Phishing Do's & Don'ts
KnowBe4
OCTOBER 5, 2022
Here are some do’s and don'ts for your phishing simulation exercises. Phishing Cybersecurity Awareness Month
Phishing Related Topics 
88 
Defeating Phishing-Resistant Multifactor Authentication
Schneier on Security
NOVEMBER 9, 2022
CISA is now pushing phishing-resistant multifactor authentication. Roger Grimes has an excellent post reminding everyone that “phishing-resistant” is not “phishing proof,” and that everyone needs to stop pretending otherwise.
Join 31,000+
Insiders
Sign Up for our Newsletter
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Trending Sources
Police Dismantle Dutch Phishing Gang
Data Breach Today
JUNE 22, 2022
Belgian and Dutch Police Arrest 9 Suspects Over Theft of 'Millions of Euros' Belgian and Dutch police with the support of Europol dismantled an organized crime gang involved in carrying out phishing, money laundering and other scams.
Australian Firm Costa Group Suffers Phishing Attack
Data Breach Today
OCTOBER 8, 2022
Phishing Incident Caused Service Disruptions and Delays Australian fruit and vegetable supplier Costa Group says it was subjected to a malicious and sophisticated phishing attack in August that resulted in unauthorized access to its servers.
The Business Cost of Phishing
Advertisement
Phishing is a problem that's plagued organizations for years. IT and Security teams will tell you that they’re spending too much time and money on phishing, but what does that mean? This report quantifies the financial impacts of phishing.
Spear Phishing a Diplomat
KnowBe4
MAY 17, 2022
Researchers at Fortinet observed a spear phishing attack that targeted a Jordanian diplomat late last month. Phishing Spear PhishingThe researchers attribute this attack to the Iranian state-sponsored threat actor APT34 (also known as OilRig or Helix Kitten).
Twilio-Linked Phishing Campaign Also Targets DoorDash
Data Breach Today
AUGUST 27, 2022
Unusual Activity' By Third-Party Service Provider to Blame Food delivery firm DoorDash says its customers and employees have been impacted by the phishing attack on its third-party service provider.
Watch Out For This Tricky New Tactic Called Clone Phishing
KnowBe4
NOVEMBER 17, 2022
Researchers at Vade Secure describe a type of phishing attack dubbed “clone phishing,” in which attackers follow up a legitimate email from a trusted sender with a replica, claiming that they forgot to include a link or attachment. Phishing
Scammers Piggyback on AWS to Phish Victims
Data Breach Today
AUGUST 19, 2022
AWS Domains Used to Send Phishing Emails and Steal Credentials Threat actors are using Amazon Web Services solutions to create phishing pages that bypass security scanners and scam victims into handing over credentials.
Amazon Prime Day Phishing
KnowBe4
JULY 11, 2022
Check Point Research (CPR) observed a 37% increase in Amazon-themed phishing attacks during the first week of July, ahead of Amazon Prime day this week. Another email tells users that their payment method needs to be confirmed, and contains a link to a phishing site. Phishing
Beating Clever Phishing Through Strong Authentication
Data Breach Today
NOVEMBER 23, 2022
But strong authentication can thwart even the most clever phishing campaigns, says Brett Winterford, regional chief security officer for APJ at Okta Successful account takeovers are one of the most common ways that organizations end up with attackers in their systems.
U.K. Arrest in ‘SMS Bandits’ Phishing Service
Krebs on Security
FEBRUARY 1, 2021
Authorities in the United Kingdom have arrested a 20-year-old man for allegedly operating an online service for sending high-volume phishing campaigns via mobile text messages. ” SMS Bandits offered an SMS phishing (a.k.a.
MetaMask Crypto Wallet Phishing
KnowBe4
JUNE 27, 2022
A phishing campaign attempting to steal credentials for MetaMask cryptocurrency wallets, according to Lauryn Cash at Armorblox. Phishing
Children of Conti go Phishing
KnowBe4
AUGUST 16, 2022
Researchers at AdvIntel warn that three more ransomware groups have begun using the BazarCall spear phishing technique invented by the Ryuk gang (a threat group that subsequently rebranded as Conti). The researchers outline the four stages of this technique: Phishing Spear Phishing Ransomwar
Phishing Campaign Targets GitHub Users
KnowBe4
SEPTEMBER 23, 2022
GitHub has issued an alert warning of a phishing campaign targeting users by impersonating the popular DevOps tool CircleCI, BleepingComputer reports. The phishing site is designed to harvest credentials as well as time-based one-time-password (TOTP) authentication codes. Phishing
SMS About Bank Fraud as a Pretext for Voice Phishing
Krebs on Security
NOVEMBER 10, 2021
” The remarkable aspect of these phone-based phishing scams is typically the attackers never even try to log in to the victim’s bank account. A Little Sunshine Latest Warnings Kris Stevens smishing voice phishing
Phishing Targets US Election Workers
KnowBe4
OCTOBER 19, 2022
Researchers at Trellix warn of phishing attacks targeting election workers in advance of the US midterm elections. Phishing
Stolen Devices and Phishing
KnowBe4
OCTOBER 27, 2022
Researchers at Cyren describe a phishing attack that resulted from the theft of a stolen iPad. PhishingThe iPad was stolen on a train in Switzerland, and briefly appeared on Apple’s location services in Paris a few days later.
American Airlines Traces Breach to Phishing Incident
KnowBe4
SEPTEMBER 29, 2022
American Airlines has disclosed that an attacker used phishing attacks to breach the company’s systems, BleepingComputer reports. Phishing
Gaming-Related Phishing Trends
KnowBe4
SEPTEMBER 12, 2022
Phishing MalwareResearchers at Kaspersky have found that the vast majority of gaming-related malware lures are targeted at Minecraft players.
