Security Awareness Training Blog

Keeping You Informed. Keeping You Aware.
Stay on top of the latest in security including social engineering, ransomware and phishing attacks.

View Topics

What to do About BEC?

May 28, 2020 8:23:39 AM By Stu Sjouwerman
Funds transfer fraud, also known as business email compromise (BEC), is a much more widespread problem than it seems, according to lawyers at Ice Miller LLP. The attorneys believe this ...
Continue Reading

[Heads Up] Ransomware Damage Skyrockets As Ransoms Grew 14 Times In Just 12 Months

May 27, 2020 11:25:48 AM By Stu Sjouwerman
Last year was highly profitable for ransomware actors but with the prices we've seen recently, 2020 is likely to surpass it as actors continue to target large companies in key industries. ...
Continue Reading

Beware of Phony LogMeIn Security Updates

May 27, 2020 9:32:29 AM By Stu Sjouwerman
Researchers at Abnormal Security warn that a phishing campaign is trying to steal LogMeIn remote desktop credentials. The attackers are sending phishing emails that purport to come from ...
Continue Reading

CyberheistNews Vol 10 #22 [Scam of the Week] Microsoft Warns to Look out for This Massive Covid-19 Excel Phishing Attack

May 26, 2020 9:59:22 AM By Stu Sjouwerman
Continue Reading

Phishing Campaigns Using Google Firebase Storage

May 26, 2020 8:31:52 AM By Stu Sjouwerman
Scammers are hosting phishing pages on Google Firebase Storage to bypass email security filters, Threatpost reports. Firebase is a Google-owned application development platform that ...
Continue Reading

[Scam Of The Week] Microsoft Warns To Look Out for This Massive Covid-19 Excel Phishing Attack

May 23, 2020 12:34:45 PM By Stu Sjouwerman
Microsoft this week warned about a massive phishing attack that started on May 12. The campaign sends emails that look like they are from the "Johns Hopkins Center", and they have an ...
Continue Reading

[Heads Up] The COVID Remote Work Mandate Skyrockets "Work From Home" Training Enrollments

May 21, 2020 1:51:12 PM By Stu Sjouwerman
KnowBe4 was one of the first to warn first about the impending COVID phishing tsunami on Jan 31, 2020.  The bad guys did not disappoint and went all-out, all cylinders firing, and pulled ...
Continue Reading

Nearly Every Organization is More Concerned about Cybersecurity Than Before COVID-19

May 20, 2020 4:36:21 PM By Stu Sjouwerman
New data from security vendor Tripwire highlights how the shift to remote working has changed the face of cybersecurity for both the current work climate and the future.
Continue Reading

Your Next Ransomware Attack May Require Two Payments!

May 20, 2020 4:34:25 PM By Stu Sjouwerman
In a case of adding insult to injury, a new strain of ransomware is looking for one payment to decrypt, and a second payment to not publish stolen files.
Continue Reading

Preying on the Unemployed

May 20, 2020 8:20:01 AM By Stu Sjouwerman
An SMS phishing campaign has been exploiting the COVID-19 crisis by spoofing the website of a job placement agency, the New York Daily News reports. The scammers set up a website that ...
Continue Reading

CyberheistNews Vol 10 #21 [Heads Up] World's Largest Sovereign Wealth Fund Falls for 10 Million Social Engineering Attack

May 19, 2020 9:00:43 AM By Stu Sjouwerman
Continue Reading

Biases People Take Home With Them

May 19, 2020 8:01:01 AM By Stu Sjouwerman
Employees will naturally follow their cognitive biases unless organizations proactively engage them in security processes, according to Georgia Crossland, a Ph.D. researcher at Royal ...
Continue Reading

The Three Pillars of the Three Computer Security Pillars

May 18, 2020 8:31:59 AM By Roger Grimes
Much of the world, or at least the United States, is coalescing around the NIST Cybersecurity Framework. It’s a pretty good one to follow out of the many dozens that have been proposed ...
Continue Reading

Scammers Exploit Rollout of COVID-19 Contact-Tracing Apps

May 18, 2020 8:18:04 AM By Stu Sjouwerman
An SMS phishing campaign is telling people they’ve come into contact with someone who’s contracted COVID-19, Computing reports. The UK’s Chartered Trading Standards Institute (CTSI) ...
Continue Reading

Dutch Online Retailer Wehkamp Loses 144,000 Euros in Bankruptcy Business Email Compromise

May 15, 2020 9:45:57 AM By Stu Sjouwerman
Cyber criminals successfully gained access to email traffic between bankruptcy trustees and Wehkamp – one of the biggest online retailers in The Netherlands – writes RTL Z. Employees of ...
Continue Reading

That Email from President Trump? Yeah, That’s a Phishing Scam

May 14, 2020 11:45:00 AM By Stu Sjouwerman
New phishing scams impersonating President Trump and Vice President Pence are designed to install malware or be the start of an extortion scam.
Continue Reading

World's Largest Sovereign Wealth Fund Falls For $10m Social Engineering Attack

May 14, 2020 8:29:08 AM By Stu Sjouwerman
The Norwegian Investment Fund has been swindled out of 10 million dollars by fraudsters who pulled off a social engineering attack that the Norfund called "an advanced data breach" but ...
Continue Reading

Paying the Ransom Doubles the Cost of a Ransomware Attack

May 14, 2020 8:20:38 AM By Stu Sjouwerman
The total cost of the average ransomware attack more than doubles if the victim decides to pay the ransom, according to Sophos’s State of Ransomware 2020 report. The Sophos-commissioned ...
Continue Reading

OUCH! REvil Ransomware Attack Hits A-List Celeb Law Firm

May 13, 2020 11:22:31 AM By Stu Sjouwerman
OUCH! BBC News was one of the many major media sites who reported May 12 that a media and entertainment law firm used by A-list stars including Rod Stewart, Robert De Niro, Sir Elton John ...
Continue Reading

Watch Out for the Coming Tsunami of Mortgage Rescue Phishing Scams

May 13, 2020 8:22:43 AM By Stu Sjouwerman
At this point in time, with 10 years of phishing attack analysis under our belt, we can predict with a high reliability level what will be showing up in the near future. We see two scams ...
Continue Reading
Subscribe

Search Our Blog


Ransomware Has Gone Nuclear Webinar

Subscribe To Our Blog

Posts By Topic

View all

Get the latest about social engineering

Subscribe to CyberheistNews