Phishing and Impersonated Brands

Feb 16, 2021 8:24:13 AM By Stu Sjouwerman

Microsoft is still the most impersonated brand for phishing campaigns, according to researchers at Vade Secure. The security firm spotted 30,621 unique Microsoft-related phishing URLs in ...

New Phishing Scam Uses Fake PPP Loans to Trick Victims into Giving Up Personal Information

Feb 12, 2021 4:32:25 PM By Stu Sjouwerman

Taking advantage of people’s need for financial assistance, these scammers pose as a bank offering “forgivable business loans to individuals impacted by the pandemic.”

Phishing for Love

Feb 12, 2021 10:02:15 AM By Stu Sjouwerman

Valentine’s Day-themed phishing campaigns are spiking, researchers at Check Point warn. There was a 29% increase in Valentine’s Day-related phishing domains last month, compared to a 6% ...

[New E-Book] Comprehensive Anti-Phishing Guide

Feb 12, 2021 8:45:42 AM By Stu Sjouwerman

Spear phishing emails remain a top attack vector for the bad guys, yet most companies still don’t have an effective strategy to stop them.

It’s Not Only About the URL

Feb 11, 2021 3:01:41 PM By Roger Grimes

You have to look at the totality of an email to determine whether it is a phishing attack or not.

[HEADS UP] NHS Issues Warning as UK COVID-19 Vaccine Scams Are Still Running Rampant

Feb 11, 2021 11:08:05 AM By Stu Sjouwerman

The National Health Service (NHS) in the UK recently sent a warning that cybercriminals are using social engineering tactics to target people wanting a COVID-19 vaccine email that is ...

US Gmail Users Are Preferred Phishing Targets

Feb 11, 2021 8:26:01 AM By Stu Sjouwerman

Google has found that most phishing attacks (42%) target Gmail users in the US. Users in the UK were the second most targeted, with 10% of attacks. Japan came in third with 5% of phishing ...

New Phishing Attack Uses Morse Code to Avoid Detection by Email Scanners

Feb 10, 2021 2:46:52 PM By Stu Sjouwerman

Yes – you read that right: Cybercriminals have found a way to use 1830’s technology to trick 2020s security solutions into not identifying phishing attachments as malicious.

New Phishing Attack Uses Google Firebase to Trick Microsoft and Achieve a Spam Confidence Level of Just 1

Feb 10, 2021 2:46:41 PM By Stu Sjouwerman

This new phishing scam takes advantage of inherent trust in credible domains to get past the scrutiny of even Microsoft to trick Office 365 users into giving up their online credentials.

[World Premiere] KnowBe4’s New Season 3 of Netflix-Style Security Awareness Video Series - ‘The Inside Man’

Feb 9, 2021 8:52:30 AM By Stu Sjouwerman

We’re excited to announce Season 3 of the award-winning KnowBe4 Original Series - ‘The Inside Man’. This network-quality video training series delivers an entertaining learning experience ...

Three Tips to Stay Safe on the Road and the Information Superhighway

Feb 9, 2021 7:50:24 AM By James McQuiggan

You surf the world wide web, you scroll through social media feeds, read articles, shop online, and respond to email through the incredible invention of the internet. We're all driving on ...

SOC teams spend nearly a quarter of their day handling suspicious emails

Feb 4, 2021 4:51:06 PM By Stu Sjouwerman

Jeremy Fuchs at Avanan just blogged about a new report they released. It revealed some surprising results about the time SOC teams have to spend investigating suspicious emails reported ...

Using Legitimate Services to Bypass Phishing Protections

Feb 3, 2021 8:25:33 AM By Stu Sjouwerman

Researchers at Abnormal Security have identified two techniques that attackers are using to bypass email security filters. The first tactic takes advantage of the fact that Microsoft ...

[Heads Up] Email Phishing Is Now the Top Ransomware Attack Vector

Feb 1, 2021 3:02:53 PM By Stu Sjouwerman

New data shows that pushback from the ransomware victim “market” may be influencing just how much cybercriminals are asking for as ransom and are being paid.

[HEADS UP] New Phishing Kit Spotted on Over 700 Domains

Jan 28, 2021 8:58:57 AM By Stu Sjouwerman

A cybercriminal gang has recently developed a new phishing kit named LogoKit on several domains. LogoKit changes logos and text in real-time in order to adapt to the targeted victims.

Beware the Long Con Phish

Jan 28, 2021 8:00:00 AM By Roger Grimes

Social engineering and phishing happen when a con artist communicates a fraudulent message pretending to be a person or organization which a potential victim might trust in order to get ...

Australians Experienced over 200K Scams in 2020 Costing Over A$176 Million

Jan 28, 2021 7:09:17 AM By Stu Sjouwerman

New data from the Australian government’s Scamwatch site shows that phishing and vishing topped the list of scam types used to trick Australians into becoming a scam’s next victim.

A UK Case Study: Recognizing COVID-19 Phishing

Jan 28, 2021 7:01:12 AM By Stu Sjouwerman

A phishing campaign is using convincingly spoofed offers for COVID-19 vaccination sign-ups, according to Tom Allen at Computing. As vaccines are now being distributed around the world, ...

Confident About Detecting Spoofed, Scam Emails?

Jan 26, 2021 8:25:54 AM By Stu Sjouwerman

A survey by ESET found that most people think they’d be able to identify scam emails while shopping online. 87% of respondents said they felt secure while shopping online, while 73% ...

Thousands of Stolen Credentials Accessible via Google Search as Cybercriminals Accidentally Make Them Public

Jan 22, 2021 11:39:25 AM By Stu Sjouwerman

A publishing goof by cybercriminals on a WordPress site made files containing stolen passwords indexable by Google and were subsequently publicly available via search.

Security Awareness Training Blog

Phishing Blog

View Topics