Security Awareness Training Blog

Spear Phishing Blog

Learn about current spear phishing attacks, specific examples, and techniques the bad guys are currently using so your users don't fall for these attacks.

View Topics

FBI Sends Private Industry Notification Warning of BEC Techniques

Mar 17, 2020 8:32:03 AM By Stu Sjouwerman
The FBI sent out a Private Industry Notification (PIN) warning companies that attackers are abusing Microsoft Office 365 and Google’s G Suite to launch business email compromise (BEC) ...
Continue Reading

[Heads Up] Your Exfiltrated Ransomware Data Is Now Used To Spearphish Your Business Partners

Mar 12, 2020 1:26:41 PM By Stu Sjouwerman
Ransomware operators are continually improving their tactics to ensure more lucrative payouts, according to Information Security Media Group (ISMG). Over the past several years, attackers ...
Continue Reading

New Sophisticated Credential-Stealing Malware, Forelord, Attacks the Middle East

Mar 4, 2020 5:15:52 PM By Stu Sjouwerman
This latest APT highlights the levels of sophistication attackers will go to just to establish persistence, infect the endpoint, and steal credentials from the victim organization.
Continue Reading

Why Minimizing Human Error is the Only Viable Defense Against Spear Phishing

Feb 25, 2020 11:21:58 AM By Stu Sjouwerman
Phishing attacks have become one of the business world's top cybersecurity concerns. These social engineering attacks have been rising over the years, with  the most recent report from ...
Continue Reading

Spamming Tools are a Commodity in the Criminal Underworld

Feb 25, 2020 8:21:25 AM By Stu Sjouwerman
Cheap and easy-to-use phishing kits and other social engineering tools are readily available for purchase on the black market, according to researchers at Digital Shadows. Criminals ...
Continue Reading

Spear Phishing Tops the Canadian Anti-Fraud Center’s List of Attacks

Feb 24, 2020 5:13:16 PM By Stu Sjouwerman
The latest data out of the Canadian Government points out how targeted spear phishing fraud attacks via email are the most lucrative method of attack for cybercriminals in 2019.
Continue Reading

New Convincing Verizon Smishing Scam Makes SIM Swaps A Breeze

Feb 18, 2020 1:42:27 PM By Stu Sjouwerman
Cybercriminals intent on using a mobile device as a second factor of authentication are now using texts and very realistic-looking mobile sites to steal details needed to perform SIM ...
Continue Reading

Intelligence Services Get Phishing Licenses

Feb 3, 2020 8:23:46 AM By Stu Sjouwerman
New York Times journalist Ben Hubbard was targeted by a spear phishing attack designed to deliver NSO Group’s Pegasus spyware, researchers at the University of Toronto’s Citizen Lab have ...
Continue Reading

Scam Of The Week: "Kobe Bryant Dead, Dies in Helicopter Crash"

Jan 26, 2020 4:29:02 PM By Stu Sjouwerman
Today, news broke that Kobe Bryant died in a helicopter crash. His daughter Gigi was also on board and died in the crash. This is a celebrity death that the bad  guys are going to be ...
Continue Reading

FDIC Warns U.S. Financial Institutions of Elevated Risk of Cyberattack

Jan 23, 2020 4:05:27 PM By Stu Sjouwerman
Citing “increased geopolitical tension”, banks are warned to immediately reevaluate to shore up cybersecurity controls and technology safeguards against ransomware and malware attacks.
Continue Reading

Security-Related and Giveaway Phishing Email Subject Lines Get the Most Clicks

Jan 14, 2020 12:06:00 PM By Stu Sjouwerman
KnowBe4 revealed the results of its Q4 2019 top-clicked phishing report. The results found that simulated phishing tests with an urgent message to check a password immediately were most ...
Continue Reading

Microsoft Sues Hacker Group for Data Theft of Highly Sensitive Information

Jan 13, 2020 9:48:18 AM By Stu Sjouwerman
A new recently unsealed lawsuit against a North Korean hacker group shows how even the largest companies can be successfully attacked by phishing.
Continue Reading

Of Course, Scammers Exploit Fears of Iranian Hacking

Jan 9, 2020 8:23:29 AM By Stu Sjouwerman
A new phishing campaign is attempting to frighten people into handing over their credentials by claiming Microsoft was hacked by Iran, BleepingComputer reports. The campaign is ...
Continue Reading

Phishing Emails on the Rise as Spear Phishing Continues to Return Bigger Payouts

Jan 7, 2020 8:59:42 AM By Stu Sjouwerman
New data from Microsoft Security Insights sheds some needed light on exactly what the bad guys are doing and how they’re shifting tactics. Sometimes it feels like the bad guys are ...
Continue Reading

Penn State Warns of Spear Phishing Attacks

Jan 7, 2020 8:30:37 AM By Stu Sjouwerman
Penn State is warning its community about a recent spike in phishing attacks targeting the university’s employees. Attackers are sending emails posing as real Penn State employees and ...
Continue Reading

Business Email Compromise During Tax Season: Spotting and Defending Against Common BEC Tax Scams

Jan 6, 2020 9:44:01 AM By Stu Sjouwerman
Tax season is upon us, which makes this prime time for hackers to target your unsuspecting users with the latest Business Email Compromise (BEC) scams. From evolved W2 fraud to ...
Continue Reading

U.S. Government Issues Warning About Possible Iranian Cyberattacks

Jan 3, 2020 2:27:46 PM By Stu Sjouwerman
Christopher C. Krebs, Director of Cybersecurity and Infrastructure Security Agency issued a warning about a potential new wave of Iranian cyber-attacks targeting U.S. assets after Maj. ...
Continue Reading

WIRED: "The Decade Big-Money Email Scams Took Over"

Dec 26, 2019 2:46:27 PM By Stu Sjouwerman
Excellent article in WIRED, where they observed that In the last few years, the "Nigerian prince" scams have gotten a major upgrade. Here is an extract and a link to the full article:
Continue Reading

Whaling: Like Phishing, but After Bigger Game

Dec 23, 2019 9:55:53 AM By Stu Sjouwerman
Organizations have to acknowledge their responsibility for ensuring their employees are able to recognize targeted phishing attacks, according to James McGachie, Legal Director of DLA ...
Continue Reading

Top 9 IT Security Trends You Need to Watch Out For in 2020

Dec 20, 2019 10:12:12 AM By Stu Sjouwerman
Cyber security and security awareness training landscapes are constantly changing.  IT Professionals, like you, always need to know what is coming next in order to build (and maintain) ...
Continue Reading
Subscribe

Search Our Blog


Your Coronavirus and Work From Home Resource Center

Subscribe To Our Blog

Posts By Topic

View all

Get the latest about social engineering

Subscribe to CyberheistNews