What’s the Information Stolen in a Phishing Attack Really Worth?

Sep 29, 2020 11:17:39 AM By Stu Sjouwerman

Once a scammer tricks their victim out of web credentials, credit card details, or online access to a bank account, the details collected are worth plenty by simply selling them on the ...

Spike in Emotet Attacks Against Government Agencies Seen Around the Globe in September

Sep 29, 2020 11:13:01 AM By Stu Sjouwerman

Attacks involving what is arguably the world’s most dangerous malware are on the rise, with reports from the cybersecurity agencies in Japan, New Zealand, and France.

The 2020 Election is Expected to be the Next Big Theme for Cyber Attacks

Sep 29, 2020 11:10:29 AM By Stu Sjouwerman

As the bad guys look for new ways to wreak havoc, cybersecurity experts at NTT global predict attacks pre-, during, and post-election should be expected.

Phishing Campaign Goes After AT&T Employees’ MFA Codes

Sep 29, 2020 8:22:37 AM By Stu Sjouwerman

A phishing campaign is targeting AT&T employees and contractors with a well-crafted fake login page, according to Luke Leal at Sucuri. The phishing page is a near-exact replica of ...

Cyberattacks Targeting State and Local Government Increase by 50%

Sep 24, 2020 11:00:25 AM By Stu Sjouwerman

State, local, tribal, and territorial government agencies and municipalities are under attack. Observations and data from security vendor BlueVoyant highlight the attacks and the results.

Tribune Publishing apologizes for fake bonus offer in phishing-simulation email

Sep 24, 2020 10:29:04 AM By Stu Sjouwerman

Yesterday at the end of the day, I was called by our PR team who got alerted by tech support about a Twitter post that was going viral. Turns out a custom phishing test created by one of ...

Abusing App Engine to Automate Phishing

Sep 24, 2020 8:30:09 AM By Stu Sjouwerman

Attackers can abuse a feature in Google App Engine to generate unlimited phishing URLs, BleepingComputer reports. Security researcher Marcel Afrahim found that App Engine URLs that ...

Credential Stuffing to Stuff the Ballot Box

Sep 22, 2020 10:20:17 AM By Stu Sjouwerman

Advanced nation-state actors and petty criminals are both leveraging credential-stuffing attacks to hack into victims’ accounts, according to Byron Acohido, writing for Avast. Rather than ...

Bitcoin Millionaire Loses $16 Million to a Compromised Wallet and Simple Social Engineering

Sep 18, 2020 7:01:00 AM By Stu Sjouwerman

This brief tale of misfortune shows how unpatched software and letting your guard down – especially when $16 million is on the line – can be all that’s needed for a successful scam.

Beware of Fake Forwarded Phishes

Sep 17, 2020 3:29:13 PM By Roger Grimes

There are many specific, heightened challenges of spear phishing emails coming from compromised, trusted third parties. Trusted third-party phishing emails usually come from the ...

When Phishing And Disinformation Meet

Sep 16, 2020 8:49:42 AM By Stu Sjouwerman

The Insider reported that QAnon is co-opting a USPS phishing scam, and claim the Vishing text messages are linked to human trafficking. "A viral [text] phishing scheme is targeting people ...

How to Become a Harder Target From Malicious Threat Actors

Sep 16, 2020 8:30:35 AM By Stu Sjouwerman

The US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has issued an advisory regarding threat actors associated with China’s Ministry of State ...

High-Profile Caper Spawns Phishing Campaign

Sep 15, 2020 8:31:04 AM By Stu Sjouwerman

A phishing campaign is using the recent Twitter hack as phishbait, HackRead reports. In mid-July, hackers used social engineering against Twitter employees to gain access to more than a ...

Funds Transfer Fraud Has Increased 35% Since the Onset of COVID-19

Sep 14, 2020 10:49:30 AM By Stu Sjouwerman

With reported losses from thousands of dollars to well over $1 million, funds transfer fraud represents 27% of cyber insurance claims in 2020.

Business Email Compromise attacks increase 67% Leading to Fraud, Ransomware, and Data Breaches

Sep 14, 2020 10:34:13 AM By Stu Sjouwerman

Involved in 60% of cybersecurity insurance claims, Business Email Compromise (BEC) is growing in interest by cybercriminals as the initial malicious action as part of a larger attack.

CISA’s Advice on Countering Phishing

Sep 14, 2020 10:19:06 AM By Stu Sjouwerman

The US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has published an advisory on best practices to thwart email-based phishing attacks. The ...

They're Back: Bad Guys Spoof KnowBe4 Again

Sep 9, 2020 8:19:57 AM By Eric Howes

Earlier this week customers using the Phish Alert Button (PAB) began reporting yet another round of spoofed KnowBe4 security awareness training emails. The emails reported are fairly ...

Email and SMS Phishing Campaign Impersonates Lloyds Bank

Sep 8, 2020 8:33:04 AM By Stu Sjouwerman

A convincing phishing campaign is targeting customers of Lloyds Bank, Infosecurity Magazine reports. Law practice Griffin Law warns that more than 100 people have reported receiving ...

Legitimate Services, but still Hook, Line, and Sinker

Sep 8, 2020 7:03:00 AM By Stu Sjouwerman

A malware distribution campaign is abusing organizations’ contact forms to send malicious emails designed to catch the attention of companies’ customer support personnel. The attackers ...

The New Version of Qbot Trojan Steals Damn Near Everything, Hijacks Email Threads to Spread Infection

Sep 8, 2020 7:01:00 AM By Stu Sjouwerman

Originally seen all the way back in 2008, this banking trojan is continuously being developed. Its latest iteration is downright nasty and has already infected 5% of all organizations ...

Security Awareness Training Blog

Phishing Blog

View Topics