Security Awareness Training Blog

Phishing Blog

Learn about current phishing techniques, notable campaigns and attacks, what to watch out for 'in the wild', and more.

Exploiting the Coronavirus: The Spammers, the Scammers, and the Bad Guys

By Eric Howes, KnowBe4 Principal Lab Researcher. If you've been paying attention to the news over the past week or so, you've undoubtedly noticed that the majority of the stories on your ...
Continue Reading

Use Advocates to Spread Your Security Awareness Training Program

I’ve always been a big fan of train-the-trainer programs. Even if you are a great computer security consultant and trainer, there is a limit to what you, one person or one team, can do. ...
Continue Reading

February Content Update: Including Season 2 of Netflix-Style Series 'The Inside Man'

Here are a few important updates to share with you from the month of February.
Continue Reading

New Norton LifeLock Phishing Scam Installs Remote Access Trojan

In yet another case of brand impersonation, this new phishing scam seeks out the millions of LifeLock customers and follows a seasoned infection path, with the goal being persistence and ...
Continue Reading

Did you know that KnowBe4 provides Managed Phishing Services?

You have determined the need for a mature, effective security awareness training program to make sure your employees do not fall for phishing emails or social engineering attacks. As part ...
Continue Reading

Anti-Virus, Identity Protection Phishbait

A phishing campaign is using fake NortonLifelock documents to trick victims into installing a remote access tool, according to researchers at Palo Alto Networks’ Unit 42. The documents ...
Continue Reading

KnowBe4 and Agari Announce New Partnership to Transform Phishing Protection

As market leaders, KnowBe4 and Agari have joined forces to help stop identity-based email attacks. Together, we have created a best-in-class approach to defend against phishing attacks at ...
Continue Reading

Social Security Administration Warns of Phone Scams On March 5th "Slam The Scam Day"

The Social Security Administration in Association with the Federal Trade Commission's (FTC) National Consumer Protection Week, want to remind everyone that scammers are now targeting ...
Continue Reading

Cut-and-Paste Phishbait

Naked Security describes a phishing campaign that’s convincingly spoofing emails from the online payment company Stripe. The email informs the recipient that an unknown device has logged ...
Continue Reading

None But the Lonely Heart Would Fall for an Emoji

Researchers at Malwarebytes and X-Force IRIS have come across an ongoing phishing campaign that’s using romance-themed emails to distribute the Nemty ransomware, BleepingComputer reports. ...
Continue Reading

Experts: Expect Summer Olympics-Themed Cyberattacks in the Coming Months

The business of the games will provide cybercriminals with countless options to scam participants, sponsors, and spectators using contextual details and social engineering.
Continue Reading

Bogus Singapore Police Site Serves as a Watering Hole

The Singapore Police Force (SPF) released an advisory warning about a phishing site that’s spoofing the Force’s website, Channel News Asia reports. The bogus website informs the user that ...
Continue Reading

Nigerian Man Arrested 3 Years After $850,000 Stolen in Email Scam

The Boulder County Sheriff’s Office says a Nigerian man has been arrested more than three years after $850,000 was stolen in construction bond money from the Boulder Valley School ...
Continue Reading

Amazon Prime Phishbait: Lessons Learned

An Amazon phishing campaign is accidentally sending out links that lead straight to the attacker’s remote access console, according to Paul Ducklin at Naked Security. Ducklin explains ...
Continue Reading

[BREAKING NEWS] 'Shark' Gets Hooked for $380K in Email Phishing Scam

"Shark Tank" star Barbara Corcoran is missing nearly $400,000 Wednesday morning after her office was victimized by email scammers who used a tiny typo to gain the upper hand.
Continue Reading

Verizon: More Than Half of Users Click on Multiple Phishing Links. Social Engineering, Innovation are Responsible

The latest data from Verizon’s 2020 Mobile Security Index report shows that both consumer and business users make it all too easy for cyberattackers to fool them into becoming a victim.
Continue Reading

39 Percent of Organizations Were Victims of a Mobile Attack Despite Improved Security

Brand new data from Verizon shows businesses sacrificed when it comes to mobile security; a decision that caused compromises with impacts well-beyond just a simple breach.
Continue Reading

Why Minimizing Human Error is the Only Viable Defense Against Spear Phishing

Phishing attacks have become one of the business world's top cybersecurity concerns. These social engineering attacks have been rising over the years, with the most recent report from the ...
Continue Reading

Spamming Tools are a Commodity in the Criminal Underworld

Cheap and easy-to-use phishing kits and other social engineering tools are readily available for purchase on the black market, according to researchers at Digital Shadows. Criminals ...
Continue Reading

WSJ: "Losing $450,000 in Three Days: Hackers Trick Victims Into Big Wire Transfers"

Rachel Louise Ensign wrote a great story for the WSJ about CEO Fraud, also known by the FBI as Business Email Compromise. I'm quoting an extract and I strongly recommend sending a link to ...
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews