Security Awareness Training Blog

Phishing Blog

Learn about current phishing techniques, notable campaigns and attacks, what to watch out for 'in the wild', and more.

Phishing Attacks in the UK Have Surged

Over 11 million phishing attacks have been reported to the UK’s Suspicious Email Reporting Service (SERS) over the past year, according to new data from Action Fraud. The UK’s National ...
Continue Reading

BEC Attacks Accounted for More Than One in Ten Social Engineering Attacks in 2023

A new report from Barracuda has found that email conversation hijacking attacks have risen by 70% since 2022. Additionally, business email compromise (BEC) attacks accounted for 10.6% of ...
Continue Reading

The Indispensable World of Red Teaming

In this mad, mad world of breaches, organizations are scrambling to keep their heads above water. It's like trying to navigate a minefield while blindfolded and riding a unicycle — one ...
Continue Reading

Brazilian Entities Increasingly Targeted by Nation-State Phishing Attacks

Mandiant has published a report looking at cyber threats targeting Brazil, finding that more than 85% of government-backed phishing activity comes from threat actors based in China, North ...
Continue Reading

The Overlooked Truth: User Experience in Cybersecurity

We live in a world where the term "cybersecurity" tends to make folks either shiver with anxiety or yawn with boredom. The narrative has always been about hacking, phishing, and all sorts ...
Continue Reading

[Heads Up] Tricky Fake Invoice Phishing Attack Uses Search to Deliver Malware

Researchers at Trustwave warn that a phishing campaign is distributing malware via HTML attachments disguised as invoices. Notably, the HTML files abuse the Windows Search protocol to ...
Continue Reading

No Politician Too Small: School Board Candidates Targeted By Phishing and BEC Scams

Cybercriminals are broadening their targets to include even local political candidates, as an escalating series of phishing attacks was recently directed at school board candidates in ...
Continue Reading

Unmasking the Threat: Why Phishing Scams are Surging in Japan

Japan has a large number of Forbes Global 2000 corporations--more than the UK, Germany, and France combined. Despite this economic strength, Japan faces an alarming and growing threat ...
Continue Reading

Phishing Campaign Targets Job Seekers With WARMCOOKIE Backdoor

A phishing campaign is impersonating recruiting firms to target job seekers with a new strain of malware, according to researchers at Elastic Security.
Continue Reading

The Global Reach of Cyber Threats: Why Security Awareness Training is More Important Than Ever

Based on news cycles within cybersecurity, it's easy to fall into the trap of thinking that threats only come from certain parts of the world or that they only target specific industries. ...
Continue Reading

Cybercriminals Use New V3B Phishing Kit to Mimic 54 Different Banks in the European Union

A new phishing-as-a-service toolkit that leverages credential interception and anti-detection capabilities has put EU banks at severe risk of fraud.
Continue Reading

Phishing With Deepfakes for HK$200 Million

My hacker story occurred not too long ago at the Hong Kong office of an undisclosed multinational corporation. The hackers pulled off a first-of-its-kind scam that leveraged a phishing ...
Continue Reading

New Research Shows An Alarming Trend of Phishing Attacks Doubling For US and European Organizations

Cybercriminals never sleep, and their aim keeps getting better. According to new research from Abnormal Security, phishing attacks targeting organizations in Europe shot up by a ...
Continue Reading

Sinister "More_eggs" Malware Cracks Into Companies by Targeting Hiring Managers

Job seekers, beware - cybercriminals have a nasty new way to slide their malicious code on corporate networks. Researchers have uncovered a devious phishing campaign that's distributing ...
Continue Reading

DarkGate Malware Being Spread Via Excel Docs Attached To Phishing Emails

A phishing campaign is spreading the DarkGate malware using new techniques to evade security filters, according to researchers at Cisco Talos.
Continue Reading

New HR-Themed Credential Harvesting Phishing Attack Uses Legitimate Signature Platform Yousign

A new phishing campaign is exploiting the eSignature platform Yousign.
Continue Reading

Bruce Schneier: "AI Will Increase the Quantity—and Quality—of Phishing Scams"

Wow. It does not happen often that the godfather of infosec comes out this strong about phishing risks. He co-published new research in the Harvard Business Review May 30, 2024, which in ...
Continue Reading

Nearly Three-Quarters of Organizations Were the Target of Attempted Business Email Compromise Attacks

New data highlights just how dangerous Business Email Compromise attacks are.
Continue Reading

Fighting Phishing: Everything You Can Do to Fight Social Engineering and Phishing

I have created a comprehensive webinar, based on my recent book, “Fighting Phishing: Everything You Can Do to Fight Social Engineering and Phishing”. It contains everything that KnowBe4 ...
Continue Reading

Social Engineering Scams Can Come in the Mail, Too

Social engineering scams can come through any communications channel (e.g., email, web, social media, SMS, phone call, etc.). They can even come in the mail as the Nextdoor warning below ...
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews