Friday Phish Fry

Phishing Email Alerts 

Examples of clever phish that made it past my spam filters and into my Inbox, or from clients, or reliable sources on the Internet.

I would be delighted to accept suspicious phishing examples from you.  Please forward your email to phish@wyzguys.com.

My intention is to provide a warning, examples of current phishing scams, related articles, and education about how these scams and exploits work, and how to detect them in your own inbox.  If the pictures are too small or extend off the page, double-clicking on them will open them up in a photo viewer app.

2020 Top Phishing and Vishing Attacks and Trends

By Roger Grimes. It’s an extra challenging year, harder than most, to choose the most impactful cybersecurity events. The year ended with a bang – the SolarWinds supply chain attack – which possibly impacted up to 18,000 potential victims, including almost all of the Fortune 500, involved a top-tier computer security vendor, at least a half-dozen top U.S. government agencies, and essentially brought the long feared, nation-state-sponsored, supply chain attack into reality.

The SolarWinds attack was notable for a bunch of other reasons, including that it went undetected by everyone for over half a year and that it is one of the few attacks that may have not started with a phishing attack; although we still don’t know how SolarWinds was first compromised, so who knows?

Phishing attacks are involved in 70% to 90% of all malicious data breaches and it has been that way for decades.

With that said, I decided to pick out the top attacks of 2020 which involved phishing, and some of them aren’t specific attacks, but trends.

  • Ransomware Gone Nuclear
  • COVID-19 Themed Phishes
  • Healthcare Targeting
  • Twitter Bitcoin Attack
  • GoDaddy Employee Hacks
  • Trickbot Takedown

The full post is available at the KnowBe4 blog, with each of these six detailed:
https://blog.knowbe4.com/2020-top-phishing-vishing-attacks-and-trends

Be Sociable, Share!

15
JAN
0

About the Author:

I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com

Add a Comment


This site uses Akismet to reduce spam. Learn how your comment data is processed.