Human Risk Management Blog

Phishing

Learn about current phishing techniques, notable campaigns and attacks, what to watch out for 'in the wild', and more.

$1 Trillion Infrastructure Bill is the Catalyst for DOT-Impersonated Phishing Attacks Targeting Contractors

Offering targeted victim organizations an opportunity to bid on infrastructure projects, this scam seeks to harvest credentials using a new mix of tactics to evade detection.

Recent Cryptocurrency Scam Posed as “The Elon Musk Mutual Aid Fund”

A phishing campaign is pushing cryptocurrency scams posing as the “Elon Musk Mutual Aid Fund,” according to BleepingComputer. The emails have odd subject lines and content, but contain an ...

New Phishing Attack on Microsoft 365 Users Leverages Open Redirects to Avoid Detection

The use of open redirects from legitimate domains makes phishing emails that much more believable and credible, obfuscating the dangerous nature of these attacks.

That's Not the US Department of Transportation, It's a Phishing Attack

A phishing campaign is impersonating the US Department of Transportation (USDOT), according to Roger Kay at INKY. The campaign is targeting infrastructure contractors who are eager to bid ...

Social Media as Artillery Preparation for Spear Phishing

Researchers at ESTsecurity warn that a North Korean threat actor known as “Kumsong 121” is using compromised social media accounts to launch spear phishing attacks, the Daily NK reports. ...

A Look at Phishing Keywords

Researchers at Expel offer a useful list of the top keywords used in phishing emails. First on the list is the word “invoice,” which is a general term that will be relevant to most ...

The Amount of Weekly New Phishing URLs Has Grown Nearly 2.5x Since 2020

The increase in remote users mixed with a lack of adjusting to cloud-based security services likely created the perfect opportunity for cybercriminals.

Phishing for the German Bundestag

The German government has called out Russia for carrying out phishing attacks against German politicians ahead of the country’s upcoming parliamentary elections, the Associated Press ...

Windows 11 Phishbait by Active Threat Group Now Delivers Malware

Researchers at Anomali warn that the financially motivated threat group FIN7 is using Windows 11-themed phishing documents to deliver malware. The documents claim to have been created on ...

Be Wary of Unrequested Disc Images

Microsoft’s recent announcement that the new version of Microsoft Windows, Microsoft Windows 11, will be released soon is capturing headlines around the world. Microsoft will allow ...

Large Phishing Campaign Abuses Open Redirects

Researchers at Microsoft have observed a widespread phishing campaign that’s abusing open redirectors to fool users into visiting credential-harvesting pages. Open redirects are often ...

When the URL Domain Is Not Enough To Avoid a Phish

One of the most common mantras in security awareness training is “Examine the URL to determine if it points to the legitimate vendor or not!”

Cryptominers are Tricked out of Cryptocurrency Using Phishing Scams Involving the Purchase of Mining Equipment

The leveraging of Google Docs, a spoofed website, a realistic-feeling buying process, and asking for payment in cryptocurrency is all it takes to separate victims from thousands of ...

A COVID-19 Phishing Caper

A new phishing campaign is exploiting the ongoing uncertainty about company policies related to COVID-19, according to Roger Kay at INKY. The campaign uses emails that purport to come ...

Arrests in International Fraud Scheme Due to Social Engineering

Police in Romania, the Netherlands, and Ireland have arrested and charged twenty-three people accused of conducting sophisticated social engineering attacks. The organized crime group ...

Microsoft Warns of New Phishing-Turned-Vishing-Turned-Phishing Attack Aimed at Installing Ransomware

In what appears to be a phishing attack that includes a mix of emails and phone calls, Microsoft reminds us to be wary of only opening emails and attachments from known contacts.

Phishing Attacks Have Increased by 22% This Year

The volume of phishing attacks has increased 22% this year compared to the first half of 2020, according to researchers at PhishLabs.

Can the Microsoft 365 Platform Be Trusted to Stop Security Breaches?

Lax security policies, a lack of security measures and solutions in place, and an expectation that Microsoft will address any security issues is putting organizations at risk.

Attackers Use Morse Code to Encode Phishing Attachments

A phishing campaign is using morse code to encode malicious attachments in order to slip past security filters, according to researchers at Microsoft. The phishing emails contain HTML ...

The Anatomy of Smishing Attacks and How to Avoid Them

Cybercriminals and nation-state actors continue to launch smishing attacks to steal credentials and distribute malware, according to Michael Marriott, Senior Strategy and Research Analyst ...


Get the latest insights, trends and security news. Subscribe to CyberheistNews.