Phishing Do's & Don'ts

KnowBe4

Here are some do’s and don'ts for your phishing simulation exercises. Phishing Cybersecurity Awareness Month

Defeating Phishing-Resistant Multifactor Authentication

Schneier on Security

CISA is now pushing phishing-resistant multifactor authentication. Roger Grimes has an excellent post reminding everyone that “phishing-resistant” is not “phishing proof,” and that everyone needs to stop pretending otherwise.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Police Dismantle Dutch Phishing Gang

Data Breach Today

Belgian and Dutch Police Arrest 9 Suspects Over Theft of 'Millions of Euros' Belgian and Dutch police with the support of Europol dismantled an organized crime gang involved in carrying out phishing, money laundering and other scams.

Australian Firm Costa Group Suffers Phishing Attack

Data Breach Today

Phishing Incident Caused Service Disruptions and Delays Australian fruit and vegetable supplier Costa Group says it was subjected to a malicious and sophisticated phishing attack in August that resulted in unauthorized access to its servers.

The Business Cost of Phishing

Phishing is a problem that's plagued organizations for years. IT and Security teams will tell you that they’re spending too much time and money on phishing, but what does that mean? This report quantifies the financial impacts of phishing.

Spear Phishing a Diplomat

KnowBe4

Researchers at Fortinet observed a spear phishing attack that targeted a Jordanian diplomat late last month. Phishing Spear PhishingThe researchers attribute this attack to the Iranian state-sponsored threat actor APT34 (also known as OilRig or Helix Kitten).

Twilio-Linked Phishing Campaign Also Targets DoorDash

Data Breach Today

Unusual Activity' By Third-Party Service Provider to Blame Food delivery firm DoorDash says its customers and employees have been impacted by the phishing attack on its third-party service provider.

Watch Out For This Tricky New Tactic Called Clone Phishing

KnowBe4

Researchers at Vade Secure describe a type of phishing attack dubbed “clone phishing,” in which attackers follow up a legitimate email from a trusted sender with a replica, claiming that they forgot to include a link or attachment. Phishing

Scammers Piggyback on AWS to Phish Victims

Data Breach Today

AWS Domains Used to Send Phishing Emails and Steal Credentials Threat actors are using Amazon Web Services solutions to create phishing pages that bypass security scanners and scam victims into handing over credentials.

Amazon Prime Day Phishing

KnowBe4

Check Point Research (CPR) observed a 37% increase in Amazon-themed phishing attacks during the first week of July, ahead of Amazon Prime day this week. Another email tells users that their payment method needs to be confirmed, and contains a link to a phishing site. Phishing

Beating Clever Phishing Through Strong Authentication

Data Breach Today

But strong authentication can thwart even the most clever phishing campaigns, says Brett Winterford, regional chief security officer for APJ at Okta Successful account takeovers are one of the most common ways that organizations end up with attackers in their systems.

U.K. Arrest in ‘SMS Bandits’ Phishing Service

Krebs on Security

Authorities in the United Kingdom have arrested a 20-year-old man for allegedly operating an online service for sending high-volume phishing campaigns via mobile text messages. ” SMS Bandits offered an SMS phishing (a.k.a.

MetaMask Crypto Wallet Phishing

KnowBe4

A phishing campaign attempting to steal credentials for MetaMask cryptocurrency wallets, according to Lauryn Cash at Armorblox. Phishing

Children of Conti go Phishing

KnowBe4

Researchers at AdvIntel warn that three more ransomware groups have begun using the BazarCall spear phishing technique invented by the Ryuk gang (a threat group that subsequently rebranded as Conti). The researchers outline the four stages of this technique: Phishing Spear Phishing Ransomwar

Phishing Campaign Targets GitHub Users

KnowBe4

GitHub has issued an alert warning of a phishing campaign targeting users by impersonating the popular DevOps tool CircleCI, BleepingComputer reports. The phishing site is designed to harvest credentials as well as time-based one-time-password (TOTP) authentication codes. Phishing

SMS About Bank Fraud as a Pretext for Voice Phishing

Krebs on Security

” The remarkable aspect of these phone-based phishing scams is typically the attackers never even try to log in to the victim’s bank account. A Little Sunshine Latest Warnings Kris Stevens smishing voice phishing

Phishing Targets US Election Workers

KnowBe4

Researchers at Trellix warn of phishing attacks targeting election workers in advance of the US midterm elections. Phishing

Stolen Devices and Phishing

KnowBe4

Researchers at Cyren describe a phishing attack that resulted from the theft of a stolen iPad. PhishingThe iPad was stolen on a train in Switzerland, and briefly appeared on Apple’s location services in Paris a few days later.

American Airlines Traces Breach to Phishing Incident

KnowBe4

American Airlines has disclosed that an attacker used phishing attacks to breach the company’s systems, BleepingComputer reports. Phishing

Gaming-Related Phishing Trends

KnowBe4

Phishing MalwareResearchers at Kaspersky have found that the vast majority of gaming-related malware lures are targeted at Minecraft players.

Microsoft Says Phishing Campaign Skirted MFA to Access Email

Data Breach Today

Attackers Targeted More Than 10,000 Organizations Since Last September Attackers used a phishing campaign to direct unwitting Microsoft business email customers into supplying logon credentials to a proxy server.

Access 284

New Phishing Attack Attempts to Steal Social Security Numbers

KnowBe4

A phishing campaign is impersonating the US Social Security Administration (SSA) in an attempt to steal Social Security numbers, according to researchers at INKY. Phishing

The State of Phishing and Email Security

Data Breach Today

Cofense's Tonia Dudley on What's Not Working, Threat Predictions "Credential phishing is off the charts," says Tonia Dudley of Cofense.

Phishing Attack Uses Fake Google reCAPTCHA

Data Breach Today

Zscaler Says it Prevented Over 2,500 Phishing Attacks A Microsoft-themed phishing campaign is using phony Google reCAPTCHA in an attempt to steal credentials from senior employees of various organizations, a new report by security firm Zcaler says.

Facebook Phishing Scam Steals Millions of Credentials

KnowBe4

Researchers at PIXM have uncovered a major Facebook Messenger phishing scam that’s “potentially impacted hundreds of millions of Facebook users.” More than eight million people have visited just one of these phishing pages so far this year. Phishing

Phishing-as-a-Service Platform Offers Cut-Rate Prices

Data Breach Today

Customers of 'Robin Banks' Platform Have Netted $500,000 Fifty bucks gets cybercriminals access to a phishing-as-a-service platform for campaigns impersonating major brands in the United States and other English-speaking countries.

QuickBooks Phishing Scam is Back

KnowBe4

Scammers are continuing to abuse the QuickBooks tax accounting software to send phishing scams, according to Roger Kay at INKY. Phishing

Phishing Kit Imitates PayPal

KnowBe4

Researchers at Akamai have discovered a PayPal phishing kit that attempts to steal victims’ identities as well as their financial information. The phishing page looks identical to Paypal’s login page, and asks users to solve a captcha before entering their username and password.

Fraudsters Alter Election Phishing Scam

Data Breach Today

Scammers Now Attempting to Steal Banking and Driver's License Information Fraudsters operating an election-themed phishing campaign have tweaked their malicious landing pages to harvest more information, including banking credentials, account data and vehicle identification information, Proofpoint reports.

Phishing Campaign Abuses Microsoft Customer Voice

KnowBe4

Researchers at Avanan warn that a phishing campaign is using Microsoft’s Dynamic 365 Customer Voice feature to send malicious links. Phishing

Police Crack SMS Phishing Operation

Data Breach Today

Two Men Accused of Sending Messages to Obtain Personal, Bank Information Australian police say they've broken up a sophisticated SMS phishing scheme designed to collect personal details and bank login credentials.

Scammer Continues Phishing From Prison

KnowBe4

Dutch authorities have announced that an imprisoned scammer was running a phishing operation from his jail cell, Cybernews reports. PhishingThe crook used four mobile phones to post malicious ads on Marktplaats, a popular Dutch classifieds site.

World Cup Phishing Attacks Doubled And Will Increase

KnowBe4

Researchers at Trellix revealed that phishing email attacks targeting users in the Middle East doubled in October 2022 ahead of the World Cup in Qatar, as reported by The Record. Phishing

Spear Phishing Campaign Targets Financial Institutions in African Countries

KnowBe4

Researchers at Check Point have discovered a spear phishing campaign dubbed “DangerousSavanna” that's targeting financial entities in at least five African countries. Phishing Spear Phishing

Spear Phishing Campaign Targets Facebook Business Accounts

KnowBe4

Researchers at WithSecure have discovered a spear phishing campaign targeting employees who have access to Facebook Business accounts. Social Engineering Phishing Spear Phishing

New Phishing-as-a-Service Platform

KnowBe4

Researchers at Resecurity have discovered a new Phishing-as-a-Service (PhaaS) platform called “EvilProxy” that’s being offered on the dark web. Phishing

PayPal Phishing Scam Uses Invoices Sent Via PayPal

Krebs on Security

” A copy of the phishing message included in the PayPal.com invoice. While the phishing message attached to the invoice is somewhat awkwardly worded, there are many convincing aspects of this hybrid scam.

Homographic Domain Name Phishing Tactics

KnowBe4

Bitdefender warns that Microsoft Office applications are vulnerable to phishing tactics that exploit international domain names (IDNs). Social Engineering Phishing

German Police Collar Alleged Phishing Cybercriminals

KnowBe4

The Bundeskriminalamt (BKA), Germany's federal criminal police, raided three homes on Thursday, September 29th, in the course of an investigation of a cyber criminal operation the BKA says netted approximately €4,000,000 from its victims by using phishing tactics. Social Engineering Phishing

Spear Phishing Campaign Targets the US Military

KnowBe4

Researchers at Zscaler warn that a spear phishing campaign is targeting the US military and other sectors with phishing emails that purport to be voicemail notifications. The emails contain links to a phishing page designed to harvest Microsoft Office 365 credentials.