article thumbnail

Identifying AI-Enabled Phishing

KnowBe4

Users need to adapt to an evolving threat landscape in which attackers can use AI tools like ChatGPT to craft extremely convincing phishing emails, according to Matthew Tyson at CSO. Phishing Artificial Intelligence

article thumbnail

A Guide to Phishing Attacks

Schneier on Security

This is a good list of modern phishing techniques. Uncategorized cyberattack phishing

Phishing 124
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Phishing for Ring Customers

KnowBe4

INKY warns that a phishing campaign is targeting users of the Ring video security system. The scammers are sending brief phishing emails instructing recipients to click on the attached HTML file in order to update their membership. Phishing

Phishing 100
article thumbnail

Phishing Campaign Targets Job Seekers, Employers

Data Breach Today

Attackers Exploit Economic Downturn by Deploying Malware in Resumes, ID Attachments Threat actors are exploiting the ongoing economic downturn using job-themed phishing and malware campaigns to target job seekers and employers to steal sensitive information and hack company recruiters.

Phishing 264
article thumbnail

The Business Cost of Phishing

Phishing is a problem that's plagued organizations for years. IT and Security teams will tell you that they’re spending too much time and money on phishing, but what does that mean? This report quantifies the financial impacts of phishing.

article thumbnail

Phishing Do's & Don'ts

KnowBe4

Here are some do’s and don'ts for your phishing simulation exercises. Phishing Cybersecurity Awareness Month

Phishing 109
article thumbnail

Spear Phishing a Diplomat

KnowBe4

Researchers at Fortinet observed a spear phishing attack that targeted a Jordanian diplomat late last month. Phishing Spear PhishingThe researchers attribute this attack to the Iranian state-sponsored threat actor APT34 (also known as OilRig or Helix Kitten).

Phishing 128
article thumbnail

A Rise in Dynamic Phishing

KnowBe4

Attackers are increasingly using techniques to prevent their phishing pages from being detected by security firms, a new report from BlueVoyant has found. Phishing

article thumbnail

Defeating Phishing-Resistant Multifactor Authentication

Schneier on Security

CISA is now pushing phishing-resistant multifactor authentication. Roger Grimes has an excellent post reminding everyone that “phishing-resistant” is not “phishing proof,” and that everyone needs to stop pretending otherwise.

article thumbnail

Australian Firm Costa Group Suffers Phishing Attack

Data Breach Today

Phishing Incident Caused Service Disruptions and Delays Australian fruit and vegetable supplier Costa Group says it was subjected to a malicious and sophisticated phishing attack in August that resulted in unauthorized access to its servers.

Phishing 264
article thumbnail

Initial Access Broker Phishing

KnowBe4

Cisco has disclosed a security incident that occurred as a result of sophisticated voice phishing attacks that targeted employees, according to researchers at Cisco Talos. Phishing

Phishing 127
article thumbnail

Rackspace Warns of Phishing Attempts Post Ransomware

Data Breach Today

Class Action Lawsuit Filed Against Rackspace for Negligence Hosted services company Rackspace is warning customers about the increasing risk of phishing attacks following a ransomware attack causing ongoing outages to its hosted Exchange environment.

Phishing 266
article thumbnail

DEV-1101 AiTM phishing kit is fueling large-scale phishing campaigns

Security Affairs

AiTM phishing allows threat actors to circumvent multifactor authentication (MFA) through reverse-proxy functionality. Since May 2022, DEV-1101 is offering an open-source kit that automates setting up and launching sophisticated phishing attacks.

article thumbnail

U.K. Arrest in ‘SMS Bandits’ Phishing Service

Krebs on Security

Authorities in the United Kingdom have arrested a 20-year-old man for allegedly operating an online service for sending high-volume phishing campaigns via mobile text messages. ” SMS Bandits offered an SMS phishing (a.k.a.

Phishing 317
article thumbnail

Phishing For Industrial Control Systems

KnowBe4

Mandiant has published a report describing phishing emails that have breached organizations in the industrial sector. Mandiant explains that the majority of phishing attacks are untargeted and opportunistic. Phishing

Phishing 102
article thumbnail

Beating Clever Phishing Through Strong Authentication

Data Breach Today

But strong authentication can thwart even the most clever phishing campaigns, says Brett Winterford, regional chief security officer for APJ at Okta Successful account takeovers are one of the most common ways that organizations end up with attackers in their systems.

article thumbnail

Amazon Prime Day Phishing

KnowBe4

Check Point Research (CPR) observed a 37% increase in Amazon-themed phishing attacks during the first week of July, ahead of Amazon Prime day this week. Another email tells users that their payment method needs to be confirmed, and contains a link to a phishing site. Phishing

Phishing 123
article thumbnail

SMS About Bank Fraud as a Pretext for Voice Phishing

Krebs on Security

” The remarkable aspect of these phone-based phishing scams is typically the attackers never even try to log in to the victim’s bank account. A Little Sunshine Latest Warnings Kris Stevens smishing voice phishing

Phishing 353
article thumbnail

Twilio-Linked Phishing Campaign Also Targets DoorDash

Data Breach Today

Unusual Activity' By Third-Party Service Provider to Blame Food delivery firm DoorDash says its customers and employees have been impacted by the phishing attack on its third-party service provider.

Phishing 260
article thumbnail

MetaMask Crypto Wallet Phishing

KnowBe4

A phishing campaign attempting to steal credentials for MetaMask cryptocurrency wallets, according to Lauryn Cash at Armorblox. Phishing

article thumbnail

Scammers Piggyback on AWS to Phish Victims

Data Breach Today

AWS Domains Used to Send Phishing Emails and Steal Credentials Threat actors are using Amazon Web Services solutions to create phishing pages that bypass security scanners and scam victims into handing over credentials.