Microsoft Says Phishing Campaign Skirted MFA to Access Email
Data Breach Today
JULY 14, 2022
Attackers Targeted More Than 10,000 Organizations Since Last September Attackers used a phishing campaign to direct unwitting Microsoft business email customers into supplying logon credentials to a proxy server.
New Phishing Attack Attempts to Steal Social Security Numbers
KnowBe4
OCTOBER 20, 2022
A phishing campaign is impersonating the US Social Security Administration (SSA) in an attempt to steal Social Security numbers, according to researchers at INKY. Phishing
The State of Phishing and Email Security
Data Breach Today
JUNE 22, 2022
Cofense's Tonia Dudley on What's Not Working, Threat Predictions "Credential phishing is off the charts," says Tonia Dudley of Cofense.
Phishing Attack Uses Fake Google reCAPTCHA
Data Breach Today
MARCH 7, 2021
Zscaler Says it Prevented Over 2,500 Phishing Attacks A Microsoft-themed phishing campaign is using phony Google reCAPTCHA in an attempt to steal credentials from senior employees of various organizations, a new report by security firm Zcaler says.
Facebook Phishing Scam Steals Millions of Credentials
KnowBe4
JUNE 13, 2022
Researchers at PIXM have uncovered a major Facebook Messenger phishing scam that’s “potentially impacted hundreds of millions of Facebook users.” More than eight million people have visited just one of these phishing pages so far this year. Phishing
Phishing-as-a-Service Platform Offers Cut-Rate Prices
Data Breach Today
JULY 29, 2022
Customers of 'Robin Banks' Platform Have Netted $500,000 Fifty bucks gets cybercriminals access to a phishing-as-a-service platform for campaigns impersonating major brands in the United States and other English-speaking countries.
QuickBooks Phishing Scam is Back
KnowBe4
JULY 14, 2022
Scammers are continuing to abuse the QuickBooks tax accounting software to send phishing scams, according to Roger Kay at INKY. Phishing
Phishing Kit Imitates PayPal
KnowBe4
JULY 18, 2022
Researchers at Akamai have discovered a PayPal phishing kit that attempts to steal victims’ identities as well as their financial information. The phishing page looks identical to Paypal’s login page, and asks users to solve a captcha before entering their username and password.
Fraudsters Alter Election Phishing Scam
Data Breach Today
OCTOBER 26, 2020
Scammers Now Attempting to Steal Banking and Driver's License Information Fraudsters operating an election-themed phishing campaign have tweaked their malicious landing pages to harvest more information, including banking credentials, account data and vehicle identification information, Proofpoint reports.
Phishing Campaign Abuses Microsoft Customer Voice
KnowBe4
NOVEMBER 10, 2022
Researchers at Avanan warn that a phishing campaign is using Microsoft’s Dynamic 365 Customer Voice feature to send malicious links. Phishing
Police Crack SMS Phishing Operation
Data Breach Today
SEPTEMBER 24, 2020
Two Men Accused of Sending Messages to Obtain Personal, Bank Information Australian police say they've broken up a sophisticated SMS phishing scheme designed to collect personal details and bank login credentials.
Scammer Continues Phishing From Prison
KnowBe4
SEPTEMBER 13, 2022
Dutch authorities have announced that an imprisoned scammer was running a phishing operation from his jail cell, Cybernews reports. PhishingThe crook used four mobile phones to post malicious ads on Marktplaats, a popular Dutch classifieds site.
World Cup Phishing Attacks Doubled And Will Increase
KnowBe4
NOVEMBER 21, 2022
Researchers at Trellix revealed that phishing email attacks targeting users in the Middle East doubled in October 2022 ahead of the World Cup in Qatar, as reported by The Record. Phishing
Spear Phishing Campaign Targets Financial Institutions in African Countries
KnowBe4
SEPTEMBER 7, 2022
Researchers at Check Point have discovered a spear phishing campaign dubbed “DangerousSavanna” that's targeting financial entities in at least five African countries. Phishing Spear Phishing
Spear Phishing Campaign Targets Facebook Business Accounts
KnowBe4
JULY 28, 2022
Researchers at WithSecure have discovered a spear phishing campaign targeting employees who have access to Facebook Business accounts. Social Engineering Phishing Spear Phishing
New Phishing-as-a-Service Platform
KnowBe4
SEPTEMBER 8, 2022
Researchers at Resecurity have discovered a new Phishing-as-a-Service (PhaaS) platform called “EvilProxy” that’s being offered on the dark web. Phishing
PayPal Phishing Scam Uses Invoices Sent Via PayPal
Krebs on Security
AUGUST 18, 2022
” A copy of the phishing message included in the PayPal.com invoice. While the phishing message attached to the invoice is somewhat awkwardly worded, there are many convincing aspects of this hybrid scam.
Homographic Domain Name Phishing Tactics
KnowBe4
JUNE 6, 2022
Bitdefender warns that Microsoft Office applications are vulnerable to phishing tactics that exploit international domain names (IDNs). Social Engineering Phishing
German Police Collar Alleged Phishing Cybercriminals
KnowBe4
OCTOBER 3, 2022
The Bundeskriminalamt (BKA), Germany's federal criminal police, raided three homes on Thursday, September 29th, in the course of an investigation of a cyber criminal operation the BKA says netted approximately €4,000,000 from its victims by using phishing tactics. Social Engineering Phishing
Spear Phishing Campaign Targets the US Military
KnowBe4
JUNE 22, 2022
Researchers at Zscaler warn that a spear phishing campaign is targeting the US military and other sectors with phishing emails that purport to be voicemail notifications. The emails contain links to a phishing page designed to harvest Microsoft Office 365 credentials.
Let's personalize your content