#phishing

Security awareness tips, industry news, and product updates.

Managed service provider technician monitoring client systems from a network operations centre
Threat IntelligenceFor MSPs & Partners

Why MSPs Are Prime Ransomware Supply-Chain Targets

Compromise one MSP and you can reach every client behind it. Here is why managed service providers are prime ransomware targets, and how to harden against it.

Thomas Eriksson·7/5/2026·7 min read
Reviewing employee-reported emails
Threat IntelligenceProduct Updates

Reported Email Review: Turning Employees Into Sensors

When employees report suspicious emails through the empowsec Outlook or Gmail add-in, those reports land in an admin review queue where security teams can classify each one and build real threat intelligence from what is actually reaching inboxes.

Marcus Chen·7/5/2026·8 min read
Employee processing a card payment at a point-of-sale terminal in a retail environment
Compliance & Regulations

PCI DSS 4.0 Security Awareness Training Requirements

PCI DSS v4.0 raised the bar for security awareness, naming phishing and social engineering explicitly. Here is what the standard now requires if you handle card data.

Lisa Brennan·7/4/2026·7 min read
Reporting a phishing email from Outlook
Phishing & Social EngineeringProduct Updates

Report Phishing from Outlook: The empowsec Add-In Guide

empowsec's Outlook add-in gives employees a one-click 'Report phishing' button in their inbox - capturing email headers and content for review while instantly rewarding employees who correctly identify a simulation.

Marcus Chen·7/3/2026·8 min read
Clinical staff working in a hospital corridor where IT system outages directly affect patient care
Compliance & RegulationsThreat Intelligence

Healthcare Phishing and Ransomware: 2026 Sector Trends

Ransomware is hitting healthcare harder than ever in 2026, and the stakes are measured in patient safety. Here are the trends, HIPAA duties, and human-layer defenses that matter.

Marcus Chen·7/2/2026·7 min read
University students working on laptops on a busy campus
Security Awareness TipsThreat Intelligence

Education Under Siege: Lessons From the Canvas Breach

ShinyHunters' May 2026 breach of the Canvas LMS exposed data tied to thousands of schools and hundreds of millions of users. Here is why education is a prime target and how awareness training reduces the risk.

James Thornton·7/1/2026·6 min read
An employee carefully reading an email thread on an office computer
Phishing & Social EngineeringThreat Intelligence

Thread Hijacking: Phishing From Inside Trusted Emails

Thread hijacking lets attackers reply inside a real email conversation, with a familiar subject, history, and trusted sender. It defeats the 'unknown sender' instinct. Here is how to spot it.

Elena Vasquez·7/1/2026·7 min read
Security analysts monitoring threat dashboards in an operations center
Threat Intelligence

Ransomware in 2026: Data Extortion Is the New Normal

Qilin led ransomware activity in early 2026 as groups shift from encryption to pure data extortion. The constant across nearly every attack is the human layer. Here is what CISOs should do.

Marcus Chen·6/30/2026·6 min read
An HR professional reviewing payroll documents at a desk
Phishing & Social Engineering

Payroll Diversion: The BEC Scam That Targets HR Teams

Attackers are phishing payroll portal logins and impersonating staff to reroute direct-deposit paychecks into accounts they control. The FBI has warned about it for years - here's how HR can stop it.

Lisa Brennan·6/27/2026·7 min read
Office worker on a laptop video call reviewing a chat message in a collaboration app
Phishing & Social EngineeringThreat Intelligence

Teams & Slack Phishing: The Threat Beyond the Inbox

Phishing has moved out of the inbox and into Microsoft Teams, Slack, and calendar invites — platforms employees trust by default. Here is how the attacks work and how to extend your defenses to cover them.

Elena Vasquez·6/26/2026·7 min read
An employee reading an urgent text message on a smartphone at work
Phishing & Social Engineering

Gift Card Scams: The "Are You Available?" CEO Fraud

"Are you available? I need a quick favor." It's the opening line of a gift card scam impersonating your CEO - low-tech, high-volume, and aimed at new and junior staff. Here's the pattern and the one rule that stops it.

Thomas Eriksson·6/25/2026·7 min read
Employee reviewing an application permission request on a laptop screen
Phishing & Social EngineeringThreat Intelligence

Consent Phishing: Malicious OAuth Apps That Bypass MFA

Consent phishing tricks users into approving a malicious OAuth app — granting attackers token-based access to mail and files without ever touching a password or triggering MFA. Here is how it works and how to shut it down.

Marcus Chen·6/23/2026·6 min read
« Previous123Next »