Security Awareness Training Blog

Spear Phishing Blog

Learn about current spear phishing attacks, specific examples, and techniques the bad guys are currently using so your users don't fall for these attacks.

Think Tanks Targeted by APT Actors

The US Cybersecurity and Infrastructure Security Agency (CISA) and the FBI have issued a joint advisory warning that nation-state advanced persistent threat (APT) actors are targeting US ...
Continue Reading

[Heads-Up] A Hacker Is Selling Access To The Email Accounts Of Hundreds Of C-Level Executives

ZDNet's Zero Day column just reported one of the best reasons why you should step your users through new-school security awareness training yet:
Continue Reading

Nearly Half of Spear Phishing Emails Bypass Security Filters

47% of payloadless phishing emails are able to bypass the most popular secure email gateways (SEGs), according to researchers at IronScales. These are emails that don’t contain malicious ...
Continue Reading

Threat Actors Use Fake Sites for Espionage

Researchers at Volexity report that the Vietnamese threat actor OceanLotus has been using phony news and bogus activist websites to track users, or to trick them into downloading malware. ...
Continue Reading

Middle Management is the Next Target for Phishing Attacks

Mid-level managers need to be particularly wary of targeted phishing attacks, according to Jenn Gast at INKY. Gast explains that criminals can easily conduct open-source research on a ...
Continue Reading

Q3 2020 Top-Clicked Phishing Subjects: Coronavirus-Related Attacks Still Prevalent [INFOGRAPHIC]

KnowBe4's latest quarterly report on top-clicked phishing email subjects is here. These are broken down into three different categories: social media related subjects, general subjects, ...
Continue Reading

[HEADS UP] Local Boston Town Falls Victim to a Phishing Attack

According to a local news source from Boston, the Town of Franklin recently became the next victim to a phishing attack, costing over $500K.
Continue Reading

Healthcare Sector Still Sustains Phishing Campaigns

No one should take too seriously the high-minded things criminals sometimes say about how they’re restraining themselves during the pandemic, and that they’re going to avoid hitting ...
Continue Reading

[Heads Up] Scam of The Week: Watch Out For Trump COVID Disinformation

The bad guys are going to have a ball with this one. President Trump announced that he and first lady Melania are COVID Positive. This event will be used in a variety of ways through ...
Continue Reading

Beware of Fake Forwarded Phishes

There are many specific, heightened challenges of spear phishing emails coming from compromised, trusted third parties. Trusted third-party phishing emails usually come from the ...
Continue Reading

How to Become a Harder Target From Malicious Threat Actors

The US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has issued an advisory regarding threat actors associated with China’s Ministry of State ...
Continue Reading

Business Email Compromise attacks increase 67% Leading to Fraud, Ransomware, and Data Breaches

Involved in 60% of cybersecurity insurance claims, Business Email Compromise (BEC) is growing in interest by cybercriminals as the initial malicious action as part of a larger attack.
Continue Reading

Users Are Still Falling for Phishing Attacks. Want to Know Why?

With phishing and spear phishing so prevalent as the primary initial attack vector for malware, ransomware, and data breach attacks, why aren’t users getting wise.
Continue Reading

Malicious Actors & State Actors: IT Admins Targeted with Fake Warning Notice

By Eric Howes,  KnowBe4 Principal Lab Researcher. For several years both Google and Yahoo have been warning users about potential attacks on their accounts by "state actors." Indeed, ...
Continue Reading

Threat Group DeathStalker Uses PowerShell-based Implant Powersing to Hack into Financial Services Firms

Apparently focused on more intelligence gathering than taking direct malicious action against the organizations they compromise, this attack is filled with ingenuity.
Continue Reading

How to Defend Against Phishes Coming from Trusted Partners

One of the most frequent concerns I hear from IT security practitioners and CISOs is the rise of phishing attacks coming from compromised trusted partners and contractors. The attackers ...
Continue Reading

New Lazarus Spearphishing Attack on Crypto Organizations Uses a LinkedIn Job Posting as its Front

What better way to gain complete control over a crypto organization’s network that to target their sysadmin with a Job Posting and then spear phish them?
Continue Reading

RedCurl APT Uses Spear Phishing to Conduct Corporate Espionage

A previously unobserved APT group called “RedCurl” has been launching cyber espionage campaigns against organizations around the world since at least 2018, according to researchers at ...
Continue Reading

[HEADS UP] North Korean Cybercriminals Use Fake Recruitment Emails in Phishing Scam

North Korean hackers have been following that bit of social engineering wisdom to a T. According to researching from McAfee, a months long phishing campaign against aerospace and defense ...
Continue Reading

Sawfish Spearphishing Attacks Continue, Prompting Password Resets on GitHub and DeepSource

A new wave of attacks on GitHub users via app developer DeepSource has raised concerns over access to user credentials and development code.
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews