Security Awareness Training Blog

Phishing Blog

Learn about current phishing techniques, notable campaigns and attacks, what to watch out for 'in the wild', and more.

Coronavirus-Themed Simulated Phishing Templates

The following templates were added to the console this morning:
Continue Reading

Malicious IQY Files Found in Spam Campaign

Researchers at Lastline have come across a phishing campaign that’s using Internet Query (IQY) files to bypass security filters and deliver a new version of the Paradise ransomware. The ...
Continue Reading

Extreme Measures: The Epidemic of COVID-19 Phishing Emails Rages On

Since the publication of our first two blog pieces documenting the flood of Coronavirus-themed emails (see HERE and HERE), customers using the Phish Alert Button (PAB) have continued to ...
Continue Reading

U.S. Homeland Security: "Malicious Actors Expected To Focus Attacks On Teleworkers. Secure Your VPN"

The Department of Homeland Security's cybersecurity agency this week shared tips on how to properly secure enterprise virtual private networks (VPNs) seeing that a lot of organizations ...
Continue Reading

U.K. Pensions Regulator Sees 145 Percent Increase in Malicious Email Activity

The U.K. Government’s massive jump in email-based cyberattacks far outpaces even the most aggressive phishing or spam growth numbers seen this year.
Continue Reading

[Heads Up!] A Whopping 21 Percent of Phishing Attack URLs Are Not Detected As Malicious For Days After They Go Live

New data from Akamai provides insight into why phishing attacks are making it all the way to the endpoint… and why they can trick users so easily into becoming a victim.
Continue Reading

Secret Service Warning: Exploiting the Coronavirus for Fraud and Profit.

By Eric Howes,  KnowBe4 Principal Lab Researcher. On Monday of this week we published a review of the coronavirus-themed emails that had been reported to us by customers using the Phish ...
Continue Reading

A Look at Email Security in the US Healthcare Sector

90% of US healthcare organizations experienced email-based attacks in the past year, and 25% of these organizations said the attacks were extremely or very disruptive, according to a new ...
Continue Reading

Cyberattacks on MSPs Grow Exponentially as the Focus Shifts to Hold Their Customer’s Data for Ransom

Recent insight from data protection vendor Datto puts MSPs on notices to secure their own environments to protect both their business and that of their customers.
Continue Reading

Exploiting the Coronavirus: The Spammers, the Scammers, and the Bad Guys

By Eric Howes,  KnowBe4 Principal Lab Researcher. If you've been paying attention to the news over the past week or so, you've undoubtedly noticed that the majority of the stories on your ...
Continue Reading

Use Advocates to Spread Your Security Awareness Training Program

I’ve always been a big fan of train-the-trainer programs. Even if you are a great computer security consultant and trainer, there is a limit to what you, one person or one team, can do. ...
Continue Reading

February Content Update: Including Season 2 of Netflix-Style Series 'The Inside Man'

Here are a few important updates to share with you from the month of February. 
Continue Reading

New Norton LifeLock Phishing Scam Installs Remote Access Trojan

In yet another case of brand impersonation, this new phishing scam seeks out the millions of LifeLock customers and follows a seasoned infection path, with the goal being persistence and ...
Continue Reading

Did you know that KnowBe4 provides Managed Phishing Services?

You have determined the need for a mature, effective security awareness training program to make sure your employees do not fall for phishing emails or social engineering attacks. As part ...
Continue Reading

Anti-Virus, Identity Protection Phishbait

A phishing campaign is using fake NortonLifelock documents to trick victims into installing a remote access tool, according to researchers at Palo Alto Networks’ Unit 42. The documents ...
Continue Reading

KnowBe4 and Agari Announce New Partnership to Transform Phishing Protection

As market leaders, KnowBe4 and Agari have joined forces to help stop identity-based email attacks. Together, we have created a best-in-class approach to defend against phishing attacks at ...
Continue Reading

Social Security Administration Warns of Phone Scams On March 5th "Slam The Scam Day"

The Social Security Administration in Association with the Federal Trade Commission's (FTC) National Consumer Protection Week, want to remind everyone that scammers are now targeting ...
Continue Reading

Cut-and-Paste Phishbait

Naked Security describes a phishing campaign that’s convincingly spoofing emails from the online payment company Stripe. The email informs the recipient that an unknown device has logged ...
Continue Reading

None But the Lonely Heart Would Fall for an Emoji

Researchers at Malwarebytes and X-Force IRIS have come across an ongoing phishing campaign that’s using romance-themed emails to distribute the Nemty ransomware, BleepingComputer reports. ...
Continue Reading

Experts: Expect Summer Olympics-Themed Cyberattacks in the Coming Months

The business of the games will provide cybercriminals with countless options to scam participants, sponsors, and spectators using contextual details and social engineering.
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews