Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

Security Awareness Training Blog

Phishing Blog

Learn about current phishing techniques, notable campaigns and attacks, what to watch out for 'in the wild', and more.

View Topics

Credential Stuffing the Financial Services Sector

May 21, 2021 8:54:50 AM By Stu Sjouwerman
Credential stuffing in the financial services industry has risen significantly over the past year, according to Akamai’s latest State of the Internet / Security report. Credential ...
Continue Reading

Transparent Tribe Uses Spoofed Domains in Social Engineering Attacks

May 18, 2021 10:29:59 AM By Stu Sjouwerman
Researchers at Cisco Talos warn that the threat actor known as “Transparent Tribe” (also known as APT36 and Mythic Leopard) is using spoofed websites and malicious documents to deliver ...
Continue Reading

[NEW PhishER Feature] Flip the Script on Phishing Emails with PhishFlip

May 18, 2021 8:15:00 AM By Stu Sjouwerman
We are excited to announce the availability of PhishFlip™ as part of the PhishER product to all PhishER customers.
Continue Reading

FBI Finds Phishing Sites Abusing Search Results and Ads to Steal Banking Credentials

May 13, 2021 8:56:37 AM By Stu Sjouwerman
The US Federal Bureau of Investigation has sent out a private industry notification (PIN) warning that cybercriminals are using search engine ads and search results to spread phishing ...
Continue Reading

New QuickBooks-Themed Phishing Attack Seeks to Infect Victims with Dridex Malware

May 12, 2021 8:18:57 AM By Stu Sjouwerman
Purporting to be invoices and payment reminders, this new campaign targets users of the popular accounting software to install the banking trojan on its victims endpoints.
Continue Reading

Phishing Scammers Remove ‘External Sender’ Email Warnings Impersonating Internal Users

May 12, 2021 8:18:49 AM By Stu Sjouwerman
With little more than some CSS and HTML coding, a security researcher demonstrates how easy it is to eliminate security warnings placed on email messages by security products.
Continue Reading

Your Organization Needs to Take Security Awareness Training More Seriously

May 11, 2021 4:08:50 PM By Roger Grimes
Your organization needs to take security awareness training (SAT) more seriously. I mean truly serious, really serious, and not relegated to some quasi-, semi-serious status that the vast ...
Continue Reading

Wine-Themed Phishing Attacks Have Turned Sour During the Pandemic

May 11, 2021 12:45:30 PM By Stu Sjouwerman
Scammers took advantage of people’s desire to order wine online during the pandemic, Decanter reports. Researchers at Recorded Future disclosed in a recent report that wine-related ...
Continue Reading

[On-Demand Webinar] A Master Class on IT Security: Roger Grimes Teaches You Phishing Mitigation

May 10, 2021 10:00:00 AM By Stu Sjouwerman
Phishing attacks have come a long way from the spray-and-pray emails of just a few decades ago. Now they’re more targeted, more cunning and more dangerous. And this enormous security gap ...
Continue Reading

[NEW FEATURE] AI-Driven Phishing Helps Admins Deliver a Personalized Simulated Phishing Experience to Each User

May 6, 2021 4:50:21 PM By Stu Sjouwerman
We are excited to announce the availability of KnowBe4’s new AI-Driven Phishing feature. The KnowBe4 phishing platform now leverages machine learning to recommend and deliver informed and ...
Continue Reading

New IceID Phishing Attack Targets Website Owners Using Image Copyright Infringement as The Hook

May 6, 2021 9:00:16 AM By Stu Sjouwerman
Spotted by the Microsoft 365 Defender Threat Intelligence Team, this new phishing attack threatens legal action to trick victims into installing information-stealing malware.
Continue Reading

W-2 Form Office 365 Credential Scam Creatively Uses Typeform Service to Bypass Security Checks

May 6, 2021 8:59:44 AM By Stu Sjouwerman
By creating phishing site pages using an online service for building surveys and forms, scammers figured out an original way to trick users out of their Office 365 credentials.
Continue Reading

Cybersecurity Spend Is Now More Than 20% of the Average IT Budget As 91% of Organizations Suffering an Attack had Operations Impacted

May 6, 2021 8:58:25 AM By Stu Sjouwerman
The latest data from the Hiscox Cyber Readiness Report highlights how organizations are experiencing cyber threats and how they are responding to increase their readiness for next time.
Continue Reading

[HEADS UP] New Malware Families Found in Phishing Campaign

May 5, 2021 1:36:54 PM By Stu Sjouwerman
Researchers from FireEye's security team found new malware families in a financial phishing campaign. The Malware strains are dubbed Doubledrag, Doubledrop, and Doubleback and have been ...
Continue Reading

UK IT Decision Makers Fear Their Remote Workers Put Company Data at Risk for Data Breach

May 4, 2021 11:23:23 AM By Stu Sjouwerman
According to an annual survey from Apricorn, UK IT decision makers are fearing the worst as their staff continues to work in a remote environment.
Continue Reading

May the 4th Be With You and Your Users!

May 4, 2021 9:20:09 AM By James McQuiggan
May the force be with you, May the fourth be with you, may the phish not attack you. Okay, so it does not quite rhyme, but you get the idea. We reach the fourth day of the fifth month of ...
Continue Reading

U.K. Royal Mail-related Phishing Scams Are Up 645%

Apr 30, 2021 12:25:08 PM By Stu Sjouwerman
New data from CheckPoint highlights how scammers are using simple shipping-related social engineering scams to trick victims into giving up personal information and credit card details.
Continue Reading

Why Should We Care About Personal Smishing Attacks?

Apr 29, 2021 10:33:34 AM By Roger Grimes
I am not sure what is going on these days, but for several weeks, I have received far more SMS-based phishing (i.e., smishing) attacks than usual.
Continue Reading

Scammers Target Rogers Customers With SMS Messages

Apr 29, 2021 10:33:17 AM By Stu Sjouwerman
Scammers are targeting Rogers customers with text messages offering $50 refunds, according to BleepingComputer. The Canadian telecommunications provider suffered a widespread outage last ...
Continue Reading

Researchers Warn of EtterSilent Facilitating Risky Malware Delivery

Apr 29, 2021 10:25:23 AM By Stu Sjouwerman
Cybercriminals are using a new malicious document builder dubbed “EtterSilent,” according to researchers at Intel 471. The builder is used to craft Microsoft Office documents with macros ...
Continue Reading
Subscribe

Search Our Blog


Comprehensive Anti-Phishing Guide

Subscribe To Our Blog

Posts By Topic

View all

Get the latest about social engineering

Subscribe to CyberheistNews