Organizations have to acknowledge their responsibility for ensuring their employees are able to recognize targeted phishing attacks, according to James McGachie, Legal Director of DLA Piper Scotland. Writing in The Herald, McGachie explains that sophisticated spear phishing attacks designed to steal large amounts of money (also known as “whaling”), should be of special concern to […]
How Phishing is Evolving
Attackers are always using new tactics to stay ahead of defenders, and Microsoft’s Office 365 Threat Research Team describes three noteworthy phishing techniques they’ve observed in 2019. The first was the use of hijacked search results to redirect users to malicious sites. Attackers used a traffic generator to artificially push a baited website to the […]
Royal Mail Scam: Sorry, You Haven’t in Fact Won that iPhone 11 Pro
An SMS phishing scam is targeting people in the UK with fake notifications that appear to come from the Royal Mail postal service, The Sun reports. The messages are personalized, and they address each recipient by their real name, informing them that they’ve been selected to receive a free iPhone 11 Pro. In order to […]
Dancing with Hackers
Dancing with the Stars pro Witney Carson announced on Twitter that her Facebook account had been hacked. Unknown miscreants gained control of Carson’s Facebook through a unique phishing technique and proceeded to upload spamming material to not only her page, but resharing items to other celebrity pages. Now, there are two questions that immediately come […]
Spear Phishing in the Royal Canadian Mint
The Royal Canadian Mint, which produces Canada’s coins, nearly sent an employee’s paycheck to an attacker following a spear phishing attack, CBC News reports. The attacker sent an email to the Mint’s HR department while posing as an employee and requested that the department change the employee’s bank account details. The HR worker who received […]
Google Sent 12K Nation-State Phishing Warnings In Three Months
Google’s Threat Analysis Group (TAG) delivered thousands of alerts of government-backed attempts to spearphish gmail users over just a three-month period earlier this year, they reported. TAG director Shane Huntley revealed that from July to September 2019 his team sent 12,000 warnings to users in 149 countries. From a heat map attached to the blog […]
Click Confessions of a Security Expert
As a “human security” expert, I used to take a lot of pride in my well-honed security hygiene. Yeah… that all ended back in early 2017 when I joined KnowBe4. You see, up until that time, I’d received a number of simulated phishing, attempted real phish, and I’d even run my own simulated phishing programs […]
Chinese Hackers Infiltrate Global Telecom Networks With Spear Phishing
The WSJ revealed a brazen hack by Chinese state-sponsored bad actors who totally owned more than 10 global telecom networks, and had full admin access to their networks. They were able to swipe users’ whereabouts, text-messaging records and call logs. They reported: “The multiyear campaign, which is continuing, targeted 20 military officials, dissidents, spies and […]
New KnowBe4 Benchmarking Report Unveils That Untrained Users Pose The Greatest Risk To Your Organization
KnowBe4, has released the new Phishing by Industry Benchmarking Report to measure an organization’s average Phish-prone percentage, which indicates how many of their employees are likely to fall for a phishing or social engineering scam. The 2019 study analyzed a data set of nearly nine million users across 18,000 organizations with over 20 million simulated […]
Phishing Campaign Impersonates Email Alerts From DHS
An ongoing email-based phishing scam is attempting to fool recipients into opening malicious attachments disguised as notifications from the U.S. Department of Homeland Security (DHS), according to the Cybersecurity and Infrastructure Security Agency, in a warning posted on the official US-CERT web site this past Tuesday. “The email campaign uses a spoofed email address to […]