-Themed Phishing Attacks

Users in the UK should be on the lookout for census-themed phishing attacks, according to Paul Ducklin at Naked Security. Participating in the census is mandatory in the UK, and people ...
Continue Reading

Expect More Travel-Related Phishing as the Pandemic Subsides

People need to be wary of travel-related phishing as the pandemic draws to a close, according to Fleming Shi, Chief Technology Officer at Barracuda Networks. On the CyberWire’s Hacking ...
Continue Reading

Office 365 Phishing Kits Are Being Used in a New Attack Targeting Execs and Finance

A new highly-targeted phishing campaign is seeking to compromise the online credentials of those with influence within an organization using an Office 365-themed update attack.
Continue Reading

Cybercrime Skyrocketed in the US by 55%

According to data released by StockApps, the annual loss from any type of cybercrime in the US reached $4.2 billion in 2020. This turns into billions of dollars lost, and a 55% increase ...
Continue Reading

IRS Warns of Phishing for Dot EDU Email Users

The Internal Revenue Service (IRS) has issued an alert warning about a phishing scam targeting university students. A link in the emails leads to a phishing site that asks users to enter ...
Continue Reading

Recent Phishing Scams that Managed to Bypass Email Security Filters

Researchers at Armorblox describe several recent phishing scams that managed to bypass email security filters. The first attempted to gain access to users’ Facebook accounts.
Continue Reading

There Is No Herd Immunity in the Digital World

When I was first starting off in my career, I wanted to be a doctor. As life often goes, I got waylaid. Wanting to be a doctor turned in an accounting major and CPA certification, quickly ...
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews