Security Awareness Training Blog

Spear Phishing Blog

Learn about current spear phishing attacks, specific examples, and techniques the bad guys are currently using so your users don't fall for these attacks.

Microsoft Sues Hacker Group for Data Theft of Highly Sensitive Information

A new recently unsealed lawsuit against a North Korean hacker group shows how even the largest companies can be successfully attacked by phishing.
Continue Reading

Of Course, Scammers Exploit Fears of Iranian Hacking

A new phishing campaign is attempting to frighten people into handing over their credentials by claiming Microsoft was hacked by Iran, BleepingComputer reports. The campaign is ...
Continue Reading

Phishing Emails on the Rise as Spear Phishing Continues to Return Bigger Payouts

New data from Microsoft Security Insights sheds some needed light on exactly what the bad guys are doing and how they’re shifting tactics. Sometimes it feels like the bad guys are ...
Continue Reading

Penn State Warns of Spear Phishing Attacks

Penn State is warning its community about a recent spike in phishing attacks targeting the university’s employees. Attackers are sending emails posing as real Penn State employees and ...
Continue Reading

Business Email Compromise During Tax Season: Spotting and Defending Against Common BEC Tax Scams

Tax season is upon us, which makes this prime time for hackers to target your unsuspecting users with the latest Business Email Compromise (BEC) scams. From evolved W2 fraud to ...
Continue Reading

U.S. Government Issues Warning About Possible Iranian Cyberattacks

Christopher C. Krebs, Director of Cybersecurity and Infrastructure Security Agency issued a warning about a potential new wave of Iranian cyber-attacks targeting U.S. assets after Maj. ...
Continue Reading

WIRED: "The Decade Big-Money Email Scams Took Over"

Excellent article in WIRED, where they observed that In the last few years, the "Nigerian prince" scams have gotten a major upgrade. Here is an extract and a link to the full article:
Continue Reading

Whaling: Like Phishing, but After Bigger Game

Organizations have to acknowledge their responsibility for ensuring their employees are able to recognize targeted phishing attacks, according to James McGachie, Legal Director of DLA ...
Continue Reading

Top 9 IT Security Trends You Need to Watch Out For in 2020

Cyber security and security awareness training landscapes are constantly changing.  IT Professionals, like you, always need to know what is coming next in order to build (and maintain) ...
Continue Reading

Spear Phishing in the Royal Canadian Mint

The Royal Canadian Mint, which produces Canada’s coins, nearly sent an employee’s paycheck to an attacker following a spear phishing attack, CBC News reports. The attacker sent an email ...
Continue Reading

Microsoft Sees Phishing on the Rise

According to Microsoft security research, the percentage of inbound emails associated with phishing on average increased in the past year. For some, this may feel like obvious news, but ...
Continue Reading

Europol Finds Majority of Attack Groups Rely on Spear Phishing as Primary Infection Vector

A new report from Europol’s European Cybercrime Center (EC3) breaks down how targeted phishing attacks are being done, and how to avoid becoming a victim.
Continue Reading

Google Sent 12K Nation-State Phishing Warnings In Three Months

Google's Threat Analysis Group (TAG) delivered thousands of alerts of government-backed attempts to spearphish gmail users over just a three-month period earlier this year, they reported.
Continue Reading

Click Confessions of a Security Expert

As a “human security” expert, I used to take a lot of pride in my well-honed security hygiene. Yeah… that all ended back in early 2017 when I joined KnowBe4. You see, up until that time, ...
Continue Reading

Instagram Copyright Infringement is the Latest Phishing Scam Targeting Social Media

Focused on compromising social media credentials, scammers trick Instagram users into giving up credentials and other personally identifiable information with convincing phishing emails.
Continue Reading

Third Party Phishing: The New Spear-Phishing Attacks That Traditional Defenses Just Don't Stop

Joe in accounting is pretty cyber-savvy. He doesn’t fall for basic phishing emails with masked URLs or phony password reset requests. But what happens when Joe gets an email from a ...
Continue Reading

A New Attack Category is Born: You Now Need to Also Worry About Evasive Spear Phishing

Researchers have combed through 25 million emails and found a new method of attack that blends two previously seen attack types combined into a single attack.
Continue Reading

I Can Phish Anyone

I’m a bit surprised by some aggressive corporate anti-phishing policies which say they will fire anyone for one accidental phishing offense. Send me the names and email addresses of the ...
Continue Reading

CRN: "Kevin Mandia -- Detect Spear Phishing, Lock Down CEO Email To Stay Safe"

Michael Novinson at CRN had a great article that really explains the issues we are dealing with. He started out with: "Spear phishing remains the most common way for adversaries to ...
Continue Reading

Extremely Embarrassing 250,000-record Data Breach At Hookers.nl

The data of 250,000 users of Hookers.nl, a forum where experiences with prostitutes and escorts are exchanged, have been stolen and offered for sale on the internet. It concerns e-mail ...
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews