Security Awareness Training Blog

Spear Phishing Blog

Learn about current spear phishing attacks, specific examples, and techniques the bad guys are currently using so your users don't fall for these attacks.

By Their Poor Idiomatic Control Shall Ye Know Them

A new phishing campaign is impersonating Zoom in order to steal users’ Outlook credentials, according to researchers at GreatHorn. The attackers are using phishing URLs that spoof Zoom’s ...
Continue Reading

Phishing Targets Industrial Control Systems

Phishing continues to be a primary initial access vector in cyberattacks against industrial control systems, according to researchers at Dragos. Out of the fifteen threat groups tracked ...
Continue Reading

The DOJ Charged Two Alleged Members of North Korea’s Military Intelligence Services With a Scheme That Included Attempts to Steal $1.3 Billion Over the Past Half-Decade for Pyongyang

Two alleged members of North Korea's military intelligence services were accused of hacking banks and companies in the U.S. and several other countries. The grand total for this scheme is ...
Continue Reading

[New E-Book] Comprehensive Anti-Phishing Guide

Spear phishing emails remain a top attack vector for the bad guys, yet most companies still don’t have an effective strategy to stop them.
Continue Reading

It’s Not Only About the URL

You have to look at the totality of an email to determine whether it is a phishing attack or not.
Continue Reading

[INFOGRAPHIC] Q4 2020 Work From Home Phishing Emails on the Rise

KnowBe4's latest quarterly report on top-clicked phishing email subjects is here. These are broken down into three different categories: social media related subjects, general subjects, ...
Continue Reading

Social Engineering is a Core Element of Nearly Every Cyber Attack

As organizations look to figure out where to strengthen their cybersecurity strategy, industry data provides guidance by pointing at one of the most common aspects of cyberattacks for ...
Continue Reading

BEC Attacks Nearly Doubled in 2020

A new report from Barracuda Networks found that business email compromise (BEC) attacks have nearly doubled over the past year. These attacks made up 12% of all spear phishing attacks in ...
Continue Reading

All 200 Million Office 365 Users at Risk by a New Global Spear Phishing Attack Spoofing Microsoft.com

A new spear phishing campaign appearing to come from a microsoft.com email address is targeting organizations in critical industries that use Office 365 for email to steal credentials.
Continue Reading

Why Are You Being Phished?

People often wonder, why are they being phished? Why are they being phished by a hacker in the first place? What does their organization have that some hacker decided they were noteworthy ...
Continue Reading

Think Tanks Targeted by APT Actors

The US Cybersecurity and Infrastructure Security Agency (CISA) and the FBI have issued a joint advisory warning that nation-state advanced persistent threat (APT) actors are targeting US ...
Continue Reading

[Heads-Up] A Hacker Is Selling Access To The Email Accounts Of Hundreds Of C-Level Executives

ZDNet's Zero Day column just reported one of the best reasons why you should step your users through new-school security awareness training yet:
Continue Reading

Nearly Half of Spear Phishing Emails Bypass Security Filters

47% of payloadless phishing emails are able to bypass the most popular secure email gateways (SEGs), according to researchers at IronScales. These are emails that don’t contain malicious ...
Continue Reading

Threat Actors Use Fake Sites for Espionage

Researchers at Volexity report that the Vietnamese threat actor OceanLotus has been using phony news and bogus activist websites to track users, or to trick them into downloading malware. ...
Continue Reading

Middle Management is the Next Target for Phishing Attacks

Mid-level managers need to be particularly wary of targeted phishing attacks, according to Jenn Gast at INKY. Gast explains that criminals can easily conduct open-source research on a ...
Continue Reading

Q3 2020 Top-Clicked Phishing Subjects: Coronavirus-Related Attacks Still Prevalent [INFOGRAPHIC]

KnowBe4's latest quarterly report on top-clicked phishing email subjects is here. These are broken down into three different categories: social media related subjects, general subjects, ...
Continue Reading

[HEADS UP] Local Boston Town Falls Victim to a Phishing Attack

According to a local news source from Boston, the Town of Franklin recently became the next victim to a phishing attack, costing over $500K.
Continue Reading

Healthcare Sector Still Sustains Phishing Campaigns

No one should take too seriously the high-minded things criminals sometimes say about how they’re restraining themselves during the pandemic, and that they’re going to avoid hitting ...
Continue Reading

[Heads Up] Scam of The Week: Watch Out For Trump COVID Disinformation

The bad guys are going to have a ball with this one. President Trump announced that he and first lady Melania are COVID Positive. This event will be used in a variety of ways through ...
Continue Reading

Beware of Fake Forwarded Phishes

There are many specific, heightened challenges of spear phishing emails coming from compromised, trusted third parties. Trusted third-party phishing emails usually come from the ...
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews