World's Largest Sovereign Wealth Fund Falls For $10m Social Engineering Attack

May 14, 2020 8:29:08 AM By Stu Sjouwerman

The Norwegian Investment Fund has been swindled out of 10 million dollars by fraudsters who pulled off a social engineering attack that the Norfund called "an advanced data breach" but ...

Watch Out for the Coming Tsunami of Mortgage Rescue Phishing Scams

May 13, 2020 8:22:43 AM By Stu Sjouwerman

At this point in time, with 10 years of phishing attack analysis under our belt, we can predict with a high reliability level what will be showing up in the near future. We see two scams ...

[HEADS UP] Coronavirus Phishing Attacks Skyrocket to 30% Increase

May 12, 2020 11:29:10 AM By Stu Sjouwerman

Scammers riding the COVID-19 wave are adapting to new scenarios as the pandemic evolves. Checkpoint recently discovered that over 192,000 coronavirus-related phishing attacks per week ...

Hacker Group Compromises the Email Accounts of More Than 150 Company’s High-Ranking Executives

May 12, 2020 10:03:18 AM By Stu Sjouwerman

The latest string of attacks leverage traditional spear-phishing techniques mixed with the use of Microsoft’s newsletter service, Sway, to trick executives into giving up their Office 365 ...

[Scam of The Week] Unemployed Americans Are Now Deceived Into Grabbing ‘Remote Jobs’ As Money Mules

May 8, 2020 2:29:50 PM By Stu Sjouwerman

There are now tens of millions of people suddenly unemployed, looking for ways to make ends meet.

Fake Zoom Downloader is the Latest Method of Attack on Remote Workers

May 7, 2020 10:33:08 AM By Stu Sjouwerman

Riding on the coattails of the massive rise in popularity in the video conference solution, remote workers new to Zoom need to be wary of where they download the installer.

Some Phishers Who Know Their Trade

May 7, 2020 8:19:31 AM By Stu Sjouwerman

Researchers at Votiro have come across well-crafted phishing emails that purport to come from UPS, FedEx, and DHL. All of the emails contain malicious Excel attachments that will install ...

What is the Right Password Policy?

May 7, 2020 8:15:00 AM By Roger Grimes

What is the right password policy? Conventional password policies say you must have a password at least 8-12 characters long…16 characters or longer if it belongs to an elevated ...

Q&A With Data-Driven Evangelist Roger Grimes on the Great Password Debate

May 6, 2020 10:03:21 AM By Roger Grimes

I get asked a lot about password policy during my travels around the globe giving presentations and from people who email after webinars. Many of the questions are the same and I’ve ...

Implausible Phishbait, But Someone May Bite

May 6, 2020 8:24:27 AM By Stu Sjouwerman

Scammers are impersonating FINRA, the Financial Industry Regulatory Authority, in an attempt to deliver malware or steal SharePoint credentials, Help Net Security reports. FINRA issued an ...

Reuters: 'State-backed hackers targeting coronavirus responders'

May 5, 2020 11:25:35 AM By Stu Sjouwerman

LONDON/WASHINGTON (Reuters) - Government-backed hackers are attacking healthcare and research institutions in an effort to steal valuable information about efforts to contain the new ...

[HEADS UP] Coronavirus in Australia: Government Warns Phishing Email Target

May 5, 2020 10:19:35 AM By Stu Sjouwerman

A phishing email has been circulating during the pandemic in Australia. Australians are being warned to look out for phishing scams during the coronavirus pandemic, with a new dodgy email ...

Medical Suppliers Targeted With Agent Tesla Infostealer

May 5, 2020 8:28:41 AM By Stu Sjouwerman

Researchers at Fortinet have identified a spear phishing campaign targeting medical suppliers with COVID-19-themed emails. The emails contain choppy grammar, but the message is clear ...

PerSwaysion: Convincing Executives to Act Against Their Own Interest

May 4, 2020 8:26:14 AM By Stu Sjouwerman

Researchers at Group-IB have discovered a sophisticated spear phishing campaign that’s targeted executives at more than 150 companies around the world since mid-2019. The researchers have ...

Half of all Breaches Start with Phishing and Social Engineering

May 4, 2020 7:03:00 AM By Stu Sjouwerman

New data shows successful attacks on internal networks, cloud environments, and POS systems all are very susceptible to this common attack vector.

The Need for Pandemic Financial Relief Spurs a Phishing Attack Impersonating the U.S. Federal Reserve

May 4, 2020 7:00:00 AM By Stu Sjouwerman

Scammers use realistic-looking emails and a well-designed website under the guise of the Paycheck Protection Program to trick victims into providing banking credentials.

Is That COVID-19 Email Legitimate or a Phish?

May 1, 2020 8:39:23 AM By Roger Grimes

It’s no surprise that phishers and scammers are using the avalanche of new information and events involving the global coronavirus pandemic as a way to successfully phish more victims. ...

[Heads Up] Microsoft: Ransomware Gangs That Don't Threaten To Leak Your Data Steal It Anyway

Apr 29, 2020 3:34:37 PM By Stu Sjouwerman

That means you can from now on count a ransomware infection as a data breach with all the consequences that this brings. Moreover, the so-called "human-operated" ransomware gangs have ...

[Click Alert] So, What Is The Phish-prone Percentage On Recent Coronavirus Phishing Tests?

Apr 28, 2020 4:37:47 PM By Stu Sjouwerman

I had some numbers run on the usage of our new, dedicated COVID-19 phishing templates to find out what the Phish-prone percentage was, since this is an unprecedented worldwide event. ...

COVID-19 Spam Delivers Remcos RAT

Apr 28, 2020 8:31:15 AM By Stu Sjouwerman

A phishing campaign is impersonating the US Small Business Administration (SBA) in an attempt to deliver the Remcos remote access Trojan, according to researchers at IBM X-Force. The ...

Security Awareness Training Blog

Phishing Blog

View Topics