Phishing Attacks Can Come from an Unlimited Number of Trusted Phishing Sites Thanks to Google App Engine

Oct 29, 2020 5:19:40 PM By Stu Sjouwerman

Scammers are taking advantage of Google’s Trust Service Verification and the way their App Engine creates unique URLs to host trusted landing pages used in phishing scams.

Don't Neglect the Threat of Vishing

Oct 29, 2020 8:18:11 AM By Stu Sjouwerman

People need to help raise awareness about voice phishing scams, or vishing, according to Paul Ducklin at Naked Security. While phone scams have been around for years, they remain ...

Nearly Half of the World’s Workers Don’t Know What a Mobile Phishing Attack Is

Oct 28, 2020 8:32:51 AM By Stu Sjouwerman

As organizations look for permanent solutions to operate using a remote workforce, users continue to elevate the risk of cyberattack by not worrying about cybersecurity.

New Qbot Phishing Attack Pretends to be Windows Defender to Trick Its Victims

Oct 28, 2020 8:24:39 AM By Stu Sjouwerman

One of the most dangerous pieces of malware is back with a new campaign that takes advantage of social engineering techniques to look convincing enough to fool your users.

Researchers Discover Most Microsoft 365 Admins Don't Enable Multi-Factor Authentication

Oct 27, 2020 12:31:02 PM By Stu Sjouwerman

Researchers from CoreView recently discovered that 97% of all total Microsoft 365 users do not utilize multi-factor authentication (MFA). A staggering 78% of Microsoft 365 admins do not ...

[NEW BOOK] Hacking Multi-Factor Authentication

Oct 27, 2020 8:58:07 AM By Roger Grimes

I’m excited to announce the release of my 12th book, Hacking Multifactor Authentication.

[HEADS UP] Remote Workers Disregard Security Awareness Training

Oct 27, 2020 8:55:41 AM By Stu Sjouwerman

According to new research from Mimecast, remote workers are increasingly putting their organizations at risk by failing to follow security awareness training best practices.

All Con, All the Way Down: Bad Guys Spoof Phishing Link Hover Texts

Oct 26, 2020 8:00:00 AM By Eric Howes

At the heart of almost every phishing email is a spoof. In malicious emails spoofing is the art of deceptively imitating something or someone trusted by users in order to gain their ...

[HEADS UP] Cybercriminal Sells Info on 186 Million U.S. Voters

Oct 23, 2020 12:56:46 PM By Stu Sjouwerman

In a recent report by NBC News, cybersecurity company TrustWave found a bad guy selling voter registration data on 186 million Americans.

The Ultimate Cyber Security Tip

Oct 23, 2020 8:12:41 AM By Javvad Malik

It’s Cyber Security Awareness Month, and the security advice is flowing out from all corners of the web to advise your users on remaining secure. However, all this information can be ...

[HEADS UP] Australia Warns Citizens of JobKeeper Phishing Email

Oct 22, 2020 9:45:43 AM By Stu Sjouwerman

The Australian Taxation Office has advised Australians to delete a particular email and to not provide any personal information.

Middle Management is the Next Target for Phishing Attacks

Oct 22, 2020 8:23:11 AM By Stu Sjouwerman

Mid-level managers need to be particularly wary of targeted phishing attacks, according to Jenn Gast at INKY. Gast explains that criminals can easily conduct open-source research on a ...

[On-Demand] Lessons Learned: An IT Pro’s Experience Building his Last Line of Defense

Oct 22, 2020 7:00:00 AM By Stu Sjouwerman

This is the true story of an IT Manager who was tired of his users clicking everything and wanted to teach them a lesson… in a good way.

Notes on Social Engineering, and What to Do About It

Oct 21, 2020 8:24:50 AM By Stu Sjouwerman

Phishing attacks are growing in prevalence during the pandemic, according to David Dufour, Vice President of Engineering and Cybersecurity at Webroot. Webroot’s recent threat report ...

Threat Actors Take Advantage of Exchange Online and Outlook on the Web with New Levels of Sophistication

Oct 20, 2020 8:29:36 AM By Stu Sjouwerman

New insight from Accenture Security highlights specific ways attackers are changing their tactics to make Microsoft’s email platform a tool rather than an obstacle for phishing attacks.

The Risk of Redirector Domains in Phishing Attacks

Oct 19, 2020 8:25:03 AM By Stu Sjouwerman

Researchers at GreatHorn warn that a large-scale phishing campaign is using open redirects to evade email security filters. Open redirects allow attackers to take a URL from a ...

The Secret to This Email Phishing Campaign is Volume

Oct 15, 2020 8:24:12 AM By Stu Sjouwerman

FireEye says a newly characterized cybercriminal gang, FIN11, has been launching widespread email phishing campaigns for the past four years. The group isn’t particularly sophisticated, ...

Q3 2020 Top-Clicked Phishing Subjects: Coronavirus-Related Attacks Still Prevalent [INFOGRAPHIC]

Oct 15, 2020 8:00:00 AM By Stu Sjouwerman

KnowBe4's latest quarterly report on top-clicked phishing email subjects is here. These are broken down into three different categories: social media related subjects, general subjects, ...

Fake Social Media Verification Scams Are the Gateway to Something Much More Sinister

Oct 14, 2020 3:27:01 PM By Stu Sjouwerman

Using copyright violation threats or the lure of obtaining a blue checkmark to verify your account, the latest scams easily trick victims out of their social media credentials.

FINRA Yet Again Becomes the Impersonated Brand at the Center of Phishing Attacks on Brokerage Firms

Oct 14, 2020 3:24:23 PM By Stu Sjouwerman

A mix of domain, phishing emails, a dash of social engineering, and a survey are the recipe for a simple and yet effective campaign targeting the financial sector.

Security Awareness Training Blog

Phishing Blog

View Topics