Is it a Quiz Scam? Is it Bad? Is it Back With a Vengeance?

Aug 4, 2020 8:34:36 AM By Stu Sjouwerman

The answer to all three questions would seem to be, "yes." Quiz scams have become widespread over the past year, but they’ve gone largely unremarked, researchers at Akamai have found. ...

Phishing Kits Continue to be Popular With Cybercrime Due to New User-Friendly and Sophisticated Features

Aug 3, 2020 8:34:01 AM By Stu Sjouwerman

Phishing kits continue to grow more user-friendly and sophisticated, according to a new report from ZeroFOX. The report explains that these kits have become a fixed feature in the ...

[HEADS UP] North Korean Cybercriminals Use Fake Recruitment Emails in Phishing Scam

Jul 31, 2020 7:00:00 AM By Stu Sjouwerman

North Korean hackers have been following that bit of social engineering wisdom to a T. According to researching from McAfee, a months long phishing campaign against aerospace and defense ...

An Old Dog with Some New Tricks

Jul 30, 2020 9:02:34 AM By Stu Sjouwerman

The Emotet botnet is now including stolen attachments in its phishing emails to increase the appearance of authenticity, BleepingComputer reports. The botnet is well-known for targeting ...

1 in 3 Employees Rarely or Never Think About Cybersecurity

Jul 29, 2020 11:36:24 AM By Stu Sjouwerman

Eye-opening data around the impact of human error demonstrates how simple user mistakes can compromise your organization’s cybersecurity posture.

Sawfish Spearphishing Attacks Continue, Prompting Password Resets on GitHub and DeepSource

Jul 29, 2020 11:34:04 AM By Stu Sjouwerman

A new wave of attacks on GitHub users via app developer DeepSource has raised concerns over access to user credentials and development code.

REvil Criminal Ransomware Syndicate Attacks Spanish State-Owned Railway Operator Again!

Jul 28, 2020 3:43:13 PM By Stu Sjouwerman

As world-wide concern continues to grow over the threat of potential attacks on critical infrastructure, REvil goes after and bites a Railway Operator once again! The Daly Swig reports ...

Vanity, Thy URL is Zoom

Jul 28, 2020 8:23:32 AM By Stu Sjouwerman

Zoom has fixed a security flaw that could have allowed attackers to launch hard-to-spot phishing attacks using the platform, according to researchers at Check Point who discovered and ...

Are Account Takeovers Driving Towards a Passwordless Future?

Jul 27, 2020 10:00:39 AM By Javvad Malik

The bad guys will try to take over accounts all the time. Logging onto someone's account with their credentials is usually a whole lot easier than trying to compromise the website ...

Voicemail-Themed Phishing Attacks on the Rise

Jul 27, 2020 8:21:37 AM By Stu Sjouwerman

Researchers at Zscaler warn of an increase in voicemail-themed phishing campaigns designed to steal credentials for enterprise applications. The emails purport to be automatically ...

[Heads up] CISA And NSA Urge “Immediate Action” To Secure National Critical Infrastructure

Jul 25, 2020 11:05:53 AM By Stu Sjouwerman

The Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) have issued a joint advisory warning that foreign hackers are targeting systems that ...

Don't Overlook Policy When Designing Security

Jul 23, 2020 8:30:53 AM By Stu Sjouwerman

There’s no single defense against phishing and other social engineering attacks, according to Kevin O’Brien, CEO and co-founder of email security company GreatHorn. On the CyberWire’s ...

Testing 1… 2… 3…

Jul 23, 2020 8:25:23 AM By Perry Carpenter

Let’s face it, very few organizations thought they’d still be in workforce limbo as we near the six-month mark of the pandemic. This situation has stretched many organizations to adopt ...

I Testified Before U.S. Congress About COVID-19 Phishing Scams

Jul 22, 2020 8:51:55 PM By Stu Sjouwerman

Yesterday, July 21, 2020 I testified before U.S. congress about COVID-19 phishing scams. I was invited by the Senate Commerce Committee's subcommittee on manufacturing, trade, and ...

“Service Desk” Phishes in Enterprise Waters

Jul 22, 2020 9:26:52 AM By Stu Sjouwerman

A phishing campaign is impersonating an IT help desk and abusing legitimate cloud services to fool users, according to Ax Sharma at BleepingComputer. The emails are sent from the ...

Emotet Returns Using Familiar Phishing Tactics

Jul 21, 2020 8:29:11 AM By Stu Sjouwerman

Emotet, the venerable commodity banking Trojan, is being actively distributed again, according to researchers at Malwarebytes. Emotet’s botnets began sending out phishing emails on July ...

New “servicedesk.com” Phishing Attack Uses Microsoft, IBM Cloud Services to Add Legitimacy

Jul 20, 2020 11:38:15 AM By Stu Sjouwerman

Focused on stealing victim credentials, this new attack uses a number of tactics to establish credibility, avoid raising red flags, and ensure they get the victim’s real credentials.

Phishing Attack in Finland Uncovers Sophisticated Smishing Scheme

Jul 20, 2020 8:51:32 AM By Stu Sjouwerman

The Helinski Police Department is investigating a sophisticated smishing scheme in which attackers were able to steal more than 200,000 euros (US$228,736), Yle reports. The scammers sent ...

Phorpiex Botnet Attacks Spike So High in June, 2% of All Organizations Were Hit

Jul 17, 2020 11:44:33 AM By Stu Sjouwerman

The rise in the use of this dangerous botnet, notorious for distributing malware via phishing campaigns and responsible for fueling Sextortion scams, should put organizations on edge.

Impermissible: Be Suspicious of Permission Requests

Jul 17, 2020 8:26:40 AM By Stu Sjouwerman

Users need to be wary of requests for information or permissions, even if they appear to come from legitimate sources, according to Don MacLennan, Senior Vice President of Engineering and ...

Security Awareness Training Blog

Phishing Blog

View Topics