Malicious Retail Phishing Sites Spike Ahead of Shopping Holidays

Nov 17, 2021 8:52:55 AM By Stu Sjouwerman

Researchers at Check Point have observed a record number of malicious phishing shopping websites that have been set up over the past two months. The researchers assume these sites were ...

“Customer Complaint” May Get Your Attention

Nov 11, 2021 8:41:23 AM By Stu Sjouwerman

A spear phishing campaign is sending phony “customer complaints” that contain a link to a malicious website, according to Paul Ducklin at Naked Security. The phishing emails appear to ...

Bait Attacks as Reconnaissance

Nov 10, 2021 11:15:31 AM By Stu Sjouwerman

Researchers at Barracuda warn that attackers are sending non-malicious emails as a precursor to targeted phishing attacks.

New 'Frankenphishing' Tactic Combines Other Phishing Kits Into One

Nov 9, 2021 9:27:05 AM By Stu Sjouwerman

RiskIQ has observed another phishing kit that’s been pieced together from portions of other phishing kits.

Over Half of all Impersonation Attacks Target Non-Executive Employees

Oct 29, 2021 2:02:26 PM By Stu Sjouwerman

A new report shows how cybercriminals focus on users that are less vigilant and more prone to falling for social engineering and impersonation tactics designed to gain access to finances.

KnowBe4's Q3 2021 Top-Clicked Phishing Email Report Includes New Global Data [INFOGRAPHIC]

Oct 29, 2021 10:39:26 AM By Stu Sjouwerman

KnowBe4's latest quarterly report on top-clicked phishing email subjects is here. We are now looking at the top categories globally, general subjects (in the United States and Europe, ...

Man Spends Thousands and is Exposed for Typosquatting with Cryptocurrency

Oct 12, 2021 9:22:38 AM By Stu Sjouwerman

A man in Brazil spent more than $200,000 on typosquatting domains between November 2020 and February 2021, the Washington Post reports. Typosquatting is a phishing technique in which ...

New James Bond Movie is Cybercriminals Shiniest Phishbait

Oct 4, 2021 8:41:31 AM By Stu Sjouwerman

Cybercriminals are using the new James Bond movie, No Time to Die, as phishbait, the National reports. Researchers at Kaspersky warn that malicious ads and phishing sites are claiming, ...

Phishing Attacks Maintain “New Normal” Elevated Levels into the Middle of 2021

Oct 1, 2021 1:08:46 PM By Stu Sjouwerman

New data from the Anti-Phishing Working Group (AWPG) shows the Q2 of 2021 showed similar phishing activity to that of Q1, indicating no slowdown in attacks.

[HEADS UP] Millions of malicious emails will slip past security filters in Q4

Sep 22, 2021 5:00:00 PM By Stu Sjouwerman

Researchers at Tessian have published a report looking at recent trends in spear phishing attacks. The researchers found that 45% of employees said that they clicked on a phishing email ...

Social Media as Artillery Preparation for Spear Phishing

Sep 14, 2021 9:18:49 AM By Stu Sjouwerman

Researchers at ESTsecurity warn that a North Korean threat actor known as “Kumsong 121” is using compromised social media accounts to launch spear phishing attacks, the Daily NK reports. ...

Spear Phishing Becomes a Bigger Problem as the Average Organization is Targeted 700 Times a Year

Aug 11, 2021 8:21:16 AM By Stu Sjouwerman

With threat actors honing their trickery skills to craft the perfect email used to fool a would-be victim recipient, new data shows cybercriminals are stepping up their game on a number ...

[INFOGRAPHIC] New Report Shows Users Are Falling for Security and HR-Related Phishing Attacks

Jul 19, 2021 5:04:04 PM By Stu Sjouwerman

KnowBe4's latest quarterly report on top-clicked phishing email subjects is here. These are broken down into three different categories: social media related subjects, general subjects, ...

New LuminousMoth APT Takes a Double-Infection Vector Approach to Attacks

Jul 19, 2021 1:45:55 PM By Stu Sjouwerman

Spotted by security researchers at Kaspersky Labs, this large-scale yet extremely targeted campaign of attacks focuses on government organizations within Southeast Asia.

Year-Long Phishing Campaign Targets Energy, Oil & Gas Companies Using Spoofed B2B Correspondence

Jul 14, 2021 9:23:26 AM By Stu Sjouwerman

Uncovered by the research team at cloud protection vendor Intezer, this new phishing campaign seeks to steal information and position each victim as the foothold to spear phish additional ...

Spear Phishing Campaign Targets Energy Companies

Jul 13, 2021 10:29:13 AM By Stu Sjouwerman

Researchers at Intezer have spotted a phishing campaign that’s targeting energy companies in South Korea, the United States, the United Arab Emirates, and Germany. Most of the targets are ...

Almost All LinkedIn User’s Data Has Been Scraped and is Up for Sale on the Dark Web

Jun 30, 2021 4:31:12 PM By Stu Sjouwerman

700 Million LinkedIn user’s personal details were posted for sale earlier this month, putting 92% of their userbase at risk of social engineering and spear phishing attacks.

Spear Phishing Impersonation Attacks Take on New Tactics to Become More Convincing and Effective

Jun 30, 2021 4:31:09 PM By Stu Sjouwerman

As part of Business Email Compromise attacks, spear phishing now plays a material role, with impersonation sitting firmly at the core of their social engineering tactics… in more ways ...

35% of Cybersecurity Incidents are Business Email Compromise (BEC) Phishing Attacks

Jun 29, 2021 2:00:38 PM By Stu Sjouwerman

With cybercriminals looking for the fastest means to get from attack to a big payout, BEC attacks are shifting tactics to adjust to organizations being better prepared.

[Heads Up] Microsoft: SolarWinds hackers spear phish govt agencies from 24 countries

May 28, 2021 10:07:38 AM By Stu Sjouwerman

The Microsoft Threat Intelligence Center (MSTIC) has discovered that the SolarWinds hackers are behind an ongoing spear-phishing campaign targeting government agencies worldwide.

Security Awareness Training Blog

Spear Phishing Blog

View Topics