Phishing Scams Are Now Impossible to Spot? | The Awareness Angle #14


Phishing Scams Are Now Impossible to Spot? | The Awareness Angle #14

This episode is packed with cybersecurity stories, clever phishing scams, and some big questions about security awareness.

We kicked things off with a look at the WinZip vulnerability, a security flaw that lets hackers run malicious code on your device just by opening a bad file. WinZip used to be essential, but these days most operating systems have built-in alternatives. So, do your users really need it? If not, maybe it is time for a clean-up.

Then we explored two phishing scams that play on big life moments, getting hired and getting fired. Scammers are posing as employers in fake job interviews, tricking candidates into handing over credentials. On the flip side, another scam is hitting employees with fake termination notices, creating panic and pushing them to download malicious files. It is a nasty tactic that plays on fear, which led us to a bigger question. Should failing a phishing test ever be a sackable offence? We do not think so. Phishing victims are just that, victims, and punishing them only makes people less likely to report real attacks. Security should be about support, not fear.

We also dug into Hoxhuntโ€™s Phishing Trends Report, which revealed some eye-opening stats. The cost of a phishing breach is now averaging $4.88 million, and while Microsoft, DocuSign, and HR-related emails remain top phishing bait, only 9% of phishing emails actually contain attachments. That means the other 91% are getting creative, using links, fake login pages, and other sneaky tactics to steal credentials. It is a reminder that phishing is not just about spotting dodgy attachments anymore.

Speaking of sneaky tactics, we looked at a Reddit discussion on phishing tricks, where users shared some wild techniques they have spotted in the wild. One standout was hackers using hidden form fields that autofill with saved credentials, so you hand over your login details without even realising. This kind of clever manipulation shows just how advanced phishing has become, and why awareness training needs to evolve with it.

And finally, we touched on AI scams and deepfakes, with a recommendation to check out a great video from Corridor Crew. They break down some of the biggest AI scams out there and show exactly how they work. It is a brilliant example of how technical topics can be made accessible and engaging, something we are always thinking about when it comes to security awareness.

There is plenty more in this episode, including a chat about security champions, technical defences against phishing, and why fear-based awareness training is the wrong approach. Support your people, educate them, and build a culture where reporting phishing is encouraged, not feared.

๐Ÿ’ฌ Episode 14 Discussion Points

๐Ÿšจ WinZip Vulnerability โ€“ Is It Time to Remove It?
https://cybersecuritynews.com/winzip-vulnerability-arbitrary-code/

๐ŸŽฃ Hoxhuntโ€™s Phishing Trends Report โ€“ The Latest Phishing Tactics
https://hoxhunt.com/guide/phishing-trends-report

๐Ÿ” Sneaky Phishing Techniques โ€“ Autofill Can Be Dangerous
https://www.reddit.com/r/cybersecurity/s/JWsb5NHnkf

๐Ÿ’ผ Job Interview Scam โ€“ Fake Chrome Updates Stealing Credentials
https://cybersecuritynews.com/job-interview-process-delivers-malware-via-fake-chrome-update/

๐Ÿ“ฉ Fake Termination Notices โ€“ Phishing That Preys on Fear
https://www.csoonline.com/article/3610039/job-termination-scam-warns-staff-of-phony-employment-tribunal-decision.html

๐ŸŽฎ Malware in Cracked Games โ€“ Gamers Beware!
https://www.bleepingcomputer.com/news/security/cracked-garrys-mod-beamngdrive-games-infect-gamers-with-miners/

๐Ÿ“Š DeepSeek Data Privacy Concerns โ€“ User Data Sent to ByteDance
https://koreajoongangdaily.joins.com/news/2025-02-17/business/industry/DeepSeek-sent-user-data-to-ByteDance-Korean-probe-finds/2243893

๐Ÿ›ก๏ธ Security Champions โ€“ How to Build an Effective Programme
https://layer8ltd.co.uk/champions-hub/the-six-critical-success-factors-for-a-great-security-champions-programme/

๐Ÿ“น VFX Artists Break Down The Latest AI Scams
https://youtu.be/UMw8gqFd_ME

Missed the episode? Watch it below!