Security Awareness Training Blog

Phishing Blog

Learn about current phishing techniques, notable campaigns and attacks, what to watch out for 'in the wild', and more.

Half of all Remote Employees Aren’t the Slightest Bit Prepared for Cyberattacks

New data from IBM suggests that employees, their devices, training, and organizational policies are all lacking when it comes making sure remote workers don’t become a victim of ...
Continue Reading

Microsoft 365 Phishing Attacks Masterfully Use Brand Name Sites to Establish Legitimacy

New voicemail phishing scam uses legitimate branded domains from companies like Samsung and Adobe to facilitate redirects to compromised websites intent on stealing credentials.
Continue Reading

Business Email Compromise Attacks Focused on Invoice Fraud Surge by 75%

As attacks on the C-Suite decline, new data shows that employees in finance department roles are critical to the success of shifts in attack campaign strategy.
Continue Reading

See Ridiculously Easy Security Awareness Training and Phishing

Join us for a live demo on Security Awareness Training and phishing in action!
Continue Reading

A "Secure DNS" Scam: an Upgrade that's a Downgrade

A phishing campaign is targeting website owners with convincing, personalized emails that purport to come from WordPress, Naked Security reports. The emails claim that WordPress is ...
Continue Reading

COVID-19 Related Phishing Scams Target Passport Details

The Coronavirus phishing scams have only gotten more aggressive and targeted now than ever before, InfoSecurity Magazine reports. Now researchers at Griffin Law are tracking self-employed ...
Continue Reading

Australia Spending Nearly $1 Billion on Cyberdefense as China Tensions Rise

The NY Times reported some surprising numbers: "Officials promised to recruit at least 500 cyberspies and build on the country’s offensive capabilities to take the online battle overseas. ...
Continue Reading

Phishing in Irish Streams

Netflix is warning users in Ireland to be on the lookout for another phishing campaign that’s impersonating the streaming service, Extra.ie reports. The emails inform recipients that ...
Continue Reading

It's the Best of 2020! Cyber CSI: Learn How to Forensically Examine Phishing Emails to Better  Protect Your Organization

Roger Grimes' lesson on how to forensically examine phishing emails received the highest viewer rating of any webinar so far this year. In case you missed it, make sure to watch this ...
Continue Reading

New Dropbox-Based Pandemic Relief Payment Scam Targets U.K. Microsoft 365 Users, Bypassing Email Security

Using a Dropbox Transfer page, this new scam presses all the urgency buttons while eluding detection as being malicious in an effort to steal the victim’s online credentials.
Continue Reading

One Letter Away: Impersonation, Bitcoin, and Phishing Expeditions

KrebsOnSecurity reports that a phishing website has been impersonating the private messaging service Privnote.com in order to steal Bitcoin. The real Privnote is a free site that allows ...
Continue Reading

Phishing Attacks Significantly Increase in Singapore During COVID-19 Pandemic

The number of phishing attacks in Singapore to give up personal information has almost tripled in the last year and doubled during the COVID-19 pandemic, according to the Cybersecurity ...
Continue Reading

‘New VPN Configuration’ Email Tricks Microsoft 365 Users Out of Credentials

Scammers are taking advantage of the prominent use of VPNs by remote workforces to send out this very topically relevant phishing email that just wants to steal your credentials.
Continue Reading

Enterprises Experience Nearly Five Times as Many Mobile Phishing Attacks as Last Year

With every organization looking at protecting their corporate devices, the bad guys are increasingly setting their focus on one of the softest targets: the mobile device.
Continue Reading

How You Can Increase Employee Engagement with Security Awareness Training

One of the most common questions I get asked working for a security awareness training company is, how do I make employees more engaged with and care about the training? I get it. Who ...
Continue Reading

Phishing and Redirection

Researchers at Check Point have observed a phishing campaign that, to avoid detection, abused servers belonging to Adobe, Samsung, and the University of Oxford. The attackers used several ...
Continue Reading

Slack Phishing

People need to be able to use their instincts in order to spot new phishing techniques, according to Ashley Graves, a Cloud Security Researcher at AT&T Alien Labs. On the CyberWire’s ...
Continue Reading

Pyongyang's Phishing with Job Offers

An attack campaign with possible ties to North Korea’s Lazarus Group targeted aerospace and military companies in Europe and the Middle East with spear phishing attacks late last year, ...
Continue Reading

Top 12 Most Common Rogue URL Tricks

It’s nearly impossible to find an Internet scam or phishing email that doesn’t involve a malicious Uniform Resource Locator (URL) link of some type. The link either directs the user to a ...
Continue Reading

[Heads Up] North Korean State Hackers Plan a June 21 COVID-19 Phishing Attack That Targets 5 Million in Six Nations

ZDNet reported: "Singapore, Japan, and the US are amongst six nations targeted in a COVID-19 themed phishing campaign that is reportedly scheduled for June 21, during which 8,000 ...
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews