Security Awareness Training Blog

Keeping You Informed. Keeping You Aware.
Stay on top of the latest in security including social engineering, ransomware and phishing attacks.

Chinese Antivirus Vendor Tied to Part of a Decade-Long Hacking Spree

Cyberattacks Targeting State and Local Government Increase by 50%

60% of the US Workforce Will Be Working Remotely by 2024 (and That’s a Problem)

Tribune Publishing apologizes for fake bonus offer in phishing-simulation email

Abusing App Engine to Automate Phishing

Which Users in Your Organization Put You at Risk?

KnowBe4 Receives a 2020 Tech Cares Award

Five Alarming Approaches to Extortion

Credential Stuffing to Stuff the Ballot Box

CyberheistNews Vol 10 #39 CrowdStrike: "More Cyberattacks in the First Half of 2020 Than in All of 2019"

The Critical Need to Improve Your Compliance Processes

Credential Stuffing Used Against Financial Services

Your Organization Through the Eyes of an Attacker

[Announcement] KnowBe4 ModStore: New Series "Security Snapshots" from Twist & Shout

Bitcoin Millionaire Loses $16 Million to a Compromised Wallet and Simple Social Engineering

Joint Cybersecurity Advisory Outlines Approaches to Discovering and Remediating Attacks

Beware of Fake Forwarded Phishes

Crowdstrike: "More Cyberattacks in the First Half of 2020 Than in All of 2019"

When Phishing And Disinformation Meet

How to Become a Harder Target From Malicious Threat Actors

[NEW PhishER Feature] Remove, Inoculate, and Protect Against Email Threats Faster With PhishRIP

CyberheistNews Vol 10 #38 [Heads Up] My Name Is Being Used in Criminal Identity Theft Attacks at the Moment

Security Awareness Advocate Kai Roer Discusses the 2020 Security Culture Report

High-Profile Caper Spawns Phishing Campaign

Funds Transfer Fraud Has Increased 35% Since the Onset of COVID-19

Business Email Compromise attacks increase 67% Leading to Fraud, Ransomware, and Data Breaches

CISA’s Advice on Countering Phishing

Ransomware Dominates 41% of all Cyber Insurance Claims in H1 2020

Fake Alert Scams: Actually Unwanted Programs

The Dangerous Attraction of Original Gangsters

They're Back: Bad Guys Spoof KnowBe4 Again

Extradited Member of a U.K. Scammer Highlights How His Gang Took Banks for $2 Million

CyberheistNews Vol 10 #37 [Heads Up] How to Check Your Email Rules for Maliciousness. Do This Now.

Email and SMS Phishing Campaign Impersonates Lloyds Bank

Legitimate Services, but still Hook, Line, and Sinker

The New Version of Qbot Trojan Steals Damn Near Everything, Hijacks Email Threads to Spread Infection

Users Are Still Falling for Phishing Attacks. Want to Know Why?

[On-Demand] Think Like a Hacker: Learn How to Use Open Source Intelligence (OSINT) to Defend Your Organization

[Heads Up] My Name Is Being Used In Criminal Identity Theft Attacks At The Moment

Malicious Actors & State Actors: IT Admins Targeted with Fake Warning Notice

Contact Tracing: Real and Bogus

New Phishing Attack Uses a Compromised Vendor Account and Box to Elude Detection

[On-Demand] Stump the Shark: Ask Roger Grimes Your Most Burning IT Security Questions!

Check Your Email Rules for Maliciousness

New Botnet Promising Free Shoes as Phishbait

Organizations Aren’t Prepared to Recover from Cyberattacks on Active Directory

Threat Group DeathStalker Uses PowerShell-based Implant Powersing to Hack into Financial Services Firms

August Fresh Content Updates from KnowBe4: Including New Disinformation Training Content for Your Users

CEO Fraud Wire Transfer Losses Soar 48% in Q2 2020

CyberheistNews Vol 10 #36 [FUN] What (Really) Happens When You Type in a URL in an Address Bar in a Browser?

