This episode is packed with cybersecurity stories, clever phishing scams, and some big questions about security awareness.
We kicked things off with a look at the WinZip vulnerability, a security flaw that lets hackers run malicious code on your device just by opening a bad file. WinZip used to be essential, but these days most operating systems have built-in alternatives. So, do your users really need it? If not, maybe it is time for a clean-up.
Then we explored two phishing scams that play on big life moments, getting hired and getting fired. Scammers are posing as employers in fake job interviews, tricking candidates into handing over credentials. On the flip side, another scam is hitting employees with fake termination notices, creating panic and pushing them to download malicious files. It is a nasty tactic that plays on fear, which led us to a bigger question. Should failing a phishing test ever be a sackable offence? We do not think so. Phishing victims are just that, victims, and punishing them only makes people less likely to report real attacks. Security should be about support, not fear.
We also dug into Hoxhuntโs Phishing Trends Report, which revealed some eye-opening stats. The cost of a phishing breach is now averaging $4.88 million, and while Microsoft, DocuSign, and HR-related emails remain top phishing bait, only 9% of phishing emails actually contain attachments. That means the other 91% are getting creative, using links, fake login pages, and other sneaky tactics to steal credentials. It is a reminder that phishing is not just about spotting dodgy attachments anymore.
Speaking of sneaky tactics, we looked at a Reddit discussion on phishing tricks, where users shared some wild techniques they have spotted in the wild. One standout was hackers using hidden form fields that autofill with saved credentials, so you hand over your login details without even realising. This kind of clever manipulation shows just how advanced phishing has become, and why awareness training needs to evolve with it.
And finally, we touched on AI scams and deepfakes, with a recommendation to check out a great video from Corridor Crew. They break down some of the biggest AI scams out there and show exactly how they work. It is a brilliant example of how technical topics can be made accessible and engaging, something we are always thinking about when it comes to security awareness.
There is plenty more in this episode, including a chat about security champions, technical defences against phishing, and why fear-based awareness training is the wrong approach. Support your people, educate them, and build a culture where reporting phishing is encouraged, not feared.
Sign up for The Awareness Angle Newsletter today and get notified every time a new episode is released. Each newsletter contains details of the topics discussed and more from the world of Security Awareness.
You're almost there!
To confirm your subscription, please check your inbox for a confirmation email. Click the link in the email to complete your signup and start receiving our newsletter!
If you donโt see the email within a few minutes, check your spam or junk folder, just in case.
Thank you for subscribing!
๐ฌ Episode 14 Discussion Points
๐จ WinZip Vulnerability โ Is It Time to Remove It?
https://cybersecuritynews.com/winzip-vulnerability-arbitrary-code/
๐ฃ Hoxhuntโs Phishing Trends Report โ The Latest Phishing Tactics
https://hoxhunt.com/guide/phishing-trends-report
๐ Sneaky Phishing Techniques โ Autofill Can Be Dangerous
https://www.reddit.com/r/cybersecurity/s/JWsb5NHnkf
๐ผ Job Interview Scam โ Fake Chrome Updates Stealing Credentials
https://cybersecuritynews.com/job-interview-process-delivers-malware-via-fake-chrome-update/
๐ฉ Fake Termination Notices โ Phishing That Preys on Fear
https://www.csoonline.com/article/3610039/job-termination-scam-warns-staff-of-phony-employment-tribunal-decision.html
๐ฎ Malware in Cracked Games โ Gamers Beware!
https://www.bleepingcomputer.com/news/security/cracked-garrys-mod-beamngdrive-games-infect-gamers-with-miners/
๐ DeepSeek Data Privacy Concerns โ User Data Sent to ByteDance
https://koreajoongangdaily.joins.com/news/2025-02-17/business/industry/DeepSeek-sent-user-data-to-ByteDance-Korean-probe-finds/2243893
๐ก๏ธ Security Champions โ How to Build an Effective Programme
https://layer8ltd.co.uk/champions-hub/the-six-critical-success-factors-for-a-great-security-champions-programme/
๐น VFX Artists Break Down The Latest AI Scams
https://youtu.be/UMw8gqFd_ME
Missed the episode? Watch it below!