(Updated 2023)
Wouldn’t it be great if there were an easy way to keep your end users informed about phishing attacks and lures being seen in the wild today? Our new Attack Spotlight product is our way of providing free, timely, actionable content you can use to arm your end users against the ever-evolving phishing
Each installment in the series includes a two-minute awareness mini-module and a downloadable PDF that feature an example of an actual phishing email seen in the wild, and that explain the current
Timely Threat Intelligence
Compared to other services that list lures or traps, Attack Spotlight has a unique advantage: The phishing email examples are drawn from Proofpoint’s world-class threat intelligence, which analyzes billions of emails each day to classify malicious content and identify lures being distributed at critical mass.
Attack Spotlight shares this real-time intelligence as quickly as possible to help you get ahead of emerging threats. We release new Attack Spotlights as
High-Quality Awareness Content
You can share the information in multiple ways: via a “Teachable Moment”-style PDF; an awareness mini-module; or both. The mobile-responsive mini-modules take approximately two minutes to complete, and they conform to the US Section 508 standard and the Web Content Accessibility Guidelines (WCAG) 2.0 AA standard.
Incorporating Attack Spotlight Into Your Security Awareness Program
Attack Spotlight content is free and can be shared with everyone, from employees to friends and family. Additionally, each lure featured in Attack Spotlight is also added to ThreatSim® as a simulated phishing template. In addition, we recommend specific full-length interactive training modules that can be assigned to further prepare end users against a particular phishing threat.
Examples of Past Attack Spotlights
September 2018 Trending Attack: DocuSign Phishing Campaign
We’ve noticed a rising wave of attacks on DocuSign accounts, with more than 10,000 malicious emails being sent each week. Our Attack Spotlight profile, available now, quickly shows users how to avoid being tricked by the DocuSign phishing campaign.
The popularity of DocuSign makes it a favorite target of cybercriminals. They create increasingly elaborate, fake DocuSign emails and websites designed to steal users’ information and access their accounts. Attacks have focused on companies in finance, manufacturing, and insurance, but all industries have been affected.
July 2018 Trending Attack: Microsoft Office 365 Credential Compromise
In early July 2018, Proofpoint researchers identified a significant spike in phishing attacks targeting organizations with more than 1,000 Microsoft Office 365 (O365) mailboxes. In fact, more than 75% of Proofpoint’s reporting customers have already been targeted, with cybercriminals attempting to steal user logins through sophisticated counterfeit O365 emails and websites.
Our July Attack Spotlight — available via our archive page — shows users what to look for and how to avoid becoming a victim of O365 credential compromise.
When you sign up to access our free phishing training content, you’ll receive a free PDF and a two-minute awareness module to teach end users how to recognize current threats. Recent topics covered include:
FEBRUARY 2023: SMISHING WITH PACKAGE DELIVERY LURES
APRIL 2023: BEC PHISHING WITH REQUESTS FOR QUOTATIONS (RFQ)
MAY 2023: LINKEDIN PHISHING LURES
JUNE 2023: AMAZON PHISHING LURES
SEPTEMBER 2023: REMOTE IT SUPPORT SCAMS
DECEMBER 2023: GIFT CARD SCAMS
Subscribe to the Proofpoint Blog