The Heart has Its Reasons, but Those Shouldn't Become an Enterprise Risk

See How You Can Get Audits Done in Half the Time at Half the Cost

How to Defend Against Phishes Coming from Trusted Partners

Phishing with Bad Guys Find Yet Another Free Host for Malicious Files

QBot is Back With New Phishing Tricks

See Ridiculously Easy Security Awareness Training and Phishing

The U.K. is Under Massive Cyberattack and They Are Nowhere Near Prepared

Funding for startup U.K. Cybersecurity Firms has Increased by 940% Since Lockdown

Australian Financial Services Company is Sued for Repeatedly Being Hacked… and Doing Zero About It

One-Fifth of Organizations Have Experienced a Security Breach Due to Their Remote Workforce

New Lazarus Spearphishing Attack on Crypto Organizations Uses a LinkedIn Job Posting as its Front

Tesla and the FBI just prevented a $1 million ransomware hack at the Nevada Gigafactory

The Bureau Explains How Tech Support Scams Work

Russian Charged With Trying to Recruit Employee to Plant Ransomware in US Company

Recent Phishing Scam Sends Uncertain Employment and Bogus Layoff Notices

What happens when you type in a URL in an address bar in a browser?

Watch Out! Cybersecurity and Infrastructure Security Agency Warn of New VBA Attack Designed to Deploy KONNI Remote Administration Tool

[Heads Up] Weaponized Disinformation Campaigns Skyrocket; KnowBe4 Releases New Spot & Stop DisInfo Training Module

New Vishing Attacks Pretend to Be Internal IT to Scam Users from Financial Firms Out of Their Credentials

CyberheistNews Vol 10 #35 [Heads Up] Watch Out for OAuth Phishing Attacks and How You Can Stay Safe

[HEADS UP] There's No Beta for Cyberpunk 2077

Phishing Summit - Mitigation, Forensics and Eye-opening Phishing Research

An Embarrassment of Riches: Malicious Actors Target AWS Accounts

Conversations with a Phisher

[Heads Up] DarkSide: Sophisticated New Customized Ransomware Strain Demands Millions Of Dollars

Ukrainian Gang Responsible for Laundering More Than $42 Million Arrested as Part of Operation “Bulletproof Exchanger”

New Vishing Scam Targets Diners at London’s Prestigious Ritz Hotel

The Seven Dimensions of Security Culture: Attitudes

The Most Effective Attacks Are Often the Simplest

Watch Out for OAuth Phishing Attacks and How You Can Stay Safe

Your Vishing Attack Surface Has Exploded And Voice Phishers Now Target Your Corporate VPN

KnowBe4 Launches New Research Arm With Its First Report on Security Culture

Social Media Doppelgangers Strike Again

U.K. National Health Service Targeted with Over 40,000 Email Scams Aimed at Stealing Patient Data

Phishing Site Takes Brand Impersonation to a Whole New Level Pretending to be FINRA

[HEADS UP] Carnival Corp. is the Next Victim of a Ransomware Attack

Credential Stuffing Attacks Shut Down Canada's Revenues Service

U.K. Firms Have Dismissed Employees for Breaching Cybersecurity Policy Since COVID-19 Pandemic

ABC News Interviewed Me on South Carolina Man Finding Personal Information of WWE Star and Raiding Her Home

CyberheistNews Vol 10 #34 My Lazy Sunday Afternoon Was Interrupted...

The Celebrities Don't Know You, and You Don't Know Them

RedCurl APT Uses Spear Phishing to Conduct Corporate Espionage

Trying for a win, win, win game. Listen to this 5-minute interview with me.

Phishing with Canva: Bad Guys Exploit Graphic Design Platform

YIKES: Fancy Bear Linux Rootkit

43,000+ NHS Staff Hit With Phishing Emails Since March

COVID-Themed Phishing Scams Are on Their Way Out While Some Scammers Use a Vaccine as a Last-Ditch Effort

Having a Wonderful Time, Wish Your Data Were Here

[On-Demand] The Best Ways to Stop Malware and Ransomware That No One Else Will Tell You

Pressure, Peer and Otherwise: Ransomware and Data Theft Go Hand-In-Hand

FOLLOWUP: Small Business Administration Phishing Campaign

Phishing Golden Hour

My lazy Sunday afternoon was interrupted...

Paying the Ransom After a Ransomware Attack May Become More Complicated, Thanks to the U.S. Treasury

[Heads Up] Apparently Slack Phishing Got So Bad They Had To Do Something About It

CyberheistNews Vol 10 #33 [Heads Up] Explosion of Zoom Meeting Phishing Attacks Targeting O365 and Outlook

Cybercriminals Target Execs in Microsoft 365 Credential Attack to Launch Internal BEC Scams

Many US States Requiring Training on COVID-19 Before Return to Work

Legitimate Accounts for Illegitimate Business Email Compromise

KnowBe4 Celebrates 10 Years by Planting 10,000 Trees Worldwide

SBA Phishing: Malicious Actors "Return to Roots" in the Hunt for Money

Cyberattacks Involving Both Data Exfiltration and Ransomware to Ensure Ransom Payment Increase 152%

Dark Patterns and the Craft of Online Persuasion

Nearly Half of Dutch Listed Companies Do Not Provide Information on Cybersecurity in Annual Report

The U.N. counterterrorism chief says a 350% increase in phishing websites was reported in Q1 2020

Ransomware Payments Increase by a Massive 60% as Email Phishing Rises in Frequency as Primary Attack Vector

Leaked U.S.-UK Trade Documents Show How Devastating Compromised Email Can Be

Five Reasons Why Ransomware Attacks Should Be Your Biggest Worry and Aren’t Going Anywhere

The Importance of Identifying and Focusing on the Malicious Behavior

New Compliance Management Features Now Available in the KCM GRC Platform

Visit KnowBe4 at Black Hat USA 2020 - Virtual Event

[Interpol Alert] LockBit Ransomware Attacks Affect American SMB's

Explosion of Zoom Meeting Phishing Attacks Over Spring and Summer of 2020 and Targeting Office365 and Outlook Credentials

Hacked High-Profile Twitter Accounts Are Used to Promote a Cryptocurrency Scam

New U.K. Phishing Scam uses a £400 Tax Cut as Bait

Netflix Phishing Attack Hides Behind a Functional CAPTCHA Page to Avoid Detection

CyberheistNews Vol 10 #32 [Heads Up] Voicemail-Themed Phishing Attacks Are on the Rise

Is it a Quiz Scam? Is it Bad? Is it Back With a Vengeance?

July Fresh Content Updates from KnowBe4: Including New Recommended Training Suggestions in the ModStore

Phishing Kits Continue to be Popular With Cybercrime Due to New User-Friendly and Sophisticated Features

[MOST WANTED] Criminal Hacker Of The Week: Maksim Viktorovich Yakubets

Introduction To KnowBe4's Services

The Recent Massive Twitter Social Engineering Hack Was Tried And True Pretexting

Wake-up Call: New Study from PWC Exposes Terrifying End-User Security Practices that will Keep Your CISO Up at Night

Happy 21st Annual SysAdmins Day!

[HEADS UP] North Korean Cybercriminals Use Fake Recruitment Emails in Phishing Scam

An Old Dog with Some New Tricks

[HEADS UP] Coronavirus Scams in the U.K. You Should be Wary Of

1 in 3 Employees Rarely or Never Think About Cybersecurity

Sawfish Spearphishing Attacks Continue, Prompting Password Resets on GitHub and DeepSource

New CONTI Ransomware Family Touts Faster Encryption, Better Obfuscation, More Control

Social Engineering from an Actuarial Point of View

REvil Criminal Ransomware Syndicate Attacks Spanish State-Owned Railway Operator Again!

NEW 2020 Security Culture Survey Now Available

CyberheistNews Vol 10 #31 I Testified Before U.S. Congress About COVID-19 Phishing Scams

Vanity, Thy URL is Zoom

Are Account Takeovers Driving Towards a Passwordless Future?

Voicemail-Themed Phishing Attacks on the Rise

[Heads up]  CISA And NSA Urge “Immediate Action” To Secure National Critical Infrastructure

BEC is the Largest Cyber Threat to UK Sports Entities

Third Party Digital Risk Significantly Increases as Organizations Continue to Work From Home

[HEADS UP] Cyber Attack at University of York Steals Personal Information from Staff and Students

Don't Overlook Policy When Designing Security

Testing 1… 2… 3…

Argentinian Telecom Company is the Latest Victim of REvil Ransomware, with 18,000 Endpoints Infected

Does Your Domain Have an Evil Twin? Find Out For a Chance to Win Beats Headphones

I Testified Before U.S. Congress About COVID-19 Phishing Scams

KnowBe4 Releases New Training Module: Face Masks At Work: 8 Essential Tips

“Service Desk” Phishes in Enterprise Waters

Brand-New Tool: Browser Password Inspector Helps Find Risky Passwords Your Users Save in the Browser

CyberheistNews Vol 10 #30 [Heads Up] What Is Consent-Phishing? Microsoft Warns About New App-Based Attack Angle

Emotet Returns Using Familiar Phishing Tactics

New “” Phishing Attack Uses Microsoft, IBM Cloud Services to Add Legitimacy

Phishing Attack in Finland Uncovers Sophisticated Smishing Scheme

Phorpiex Botnet Attacks Spike So High in June, 2% of *All* Organizations Were Hit

Expect to See Data Theft as Part of More Ransomware Attacks in the Future

Impermissible: Be Suspicious of Permission Requests

Like Twitter, MFA Will Not Save You!

Microsoft Warns of Application-based Phishing

[Heads Up] Twitter Employees Fall For Social Engineering Attack And The Bad Guys Get "God Mode"

SEC Issues Warning on Increased Ransomware Attacks

KnowBe4 Finds Coronavirus-Themed Phishing Spiked in Q2 2020 [INFOGRAPHIC]

[ALERT] More Than 10% of Ransomware Attacks Now Involve Data Theft / Data Breach

Scammers Impersonate Hospital Personnel

The Bad News: Only 5% of Your Users Can Effectively Spot a Phishing Attack

[Heads Up] Scam of The Week: Watch Out For This COVID Class Action Workplace Lawsuit

CyberheistNews Vol 10 #29 [Heads Up] Microsoft Stops an O365 Phishing Campaign That Attacked CEOs in 60+ Countries

DMs Promise Enhanced Pictures, but Deliver Malicious Links

It’s Worse Than You Thought: Remote Employees Interaction with Unsafe Websites is Up 50%

Monkeying Around for Office 365 Credentials

6000% Increase in Phishing Attacks Leveraging COVID-19, Healthcare Industry Often The Target

Ragnar Locker Ransomware Attacks Energy Company, Potentially Stealing 10TB in Data

Thanos Ransomware Attacks Now Disable Backups, Avoid Detection, and Impersonate the OS

Vishing Attacks Yield Phone Fraud Take of Over $100 Million

Ransomware Attacks on Manufacturing Yield an Average Payout of $271K

[HEADS UP] Office 365 Phishing Attacks Now Use Fake Zoom Suspension Alerts

Back-to-School: a Buzzkill in More Ways than One

[On-Demand Webinar] Hackers Exposed: Kevin Mitnick Shares His Tradecraft and Tools to Help You Hack Proof Your Network

More Than 15 Billion Credentials Are For Sale in Criminal Markets

How To Get And Stay Compliant With The New California Consumer Privacy Act (CCPA):

Gartner: You Should Focus On These 7 Specific COVID-19 IT Security Areas

Microsoft Seizes Six Domains Used in Sophisticated Phishing Scheme

CyberheistNews Vol 10 #28 60% of Organizations Are Hit by Cyberattacks Spread by Their Own Employees

[Heads Up] The First-Ever Russian BEC Gang, Cosmic Lynx, Was Uncovered. They Spear Phish Multinational & Fortune 500 Senior Executives

FakeSpy Android Malware Distributed via Smishing

New Calendar Invitations as Phishbait Attack Wave

New Phishing Attack Targets 200M+ Microsoft 365 Accounts Via Malicious Excel .SLK Files to Bypass Security

More Companies Start Reporting Their Ransomware Infections As The Expensive Data Breaches They Are

If you don’t meet the CMMC specifications, you will no longer be able to compete for the DoD’s business

KnowBe4’s Q2 2020 Year-Over-Year Sales Grow 25%

Get the latest about social engineering

Subscribe to CyberheistNews