Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

Security Awareness Training Blog

Phishing Blog

Learn about current phishing techniques, notable campaigns and attacks, what to watch out for 'in the wild', and more.

View Topics

RedCurl APT Uses Spear Phishing to Conduct Corporate Espionage

Aug 18, 2020 8:26:36 AM By Stu Sjouwerman
A previously unobserved APT group called “RedCurl” has been launching cyber espionage campaigns against organizations around the world since at least 2018, according to researchers at ...
Continue Reading

YIKES: Fancy Bear Linux Rootkit

Aug 14, 2020 2:31:27 PM By Stu Sjouwerman
Heads-Up! The CyberWire staff wrote: "The US National Security Agency and Federal Bureau of Investigation yesterday issued a joint alert concerning a new malware toolset operated by ...
Continue Reading

43,000+ NHS Staff Hit With Phishing Emails Since March

Aug 14, 2020 11:27:25 AM By Stu Sjouwerman
A Freedom of Information (FOI) request revealed that over 43,000 National Health Service (NHS) staff have had phishing emails slip through the cracks and into their inboxes in the past ...
Continue Reading

COVID-Themed Phishing Scams Are on Their Way Out While Some Scammers Use a Vaccine as a Last-Ditch Effort

Aug 13, 2020 2:33:47 PM By Stu Sjouwerman
The latest data on COVID-related phishing scams from security researchers at CheckPoint comes with some good news and insightful trends that may help keep you secure.
Continue Reading

FOLLOWUP: Small Business Administration Phishing Campaign

Aug 13, 2020 8:46:59 AM By Eric Howes
On Wednesday August 12 the Dept. of Homeland Security issued an alert concerning a phishing campaign using malicious spoofs of the Small Business Administration's (SBA) web site. The ...
Continue Reading

Phishing Golden Hour

Aug 12, 2020 6:08:44 PM By Roger Grimes
In emergency healthcare settings, the “golden hour” is the time between when a patient suffering a life threatening event (e.g., heart attack, stroke, aneurysm, etc.) is most likely to ...
Continue Reading

My lazy Sunday afternoon was interrupted...

Aug 12, 2020 5:19:33 PM By Stu Sjouwerman
My lazy Sunday afternoon was interrupted with what appeared to be a prank, a social engineering attempt, or something else that remains to be identified.
Continue Reading

Paying the Ransom After a Ransomware Attack May Become More Complicated, Thanks to the U.S. Treasury

Aug 12, 2020 4:10:51 PM By Stu Sjouwerman
With many organizations considering to pay the ransom should they experience an attack, new guidance from the U.S. Treasury may put a damper on an organization’s ability to pay.
Continue Reading

[Heads Up] Apparently Slack Phishing Got So Bad They Had To Do Something About It

Aug 12, 2020 10:09:15 AM By Stu Sjouwerman
Slack has announced a slew of new security features, certificates and integrations, including a verification system that adds an additional layer to protect against phishing scams.
Continue Reading

Cybercriminals Target Execs in Microsoft 365 Credential Attack to Launch Internal BEC Scams

Aug 11, 2020 9:30:40 AM By Stu Sjouwerman
A new phishing attack spotted in the wild by security researchers at Trend Micro demonstrates how compromised data in an initial cyberattack is purposed in subsequent attacks.
Continue Reading

SBA Phishing: Malicious Actors "Return to Roots" in the Hunt for Money

Aug 10, 2020 10:55:00 AM By Eric Howes
By Eric Howes, KnowBe4 Principal Lab Researcher. The COVID-19 pandemic continues to dominate news headlines as well as the development of malicious email attacks designed to separate ...
Continue Reading

The U.N. counterterrorism chief says a 350% increase in phishing websites was reported in Q1 2020

Aug 7, 2020 4:14:05 PM By Stu Sjouwerman
UNITED NATIONS -- A 350% increase in phishing websites was reported in the first quarter of the year, many targeting hospitals and health care systems and hindering their work responding ...
Continue Reading

Ransomware Payments Increase by a Massive 60% as Email Phishing Rises in Frequency as Primary Attack Vector

Aug 7, 2020 9:30:23 AM By Stu Sjouwerman
The newest ransomware data paints a pretty bleak picture for organizations with “big game” attacks and six- and seven-figure ransom demands becoming the norm.
Continue Reading

Leaked U.S.-UK Trade Documents Show How Devastating Compromised Email Can Be

Aug 6, 2020 4:15:57 PM By Stu Sjouwerman
An ongoing criminal investigation highlights how classified documents stolen by Russian hackers from former U.K. trade minister Liam Fox may have been used to impact the British 2019 ...
Continue Reading

Explosion of Zoom Meeting Phishing Attacks Over Spring and Summer of 2020 and Targeting Office365 and Outlook Credentials

Aug 5, 2020 8:44:18 AM By Stu Sjouwerman
Researchers at INKY have observed an “explosion” of Zoom-themed phishing attacks over the Spring and Summer of 2020. Most of the attacks are aimed at stealing credentials to services like ...
Continue Reading

Hacked High-Profile Twitter Accounts Are Used to Promote a Cryptocurrency Scam

Aug 5, 2020 8:29:43 AM By Stu Sjouwerman
Using the theme of partnering with a made up COVID-19 non-profit, the latest hack on twitter allowed some pretty prominent accounts to be used as pawns in a scam that netted $120K.
Continue Reading

New U.K. Phishing Scam uses a £400 Tax Cut as Bait

Aug 5, 2020 8:24:40 AM By Stu Sjouwerman
Pretending to be the U.K. Governments’ Digital Service Team, this latest COVID-related phishing attack seeks to con victims out of their credit card details.
Continue Reading

Netflix Phishing Attack Hides Behind a Functional CAPTCHA Page to Avoid Detection

Aug 5, 2020 8:21:36 AM By Stu Sjouwerman
In an interesting twist, cybercriminals utilize a well-known technology to keep security solutions from identifying a “failed payment” email as being fraudulent.
Continue Reading

Is it a Quiz Scam? Is it Bad? Is it Back With a Vengeance?

Aug 4, 2020 8:34:36 AM By Stu Sjouwerman
The answer to all three questions would seem to be, "yes." Quiz scams have become widespread over the past year, but they’ve gone largely unremarked, researchers at Akamai have found. ...
Continue Reading

Phishing Kits Continue to be Popular With Cybercrime Due to New User-Friendly and Sophisticated Features

Aug 3, 2020 8:34:01 AM By Stu Sjouwerman
Phishing kits continue to grow more user-friendly and sophisticated, according to a new report from ZeroFOX. The report explains that these kits have become a fixed feature in the ...
Continue Reading
Subscribe

Search Our Blog


Comprehensive Anti-Phishing Guide

Subscribe To Our Blog

Posts By Topic

View all

Get the latest about social engineering

Subscribe to CyberheistNews