Users Are Still Falling for Phishing Attacks. Want to Know Why?

Sep 8, 2020 7:00:00 AM By Stu Sjouwerman

With phishing and spear phishing so prevalent as the primary initial attack vector for malware, ransomware, and data breach attacks, why aren’t users getting wise.

[Heads Up] My Name Is Being Used In Criminal Identity Theft Attacks At The Moment

Sep 5, 2020 11:07:10 AM By Stu Sjouwerman

There is an old Dutch expression: "High trees catch a lot of wind". Well. once you get in the public eye there is definitely the effect you become a bigger target of identity theft. In ...

New Phishing Attack Uses a Compromised Vendor Account and Box to Elude Detection

Sep 3, 2020 8:31:01 AM By Stu Sjouwerman

Using legitimate email accounts is a great way for phishing emails to avoid being identified. Hosting malicious files on Box is another. Put them together and this attack reaches your ...

New Botnet Promising Free Shoes as Phishbait

Sep 2, 2020 8:34:26 AM By Stu Sjouwerman

Researchers at WhiteOps warn that a family of malicious Android apps are spreading a new ad-fraud botnet by promising free shoes and other products to users who install the apps. The ...

How to Defend Against Phishes Coming from Trusted Partners

Aug 31, 2020 9:54:51 AM By Roger Grimes

One of the most frequent concerns I hear from IT security practitioners and CISOs is the rise of phishing attacks coming from compromised trusted partners and contractors. The attackers ...

Phishing with Slack-Files.com: Bad Guys Find Yet Another Free Host for Malicious Files

Aug 31, 2020 9:44:00 AM By Eric Howes

Slack, the ubiquitous communication and collaboration platform, has been getting more and more attention over the past few months as a potential phishing platform and target for malicious ...

QBot is Back With New Phishing Tricks

Aug 31, 2020 8:22:24 AM By Stu Sjouwerman

Researchers at Check Point warn that the QBot banking Trojan now has the ability to hijack email threads on infected devices and send malicious emails to the victim’s contacts. The ...

Recent Phishing Scam Sends Uncertain Employment and Bogus Layoff Notices

Aug 26, 2020 8:29:00 AM By Stu Sjouwerman

Scammers have been exploiting people’s fears by posing as HR employees and sending emails informing recipients that they’ve been laid off, according to Kaspersky’s spam and phishing ...

Watch Out! Cybersecurity and Infrastructure Security Agency Warn of New VBA Attack Designed to Deploy KONNI Remote Administration Tool

Aug 25, 2020 10:42:10 AM By Stu Sjouwerman

A new alert from CISA outlines just how dangerous and intrusive the KONNI malware is in organizations that fall for phishing attacks using Word attachments with malicious VBA code.

New Vishing Attacks Pretend to Be Internal IT to Scam Users from Financial Firms Out of Their Credentials

Aug 25, 2020 10:34:04 AM By Stu Sjouwerman

Dozens of banks, cryptocurrency exchanges, and web hosting firms have experienced vishing attacks aimed at eventually stealing cryptocurrency from high net-worth customers.

[HEADS UP] There's No Beta for Cyberpunk 2077

Aug 25, 2020 8:26:54 AM By Stu Sjouwerman

Scammers are sending phishing emails purporting to offer beta access to the highly anticipated video game Cyberpunk 2077, Eurogamer reports. These scams have been occurring for at least a ...

Phishing Summit - Mitigation, Forensics and Eye-opening Phishing Research

Aug 25, 2020 7:00:00 AM By Stu Sjouwerman

Looks like things are getting crazier by the month, right? The recent Twitter attack shows that all organizations are susceptible to social engineering attacks. Unfortunately, very few ...

An Embarrassment of Riches: Malicious Actors Target AWS Accounts

Aug 24, 2020 8:26:26 AM By Eric Howes

Amazon is an obvious target for malicious actors looking to leverage the trust and authority enjoyed by a widely known online service or brand in malicious emails and social engineering ...

Conversations with a Phisher

Aug 24, 2020 8:20:51 AM By Stu Sjouwerman

Phishing campaigns display varying levels of sophistication depending on how much time and effort the attackers are willing to invest in a particular target, according to Steven Murdoch, ...

[Heads Up] DarkSide: Sophisticated New Customized Ransomware Strain Demands Millions Of Dollars

Aug 23, 2020 9:07:16 AM By Stu Sjouwerman

Breaking News: A new ransomware operation named DarkSide began attacking organizations earlier this month with customized attacks that have already earned them million-dollar payouts. But ...

New Vishing Scam Targets Diners at London’s Prestigious Ritz Hotel

Aug 20, 2020 5:23:47 PM By Stu Sjouwerman

Aimed at stealing credit card details from restaurant patrons, this new scam feels like it’s something we’re going to hear about a lot more.

Watch Out for OAuth Phishing Attacks and How You Can Stay Safe

Aug 19, 2020 3:53:03 PM By Roger Grimes

A steadily growing phishing trend involves phishing emails which attempt to modify your OAuth permissions. Simply clicking on one Allow button or hitting ENTER by mistake can ...

Your Vishing Attack Surface Has Exploded And Voice Phishers Now Target Your Corporate VPN

Aug 19, 2020 10:34:50 AM By Stu Sjouwerman

Brian Krebs wrote: "The COVID-19 epidemic has brought a wave of email phishing attacks that try to trick work-at-home employees into giving away credentials needed to remotely access ...

U.K. National Health Service Targeted with Over 40,000 Email Scams Aimed at Stealing Patient Data

Aug 18, 2020 4:49:59 PM By Stu Sjouwerman

The last few months have been very busy for cyber attackers targeting the NHS, as the number of phishing emails reported within the NHS shows a continual barrage of attacks.

Phishing Site Takes Brand Impersonation to a Whole New Level Pretending to be FINRA

Aug 18, 2020 4:47:31 PM By Stu Sjouwerman

Most scammers simply grab a company logo, or perhaps a logon page to make it appear like the website used as part of a scam is legitimate. But how about an entire website?

Security Awareness Training Blog

Phishing Blog

View Topics