This Week’s Top “In The Wild” Phishing Attacks

And here are this week’s Top 10 “In The Wild” phishing attacks that we received from our customers by employees clicking the Phish Alert Button and sending the email to us for analysis.

We “defang” these attacks and have them updated real-time in a campaign that customers can run regularly to test employees against the “real thing”. In_The_Wild_Phishing_Attacks.png

  • “Chase/JP Morgan: Online Access Restricted” – Spoofed bank email asks users to click malicious link to restore account access.
  • “WhatsApp: Missed Voicemail Notification” – Fake WhatsApp voicemail notification delivers malicious link.
  • “Uber: Update Your Account” – Fake Uber software update notification invites users to click malicious link.
  • “Sharepoint Security Alert – Action Required” – Spoofed Sharepoint email asks users to click malicious link to restore account access.
  • “ShareFile/Citrix: Urgent Info regarding your Sharefile Portal” – Fake Sharefile email offers malicious link for users to click.
  • “NatWest: You sent a payment of 2939.00 GBP to Best EBuyer Limited” – Spoofed bank email offers details on an alleged payment via a malicious link.
  • “De-activation of Email In Process” – Users are required by fake IT admin email to click a malicious link in order to preserve account.
  • “Payoff Authorization” – Email delivers malicious attachment presented as a mortgage payoff authorization.
  • “VAT Return and Payment Overdue” – Fake VAT return and payment form delivered as attachment to a spoofed bank email.
  • “FW: Confidential” – “Confidential” notification tells user to click a malicious link or open an HTML attachment to obtain a “secure” message.

Note that these have made it through all the filters and into the inbox of the employee. That is one of the reasons we continue to remind IT pros that creating a human firewall is an essential last line of defense which you cannot do without.

Today, your employees are frequently exposed to sophisticated phishing and ransomware attacks. Old-school Security Awareness Training doesn’t hack it anymore. More than ever, your users are the weak link in your network security. Get a product demonstration of the innovative KnowBe4 Security Awareness Training Platform. In this live one-on-one demo we will show you how you can:

checkmark NEW  Access to the world’s largest library of security awareness training.

checkmark NEW  Social Engineering Indicators technology, turns every simulated phishing email into a tool you can use to instantly train employees.

checkmark Send Simulated Phishing tests and drive down the Phish-prone percentage.

checkmark Advanced Features: EZXploit™ automated “human pentest”. USB Drive Test™ 

checkmark Active Directory Integration allows you to easily upload and manage users.

checkmark Reporting to watch your Phish-prone percentage drop, with great ROI.


[contentblock id=74 img=gcb.png]


CEO, Author of the #1 Risk to Small Businesses

Leave a Reply

Your email address will not be published. Required fields are marked

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}