Phishing 245
article thumbnail

Phishing Campaign Impersonates Japanese Rail Company

KnowBe4

Researchers at Safeguard Cyber describe a phishing campaign that’s posing as a Japanese rail ticket reservation company. Phishing

article thumbnail

NameCheap’s SendGrid Email Account Compromised, Used to Send Phishing Emails

KnowBe4

Since phishing attacks need legitimacy to increase their deliverability, this latest twist shows how phishing scammers and hackers are working together to ensure phishing attacks continue. Phishing

Phishing 105
article thumbnail

Phishing Attack Uses Fake Google reCAPTCHA

Data Breach Today

Zscaler Says it Prevented Over 2,500 Phishing Attacks A Microsoft-themed phishing campaign is using phony Google reCAPTCHA in an attempt to steal credentials from senior employees of various organizations, a new report by security firm Zcaler says.

Phishing 332
article thumbnail

Users Clicking on Multiple Mobile Phishing Links Increases 637% in Just Two Years

KnowBe4

New data shows that phishing mobile devices as an attack vector is growing in popularity – mostly because it’s increasingly working. Phishingin exponential terms.

Phishing 101
article thumbnail

Blind Eagle Goes Phishing

KnowBe4

Social Engineering PhishingBlackBerry has published a report on a threat actor, Blind Eagle, also known as APT-C-36, which has been operating against targets in Ecuador and Colombia since at least 2019. Its most recent activity has been directed at organizations in Colombia. “On On Feb.

article thumbnail

Fraudsters Alter Election Phishing Scam

Data Breach Today

Scammers Now Attempting to Steal Banking and Driver's License Information Fraudsters operating an election-themed phishing campaign have tweaked their malicious landing pages to harvest more information, including banking credentials, account data and vehicle identification information, Proofpoint reports.

Phishing 312
article thumbnail

Children of Conti go Phishing

KnowBe4

Researchers at AdvIntel warn that three more ransomware groups have begun using the BazarCall spear phishing technique invented by the Ryuk gang (a threat group that subsequently rebranded as Conti). The researchers outline the four stages of this technique: Phishing Spear Phishing Ransomwar

article thumbnail

Police Crack SMS Phishing Operation

Data Breach Today

Two Men Accused of Sending Messages to Obtain Personal, Bank Information Australian police say they've broken up a sophisticated SMS phishing scheme designed to collect personal details and bank login credentials.

Phishing 336
article thumbnail

Google Phishing Pages Jump 1,560% YoY

KnowBe4

Vade has released a report looking at phishing trends in 2022. PhishingThe researchers say the top three most-impersonated brands last year were Facebook, Microsoft, and Google.

article thumbnail

A 240% Rise in Dynamic Phishing

KnowBe4

Attackers are increasingly using techniques to prevent their phishing pages from being detected by security firms, a new report from BlueVoyant has found. Phishing

article thumbnail

Microsoft Says Phishing Campaign Skirted MFA to Access Email

Data Breach Today

Attackers Targeted More Than 10,000 Organizations Since Last September Attackers used a phishing campaign to direct unwitting Microsoft business email customers into supplying logon credentials to a proxy server.

Access 361
article thumbnail

Facebook Phishing Scam Steals Millions of Credentials

KnowBe4

Researchers at PIXM have uncovered a major Facebook Messenger phishing scam that’s “potentially impacted hundreds of millions of Facebook users.” More than eight million people have visited just one of these phishing pages so far this year. Phishing

Phishing 133
article thumbnail

Phishing Campaign Targets GitHub Users

KnowBe4

GitHub has issued an alert warning of a phishing campaign targeting users by impersonating the popular DevOps tool CircleCI, BleepingComputer reports. The phishing site is designed to harvest credentials as well as time-based one-time-password (TOTP) authentication codes. Phishing

Phishing 107
article thumbnail

Cybercriminals are Using Geotargeted Phishing to Target Victims

KnowBe4

Attackers are abusing a legitimate service called “GeoTargetly” to launch localized phishing attacks, according to Jeremy Fuchs at Avanan. Avanan observed a phishing campaign that’s using phishing emails to target multiple countries in South America. Phishing

Phishing 107
article thumbnail

[Heads Up] LastPass Attack Could Supercharge Spear Phishing Attacks

KnowBe4

Social Engineering Phishing Spear PhishingBy Roger A. Grimes. KnowBe4 recommends that everyone use a password manager to create and use strong passwords as a part of their password policy [link].

Phishing 114
article thumbnail

Watch Out For This Tricky New Tactic Called Clone Phishing

KnowBe4

Researchers at Vade Secure describe a type of phishing attack dubbed “clone phishing,” in which attackers follow up a legitimate email from a trusted sender with a replica, claiming that they forgot to include a link or attachment. Phishing

Phishing 130
article thumbnail

SolarWinds Attackers Return With Fresh Phishing Campaign

Data Breach Today

Microsoft: Russians Used Malicious Messages Portrayed as Coming From USAID A Russian group that was behind the massive SolarWinds supply chain attack has returned with a fresh phishing campaign, according to Microsoft.

Phishing 358
article thumbnail

Spear Phishing Campaign Targets Southeast Asia

KnowBe4

Researchers at Group-IB are tracking a previously unknown threat actor dubbed “Dark Pink” that’s using spear phishing attacks to target government, military, and religious organizations. Phishing Spear Phishing

article thumbnail

Phishing Attack Used Spoofed COVID-19 Vaccination Forms

Data Breach Today

Researchers Find Fraudsters Pose as HR Execs to Harvest Credentials A recently uncovered phishing campaign used fake COVID-19 vaccination forms - and took advantage of confusion over whether employees will return to their offices this fall - to harvest workers' email credentials, according to analysts with security firm INKY.

Phishing 336