Human Risk Management Blog

Phishing

Learn about current phishing techniques, notable campaigns and attacks, what to watch out for 'in the wild', and more.

[On-Demand Webinar] A Master Class on IT Security: Roger Grimes Teaches You Phishing Mitigation

Phishing attacks have come a long way from the spray-and-pray emails of just a few decades ago. Now they’re more targeted, more cunning and more dangerous. And this enormous security gap ...

[NEW FEATURE] AI-Driven Phishing Helps Admins Deliver a Personalized Simulated Phishing Experience to Each User

We are excited to announce the availability of KnowBe4’s new AI-Driven Phishing feature. The KnowBe4 phishing platform now leverages machine learning to recommend and deliver informed and ...

New IceID Phishing Attack Targets Website Owners Using Image Copyright Infringement as The Hook

Spotted by the Microsoft 365 Defender Threat Intelligence Team, this new phishing attack threatens legal action to trick victims into installing information-stealing malware.

W-2 Form Office 365 Credential Scam Creatively Uses Typeform Service to Bypass Security Checks

By creating phishing site pages using an online service for building surveys and forms, scammers figured out an original way to trick users out of their Office 365 credentials.

Cybersecurity Spend Is Now More Than 20% of the Average IT Budget As 91% of Organizations Suffering an Attack had Operations Impacted

The latest data from the Hiscox Cyber Readiness Report highlights how organizations are experiencing cyber threats and how they are responding to increase their readiness for next time.

[HEADS UP] New Malware Families Found in Phishing Campaign

Researchers from FireEye's security team found new malware families in a financial phishing campaign. The Malware strains are dubbed Doubledrag, Doubledrop, and Doubleback and have been ...

UK IT Decision Makers Fear Their Remote Workers Put Company Data at Risk for Data Breach

According to an annual survey from Apricorn, UK IT decision makers are fearing the worst as their staff continues to work in a remote environment.

May the 4th Be With You and Your Users!

May the force be with you, May the fourth be with you, may the phish not attack you. Okay, so it does not quite rhyme, but you get the idea. We reach the fourth day of the fifth month of ...

U.K. Royal Mail-related Phishing Scams Are Up 645%

New data from CheckPoint highlights how scammers are using simple shipping-related social engineering scams to trick victims into giving up personal information and credit card details.

Why Should We Care About Personal Smishing Attacks?

I am not sure what is going on these days, but for several weeks, I have received far more SMS-based phishing (i.e., smishing) attacks than usual.

Scammers Target Rogers Customers With SMS Messages

Scammers are targeting Rogers customers with text messages offering $50 refunds, according to BleepingComputer. The Canadian telecommunications provider suffered a widespread outage last ...

Researchers Warn of EtterSilent Facilitating Risky Malware Delivery

Cybercriminals are using a new malicious document builder dubbed “EtterSilent,” according to researchers at Intel 471. The builder is used to craft Microsoft Office documents with macros ...

Lazarus Group Uses New Technique to Avoid Detection

North Korea’s Lazarus group is using an interesting method to evade security measures, according to researchers at Malwarebytes. The threat actor is sending phishing emails with malicious ...

Phishing Campaign Abuses Contact Forms

Attackers are abusing websites’ contact forms to send malicious emails to the websites’ owners, according to researchers at Microsoft. The emails contain bogus copyright claims with a ...

Phishing Tactics Help Legitimate Pension Fund to Secure Meetings with Prospective Customers

Security researchers uncover a marketing campaign that takes a page from the cybercriminal phishing handbook to “trick” pensioners to have an introductory call with their fund expert.

COVID-Related Phishing Attacks Return to Mid-Pandemic Heights

New data from Palo Alto Network’s Unit42 provides a wealth of insight into specifically how cybercriminals have leveraged COVID-related theming to ensure a successful phishing attack.

[INFOGRAPHIC] Q1 2021 Report Shows Users are More Savvy to COVID-19 Phishing Scams

KnowBe4's latest quarterly report on top-clicked phishing email subjects is here. These are broken down into three different categories: social media related subjects, general subjects, ...

2021 Phishing Trends Face Alarming Predictions and Will Likely Include Automated Attacks

Researchers at INKY warn that targeted phishing attacks will continue throughout 2021, as some employees return to the office and others continue working from home. They predict that ...

[HEADS UP] DocuSign Issues Alert of Malicious New Hacking Tool

Earlier this week, DocuSign issued an alert that notified users of a new hacking tool. This tool is imitating DocuSign so then the bad guys can drop malware into victims' systems.

Australian Organizations Increase Cyber Security Spend to Nearly A$5B in 2021

The rise in cyberattacks in Australia is seeing its natural result – organisations realizing the need to put more budget focused on cybersecurity, with the largest portion going towards ...


Get the latest insights, trends and security news. Subscribe to CyberheistNews.