Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

Security Awareness Training Blog

Phishing Blog

Learn about current phishing techniques, notable campaigns and attacks, what to watch out for 'in the wild', and more.

View Topics

Like Twitter, MFA Will Not Save You!

Jul 16, 2020 1:24:50 PM By Roger Grimes
I’m sure we are all interested in the latest Twitter hack. As the author of the soon to be released Wiley book called Hacking Multifactor Authentication, I have to laugh at the “experts” ...
Continue Reading

Microsoft Warns of Application-based Phishing

Jul 16, 2020 8:38:51 AM By Stu Sjouwerman
Microsoft has issued an advisory warning about “consent phishing,” or application-based phishing attacks that rely on users granting permissions to malicious apps. These attacks aren’t as ...
Continue Reading

SEC Issues Warning on Increased Ransomware Attacks

Jul 15, 2020 2:28:04 PM By Stu Sjouwerman
The Securities and Exchange Commission, through its Office of Compliance Inspections and Examinations (OCIE), issued a warning to advisors and broker-dealers to “immediately” review their ...
Continue Reading

KnowBe4 Finds Coronavirus-Themed Phishing Spiked in Q2 2020 [INFOGRAPHIC]

Jul 15, 2020 12:35:08 PM By Stu Sjouwerman
The latest results of KnowBe4's quarterly top-clicked phishing email subjects are in. We report on three different categories: social media related subjects, general subjects, and 'in the ...
Continue Reading

Scammers Impersonate Hospital Personnel

Jul 15, 2020 8:24:41 AM By Stu Sjouwerman
Scammers are seeking to obtain personal information by impersonating Canadian hospital staff over the phone, NEWS 1130 reports. Vancouver Coastal Health issued an alert in which the ...
Continue Reading

The Bad News: Only 5% of Your Users Can Effectively Spot a Phishing Attack

Jul 14, 2020 5:02:14 PM By Stu Sjouwerman
A recent phishing quiz promoted to U.K. users to see if they could identify the phish revealed dismal results where nearly all users couldn’t tell the difference 100% of the time.
Continue Reading

DMs Promise Enhanced Pictures, but Deliver Malicious Links

Jul 14, 2020 8:21:53 AM By Stu Sjouwerman
Scammers are sending phishing messages on Instagram telling users to check out some edited versions of their photos, according to John Finn at Screen Rant. Finn explains that the scammers ...
Continue Reading

It’s Worse Than You Thought: Remote Employees Interaction with Unsafe Websites is Up 50%

Jul 13, 2020 2:08:55 PM By Stu Sjouwerman
New data shows just how frequently remote users are accessing risky web content that would normally be blocked by firewalls and other network monitoring solutions.
Continue Reading

Monkeying Around for Office 365 Credentials

Jul 13, 2020 10:40:38 AM By Stu Sjouwerman
Criminals are abusing SurveyMonkey to host redirect links to an Office 365 phishing page, researchers at Abnormal Security have found. The emails contain links to a real SurveyMonkey ...
Continue Reading

6000% Increase in Phishing Attacks Leveraging COVID-19, Healthcare Industry Often The Target

Jul 13, 2020 10:12:40 AM By Stu Sjouwerman
On July 3rd just before the holiday weekend, Mount Auburn Hospital's IT team identified suspicious activity. Alarmed, they quickly took steps to disconnect the Cambridge hospital's ...
Continue Reading

Vishing Attacks Yield Phone Fraud Take of Over $100 Million

Jul 13, 2020 7:01:00 AM By Stu Sjouwerman
While not a new tactic, vishing presents cybercriminals with an attack method that’s perfectly aligned with the pandemic shifts to remote workforces.
Continue Reading

[HEADS UP] Office 365 Phishing Attacks Now Use Fake Zoom Suspension Alerts

Jul 9, 2020 1:33:56 PM By Stu Sjouwerman
Microsoft Office 365 users are targeted by a new phishing campaign using fake Zoom notifications to warn those who work in corporate environments that their Zoom accounts have been ...
Continue Reading

Back-to-School: a Buzzkill in More Ways than One

Jul 9, 2020 9:01:39 AM By Stu Sjouwerman
40% of the top twenty universities in the US aren’t using DMARC to mitigate phishing attacks that impersonate the universities’ domains, according to researchers at Tessian. Additionally, ...
Continue Reading

Gartner: You Should Focus On These 7 Specific COVID-19 IT Security Areas

Jul 8, 2020 10:59:44 AM By Stu Sjouwerman
Gartner observed: "Rapid responses to the coronavirus pandemic leave organizations vulnerable to security breaches. Security and risk teams must remain vigilant and focus on strategic ...
Continue Reading

Microsoft Seizes Six Domains Used in Sophisticated Phishing Scheme

Jul 8, 2020 8:24:34 AM By Stu Sjouwerman
Microsoft announced that the US District Court for the Eastern District of Virginia has ruled that the company can seize six domains that were being used in a widespread phishing ...
Continue Reading

[Heads Up] The First-Ever Russian BEC Gang, Cosmic Lynx, Was Uncovered. They Spear Phish Multinational & Fortune 500 Senior Executives

Jul 7, 2020 10:13:48 AM By Stu Sjouwerman
“This is a historic shift to the global email threat landscape and portends new and sophisticated social engineering attacks that CISOs around the world must brace for now,” according to ...
Continue Reading

FakeSpy Android Malware Distributed via Smishing

Jul 7, 2020 8:29:13 AM By Stu Sjouwerman
Researchers at Cybereason are tracking a sophisticated malware campaign targeting Android devices around the world. The campaign involves a new version of the FakeSpy information-stealing ...
Continue Reading

New Calendar Invitations as Phishbait Attack Wave

Jul 6, 2020 3:19:48 PM By Stu Sjouwerman
BleepingComputer warns that cybercriminals are using calendar invites to send phishing links to Wells Fargo customers. Researchers at Abnormal Security discovered this phishing campaign ...
Continue Reading

Half of all Remote Employees Aren’t the Slightest Bit Prepared for Cyberattacks

Jul 2, 2020 10:36:53 PM By Stu Sjouwerman
New data from IBM suggests that employees, their devices, training, and organizational policies are all lacking when it comes making sure remote workers don’t become a victim of ...
Continue Reading

Microsoft 365 Phishing Attacks Masterfully Use Brand Name Sites to Establish Legitimacy

Jul 2, 2020 10:13:11 PM By Stu Sjouwerman
New voicemail phishing scam uses legitimate branded domains from companies like Samsung and Adobe to facilitate redirects to compromised websites intent on stealing credentials.
Continue Reading
Subscribe

Search Our Blog


Comprehensive Anti-Phishing Guide

Subscribe To Our Blog

Posts By Topic

View all

Get the latest about social engineering

Subscribe to CyberheistNews