Security Awareness Training Blog

Spear Phishing Blog

Learn about current spear phishing attacks, specific examples, and techniques the bad guys are currently using so your users don't fall for these attacks.

Spear Phishing Campaign Targets Energy Companies

Researchers at Intezer have spotted a phishing campaign that’s targeting energy companies in South Korea, the United States, the United Arab Emirates, and Germany. Most of the targets are ...
Continue Reading

Almost All LinkedIn User’s Data Has Been Scraped and is Up for Sale on the Dark Web

700 Million LinkedIn user’s personal details were posted for sale earlier this month, putting 92% of their userbase at risk of social engineering and spear phishing attacks.
Continue Reading

Spear Phishing Impersonation Attacks Take on New Tactics to Become More Convincing and Effective

As part of Business Email Compromise attacks, spear phishing now plays a material role, with impersonation sitting firmly at the core of their social engineering tactics… in more ways ...
Continue Reading

35% of Cybersecurity Incidents are Business Email Compromise (BEC) Phishing Attacks

With cybercriminals looking for the fastest means to get from attack to a big payout, BEC attacks are shifting tactics to adjust to organizations being better prepared.
Continue Reading

[Heads Up] Microsoft: SolarWinds hackers spear phish govt agencies from 24 countries

The Microsoft Threat Intelligence Center (MSTIC) has discovered that the SolarWinds hackers are behind an ongoing spear-phishing campaign targeting government agencies worldwide.
Continue Reading

A  New Smishing Trojan is Out and About

Researchers at Pradeo have observed a new Android malware campaign that uses text messages asking victims to pay a small fee for a delivery. The messages contain a link that will install ...
Continue Reading

Why Should We Care About Personal Smishing Attacks?

I am not sure what is going on these days, but for several weeks, I have received far more SMS-based phishing (i.e., smishing) attacks than usual.
Continue Reading

Scammers Target Rogers Customers With SMS Messages

Scammers are targeting Rogers customers with text messages offering $50 refunds, according to BleepingComputer. The Canadian telecommunications provider suffered a widespread outage last ...
Continue Reading

Currently Popular Social Engineering Tactics

Criminals are exploiting new technology to launch updated versions of old attacks, according to Derek Slater at CSO. George Gerchow, CSO at Sumo Logic, told Slater that threat actors are ...
Continue Reading

[INFOGRAPHIC] Q1 2021 Report Shows Users are More Savvy to COVID-19 Phishing Scams

KnowBe4's latest quarterly report on top-clicked phishing email subjects is here. These are broken down into three different categories: social media related subjects, general subjects, ...
Continue Reading

2021 Phishing Trends Face Alarming Predictions and Will Likely Include Automated Attacks

Researchers at INKY warn that targeted phishing attacks will continue throughout 2021, as some employees return to the office and others continue working from home. They predict that ...
Continue Reading

APT Group Use Voice-Changing Software to Impersonate Women as Part of Espionage Attacks

The middle eastern threat group known as APT-C-23 are targeting male soldiers in the Israel Defense Forces in an attempt to get their victims to download and install malware.
Continue Reading

LinkedIn Data of 500 Million Users Hacked, Up For Sale: Report

Microsoft-owned social network LinkedIn is reportedly the latest victim of a massive data breach where data of 500 million user profiles has been allegedly leaked by cybercriminals. The ...
Continue Reading

Ubiquiti Cyber Attack Details Depict a Far More Disastrous Scenario Than Let On

New whistleblower details surrounding the December 2020 attack on the cloud-enabled IoT device manufacturer paints a far worse picture than what was disclosed.
Continue Reading

Spoofing Tailored to Financial Departments

Researchers at Area 1 Security have warned of a large spear phishing campaign targeting financial departments and C-suite employees with spoofed Microsoft 365 login pages. The researchers ...
Continue Reading

[EYE-OPENER] USA CISA Advisory on Trickbot Campaigns: Phishing Training For Employees

March 17, 2021 — The Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) have observed continued targeting through spear phishing campaigns ...
Continue Reading

Make No Mistake, This Changes Everything: Nation-State 2.0

Every organization needs to figure out their increased cyber risk from nation-state warfare attacks and deploy mitigations.
Continue Reading

FBI Warns Against Deepfakes' Potential for Social Engineering

The FBI has issued an advisory warning of an expected increase in the use of deepfakes for social engineering attacks. Deepfakes are images, videos, audio, or text created via AI to ...
Continue Reading

Beware: Lots of COVID-19 Vaccine-Related Attacks Are Active and Looking for Their Next Victim

From spear phishing attacks, to malicious domains, to credential-hunting – as I predicted, COVID vaccines are the hot attack theme right now from just about every angle.
Continue Reading

By Their Poor Idiomatic Control Shall Ye Know Them

A new phishing campaign is impersonating Zoom in order to steal users’ Outlook credentials, according to researchers at GreatHorn. The attackers are using phishing URLs that spoof Zoom’s ...
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews