Security Awareness Training Blog

Keeping You Informed. Keeping You Aware.
Stay on top of the latest in security including social engineering, ransomware and phishing attacks.

Bad Guys Push New COVID-19 Message: You Are Infected

Malicious actors continue to craft ruthlessly aggressive, evil email attacks tailored to leverage mounting fears and anxieties surrounding the COVID-19 outbreak in the United States among ...
Continue Reading

New Video Module "Covid-19 Best Practices" from KnowBe4 and Transperfect

Here is a quick announcement!
Continue Reading

The Paradox of Perfection

One of the challenges with living in a hyper-connected world is that it’s easy for anyone to stand on a soapbox and point out when something is wrong.
Continue Reading

Hospitality Provider the Target of an Old-School BadUSB Social Engineering Attack

In what appears to be a mix of old- and new-school social engineering, an attack spotted in the wild using a USB thumb drive offers us a view into how one company could have become the ...
Continue Reading

Scammers Hijacking Twitter Accounts To Sell Face Masks

Scammers cashing in on the Coronavirus crisis are now hijacking Twitter accounts to heavily promote a web site purporting to sell face masks, respirators, digital thermometers, and toilet ...
Continue Reading

The Creation & Development of a COVID-19 Phish

As we documented in a recent blog piece, malicious actors are aggressively exploiting the COVID-19 crisis by re-purposing and overhauling phishing emails they were running before the ...
Continue Reading

Inception: Your Employee's Mind is the Scene of the Crime

I loved the movie Inception when it came out. It had everything, a stellar cast, amazing visuals, a strong plot, and a twisted end that still has me wondering whether or not they were in ...
Continue Reading

Every Computer Defense Has Three Main Pillars

Defense-in-Depth is a dogmatic term used in the computer defense industry to indicate that every computer defense has to be made up of multiple, overlapping defenses positioned to best ...
Continue Reading

[HEADS UP] Cybercriminals Attempt to Exploit Stimulus Package for COVID-19

In several recent blog posts we've showed you the myriad ways in which malicious actors have aggressively -- even ruthlessly -- deployed social engineering tactics to leverage the ...
Continue Reading

FBI Warns of Stimulus Check Scams

The FBI's Internet Crime Complaint Center (IC3) issued an alert warning of coronavirus-related phishing attacks, particularly surrounding economic stimulus checks. The news that the US ...
Continue Reading

New KnowBe4 Benchmarking Report Finds 37.9% of Untrained End Users Will Fail a Phishing Test

The 2020 Phishing By Industry Benchmarking Report compiles results from the third annual study by KnowBe4 and reveals at-risk users across 19 industries that are susceptible to phishing ...
Continue Reading

Beware! The FCC Releases Audio Samples of Coronavirus Phone Scams

Scammers sink to a new low with these phone scams preying on the fears of U.S. citizens offering hopes of better protecting themselves from the Coronavirus.
Continue Reading

[PLATFORM UPDATE] COVID-19 New Templates Categories

This Friday March 27, at 9 a.m. Eastern, we will add two new categories of email templates related to Coronavirus/COVID-19. At this time, we will move all of our existing ...
Continue Reading

Sitting Ducks: When Employees Work from Home

As the COVID-19 health crisis rages on and millions of workers and students move to working from home (WFH) and online distance education, no one should make the error of thinking that ...
Continue Reading

Ransomware Incidents Increase 131 Percent with the SMB Being the Primary Target

The recent release of new data from U.K. cyberinsurer Beazley’s brings to light what kinds of attacks their customers are experiencing and who’s at risk.
Continue Reading

Sextortion Scam Combines Lust and Envy

A sleazy phishing campaign is trying to tempt people into opening an attachment that supposedly contains nude pictures of a friend’s girlfriend, BleepingComputer reports. The attackers ...
Continue Reading

Brand Impersonation Phishing Attacks Grow While Organizations Fail to Protect Their Brand Using DMARC

New data from Security vendor Agari shows how identity deception techniques are being used to fool recipient victims as organizations lack the needed safeguards to ensure emails are ...
Continue Reading

An Intimate Look at a Nigerian Social Engineer

Researchers at Check Point offer a look at a Nigerian citizen who moonlights as a cybercriminal who uses social engineering techniques.  The man, whom the researchers call “Dton,” ...
Continue Reading

[On-Demand] New 2020 Phishing By Industry Benchmarking Report: How Does Your Organization Measure Up

As a security leader, you have a lot on your plate. Even as you increase your budget for sophisticated security software, your exposure to cybercrime keeps going up. IT security seems to ...
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews