Security Awareness Training Blog

Phishing Blog

Learn about current phishing techniques, notable campaigns and attacks, what to watch out for 'in the wild', and more.

“Operation Endgame” Ends with the Arrest of 4 Cybercriminal Suspects and 100 Servers

Coordinated efforts between law enforcement agencies across nine countries has resulted in a major disruption of a threat group’s malware and ransomware operations.
Continue Reading

Email Compromise Continues to Dominate as Top Threat Incident Type as Tactics Evolve

As email compromise attacks increase, analysis of tactics provides context on how organizations need to evolve their defenses.
Continue Reading

[NEW RESEARCH]: KnowBe4’s 2024 Phishing by Industry Benchmarking Report Reveals that 34.3% of Untrained End Users Will Fail a Phishing Test

The prevalence of cyber crime continues to soar, victimizing individuals in both their work and private lives. Cybercriminals are indiscriminate, targeting around the clock and across the ...
Continue Reading

Russia’s Military Intelligence Service Launches Spear Phishing Attacks

Researchers at Recorded Future warn that BlueDelta, a threat actor tied to Russia’s GRU, is launching spear phishing attacks against European defense and transportation entities.
Continue Reading

New Transparent Phishing Attacks Leverage Cloudflare Worker Serverless Computing

An increasing number of phishing campaigns from several threat groups are being tracked as they leverage legitimate Cloudflare services as part of account compromise attacks.
Continue Reading

The Hard Evidence That Phishing Training and Testing Really Works Great

Security awareness training (SAT) and simulated phishing works to significantly reduce cybersecurity risk. We have the data, customer testimonials and government recommendations to prove ...
Continue Reading

Threat Actor Void Manticore Uses Cyber Weapon “Wipers” to Destroy Data and Systems

This Pro-Hamas hacktivist group has updated their payload arsenal to include updated versions of their BiBi Wiper malware, and two new wiper variants.
Continue Reading

China Threat Actor Targeting African and Caribbean Entities With Spear Phishing Attacks

The China-aligned threat actor “Sharp Dragon” is launching spear phishing attacks against government entities in African and Caribbean countries, according to researchers at Check Point.
Continue Reading

[FedRAMP Phishing Rule]: "Users are the last line of defense and should be tested."

If you want to sell cloud-based software to the U.S. Government, you need to be FedRAMP authorized. This is what they state in their Program Overview:
Continue Reading

As Many as 1 in 7 Emails Make it Past Your Email Filters

Fluctuations in consecutive quarterly reports demonstrates that organizations should be worried that their cyber defenses may not be strong enough to stop phishing attacks.
Continue Reading

New Research Finds Phishing Scams Targeting Popular PDF Viewer

Several phishing campaigns are targeting users of the Foxit PDF Reader, according to researchers at Check Point. Foxit is a popular alternative to Adobe Acrobat Reader for viewing PDF ...
Continue Reading

UK Cybersecurity Org Offers Advice for Thwarting BEC Attacks

The UK’s National Cyber Security Centre (NCSC) has issued guidance to help medium-sized organizations defend themselves against business email compromise (BEC) attacks, especially those ...
Continue Reading

Newly Updated Grandoreiro Banking Trojan Distributed Via Phishing Campaigns

Researchers at IBM X-Force are tracking several large phishing campaigns spreading an updated version of the Grandoreiro banking trojan.
Continue Reading

Cyber Insurance Claims Rise Due To Phishing and Social Engineering Cyber Attacks

New data covering cyber insurance claims through 2023 shows claims have increased while reaffirming what we already know: phishing and social engineering are the real problem.
Continue Reading

New Threat Report Finds Nearly 90% of Cyber Threats Involve Social Engineering

Analysis of over 3.5 billion attacks provides insight into where threat actors are placing their efforts and where you should focus your cyber defenses.
Continue Reading

Black Basta Ransomware Uses Phishing Flood to Compromise Orgs

Rapid7 reports an interesting social engineering scheme that easily bypasses content filtering defenses and creatively uses a fake help desk to supposedly “help” users put down the attack.
Continue Reading

Phishing and Pretexting Dominate Social Engineering-Related Data Breaches

New data shows that despite the massive evolution of the cybercrime economy, threat actors are sticking with the basics in social engineering attacks, with a goal at stealing data.
Continue Reading

FBI Warns of AI-Assisted Phishing Campaigns

The US Federal Bureau of Investigation’s (FBI’s) San Francisco division warns that threat actors are increasingly using AI tools to improve their social engineering attacks.
Continue Reading

How Come Unknown Attack Vectors are Surging in Ransomware Infections?

Trend analysis of ransomware attacks in the first quarter of this year reveals a continual increase in the number of "unknown" initial attack vectors, and I think I understand why.
Continue Reading

Attackers Leveraging XSS To Make Phishing Emails Increasingly Evasive

Attackers are exploiting Reflected Cross-Site Scripting (XSS) flaws to bypass security filters, according to a new report from Vipre. This technique allows attackers to send benign links ...
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews