Legitimate Services, but still Hook, Line, and Sinker

Sep 8, 2020 7:03:00 AM By Stu Sjouwerman

A malware distribution campaign is abusing organizations’ contact forms to send malicious emails designed to catch the attention of companies’ customer support personnel. The attackers ...

The New Version of Qbot Trojan Steals Damn Near Everything, Hijacks Email Threads to Spread Infection

Sep 8, 2020 7:01:00 AM By Stu Sjouwerman

Originally seen all the way back in 2008, this banking trojan is continuously being developed. Its latest iteration is downright nasty and has already infected 5% of all organizations ...

Users Are Still Falling for Phishing Attacks. Want to Know Why?

Sep 8, 2020 7:00:00 AM By Stu Sjouwerman

With phishing and spear phishing so prevalent as the primary initial attack vector for malware, ransomware, and data breach attacks, why aren’t users getting wise.

[Heads Up] My Name Is Being Used In Criminal Identity Theft Attacks At The Moment

Sep 5, 2020 11:07:10 AM By Stu Sjouwerman

There is an old Dutch expression: "High trees catch a lot of wind". Well. once you get in the public eye there is definitely the effect you become a bigger target of identity theft. In ...

New Phishing Attack Uses a Compromised Vendor Account and Box to Elude Detection

Sep 3, 2020 8:31:01 AM By Stu Sjouwerman

Using legitimate email accounts is a great way for phishing emails to avoid being identified. Hosting malicious files on Box is another. Put them together and this attack reaches your ...

New Botnet Promising Free Shoes as Phishbait

Sep 2, 2020 8:34:26 AM By Stu Sjouwerman

Researchers at WhiteOps warn that a family of malicious Android apps are spreading a new ad-fraud botnet by promising free shoes and other products to users who install the apps. The ...

How to Defend Against Phishes Coming from Trusted Partners

Aug 31, 2020 9:54:51 AM By Roger Grimes

One of the most frequent concerns I hear from IT security practitioners and CISOs is the rise of phishing attacks coming from compromised trusted partners and contractors. The attackers ...

Phishing with Slack-Files.com: Bad Guys Find Yet Another Free Host for Malicious Files

Aug 31, 2020 9:44:00 AM By Eric Howes

Slack, the ubiquitous communication and collaboration platform, has been getting more and more attention over the past few months as a potential phishing platform and target for malicious ...

QBot is Back With New Phishing Tricks

Aug 31, 2020 8:22:24 AM By Stu Sjouwerman

Researchers at Check Point warn that the QBot banking Trojan now has the ability to hijack email threads on infected devices and send malicious emails to the victim’s contacts. The ...

Recent Phishing Scam Sends Uncertain Employment and Bogus Layoff Notices

Aug 26, 2020 8:29:00 AM By Stu Sjouwerman

Scammers have been exploiting people’s fears by posing as HR employees and sending emails informing recipients that they’ve been laid off, according to Kaspersky’s spam and phishing ...

Watch Out! Cybersecurity and Infrastructure Security Agency Warn of New VBA Attack Designed to Deploy KONNI Remote Administration Tool

Aug 25, 2020 10:42:10 AM By Stu Sjouwerman

A new alert from CISA outlines just how dangerous and intrusive the KONNI malware is in organizations that fall for phishing attacks using Word attachments with malicious VBA code.

New Vishing Attacks Pretend to Be Internal IT to Scam Users from Financial Firms Out of Their Credentials

Aug 25, 2020 10:34:04 AM By Stu Sjouwerman

Dozens of banks, cryptocurrency exchanges, and web hosting firms have experienced vishing attacks aimed at eventually stealing cryptocurrency from high net-worth customers.

[HEADS UP] There's No Beta for Cyberpunk 2077

Aug 25, 2020 8:26:54 AM By Stu Sjouwerman

Scammers are sending phishing emails purporting to offer beta access to the highly anticipated video game Cyberpunk 2077, Eurogamer reports. These scams have been occurring for at least a ...

Phishing Summit - Mitigation, Forensics and Eye-opening Phishing Research

Aug 25, 2020 7:00:00 AM By Stu Sjouwerman

Looks like things are getting crazier by the month, right? The recent Twitter attack shows that all organizations are susceptible to social engineering attacks. Unfortunately, very few ...

An Embarrassment of Riches: Malicious Actors Target AWS Accounts

Aug 24, 2020 8:26:26 AM By Eric Howes

Amazon is an obvious target for malicious actors looking to leverage the trust and authority enjoyed by a widely known online service or brand in malicious emails and social engineering ...

Conversations with a Phisher

Aug 24, 2020 8:20:51 AM By Stu Sjouwerman

Phishing campaigns display varying levels of sophistication depending on how much time and effort the attackers are willing to invest in a particular target, according to Steven Murdoch, ...

[Heads Up] DarkSide: Sophisticated New Customized Ransomware Strain Demands Millions Of Dollars

Aug 23, 2020 9:07:16 AM By Stu Sjouwerman

Breaking News: A new ransomware operation named DarkSide began attacking organizations earlier this month with customized attacks that have already earned them million-dollar payouts. But ...

New Vishing Scam Targets Diners at London’s Prestigious Ritz Hotel

Aug 20, 2020 5:23:47 PM By Stu Sjouwerman

Aimed at stealing credit card details from restaurant patrons, this new scam feels like it’s something we’re going to hear about a lot more.

Watch Out for OAuth Phishing Attacks and How You Can Stay Safe

Aug 19, 2020 3:53:03 PM By Roger Grimes

A steadily growing phishing trend involves phishing emails which attempt to modify your OAuth permissions. Simply clicking on one Allow button or hitting ENTER by mistake can ...

Your Vishing Attack Surface Has Exploded And Voice Phishers Now Target Your Corporate VPN

Aug 19, 2020 10:34:50 AM By Stu Sjouwerman

Brian Krebs wrote: "The COVID-19 epidemic has brought a wave of email phishing attacks that try to trick work-at-home employees into giving away credentials needed to remotely access ...

Security Awareness Training Blog

Phishing Blog

View Topics