Security Awareness Training Blog

Keeping You Informed. Keeping You Aware.

Scam Of The Week: The Most Sophisticated Netflix Phishing Yet

This Netflix phishing campaign goes after your login, credit card, mugshot and ID!

Paul Ducklin at Sophos wrote: "Think of the big security stories of recent months. Security holes like KRACK [and Meltdown]; a plethora of ransomware attacks ending in extortion; data breaches that were big, bigger or biggest, there are plenty of candidates for the story that got the most attention.

KnowBe4 2017 Top Clicked Phishing Test Analysis

Click on the Picture to download the full infographic in PDF format

Looking at the whole of 2017, there were some interesting shifts on what was clicked from quarter to quarter. Usually there was a stand out for every quarter.

Forget Viruses or Ransomware—Is Your Biggest Cyberthreat Greedy Cryptocurrency Miners?

This week, cybersecurity firm Check Point published its regular Global Threat Index.

Malware that hijacks workstations to mine cryptocoins has apparently become the most popular infection on the planet.

The practice of stealthily mining cryptocurrency on other people’s devices has beocme pervasive, and overtook ransomware as a tool of choice for extorting money online.

Business Email Compromise Phishing Attacks Will Exceed $9 Billion This Year

Trend Micro reported that Business Email Compromise (BEC) is projected to skyrocket as attackers use more and more sophisticated social engineering tactics to trick their targets.

The Internet Crime Complaint Center (IC3) puts BEC attacks in five categories:

  1. Bogus Invoice Schemes,
  2. CEO Fraud,
  3. Account Compromise,
  4. Attorney Impersonation, and
  5. Data Theft.

Why Cybercrime Ditches Bitcoin Ransomware Payments And Where They Are Going Next

The popularity of bitcoin is creating problems for ransomware criminals wanting to get paid in the skyrocketing cryptocurrency.

"We'll see a progressive shift in 2018 towards criminal use of cryptocurrencies other than bitcoin, making it generally more challenging for law enforcement to counter," Rob Wainwright, executive director of Europol, recently warned.

There are various reasons why cybercriminals move their operations away from bitcoin. Those range from its current high profile and its current high value meaning even small fluctuations in its value can dramatically alter the cost of a bitcoin, to worries that the anonymity it offers isn't all it's cracked up to be, as demonstrated by arrests and takedowns after authorities followed a bitcoin trail.

Three-Quarters of Businesses Saw Phishing Attacks in 2017

Tara Seals at InfoSecurity Magazine had a good summary of Wombat Security Technologies' annual State of the Phish research report.

"The war against phishing is still on, with 76% of organizations experiencing phishing attacks in 2017. Further, nearly half of information security professionals surveyed said that the rate of attacks increased from 2016.

The report found that the impacts of phishing were more broadly felt last year than in 2016, with an 80 % increase in reports of malware infections, account compromise and data loss related to phishing attacks.

KnowBe4 is proud to announce the introduction of a new feature, Reporting APIs

KnowBe4 is proud to announce the introduction of a new feature, Reporting APIs. Reporting APIs enable you to customize and obtain reports by integrating with other business systems that present data from your KnowBe4 Console. 

With the REST API, you can build custom dashboards to showcase a variety of statistics including trained users, users that haven’t completed compliance requirements, users at highest risk, the results of the most recent phishing test, or correlate user Phish-prone percentage(™) with their training activities, and so much more.

KnowBe4 Makes Third Place In Nationwide SMB Top Five Best Place To Work in Technology

Great Place to Work is a San Francisco-based global leader on high-trust, high-performance workplace cultures.

Through their certification programs, Great Place to Work recognizes outstanding workplace cultures and produces the annual FORTUNE "100 Best Companies to Work For®" and Great Place to Work Best Workplaces lists.

Click on the picture for the full KnowBe4 review at their site. 

Healthcare Ransomware Attacks – Don’t Be Part of the Statistics

Rebecca Wynn at wrote a great article on how not to become a ransomware statistic in health care:

"In 2017, six of the top ten HIPAA breaches reported to the U.S. Department of Health and Human Services (HHS) stemmed from ransomware.[1] In a typical ransomware attack, important data is encrypted and “held for ransom” until the victim pays a designated amount in exchange for gaining access to the keys to decrypt the data once again. In addition, the cyber-criminal might steal important data before encrypting it and deleting potential backups.

Google’s Confusing Gmail Security Alert Looks Exactly Like a Phishing Attempt

Note: I got this too and had a similar reaction last week.

Security researchers say the legitimate email is training people to have bad email hygiene.

Richard De Vere, a security consultant who specializes in social engineering, said that even though the Google email we got is not a phishing attempt, it is so good at luring people to click on a link that he plans to add it to his brochure of good phishing attacks to use it in his ethical hacking engagements.

“It has urgency, guides to a login page, quite vague, but alarming...we used to take legitimate Google emails and adapt, but this is just perfect as is. [...] It’s that good,” he tweeted. “Unforgivable for Google to send this out en masse.”

Subscribe To Our Blog

Phish Your Users

Recent Posts

Get the latest about social engineering

Subscribe to CyberheistNews