Security Awareness Training Blog

Keeping You Informed. Keeping You Aware.
Stay on top of the latest in security including social engineering, ransomware and phishing attacks.

More Companies Start Reporting Their Ransomware Infections As The Expensive Data Breaches They Are

If you don’t meet the CMMC specifications, you will no longer be able to compete for the DoD’s business

KnowBe4’s Q2 2020 Year-Over-Year Sales Grow 25%

New ‘WastedLocker’ Ransomware Released by Evil Corp

Half of all Remote Employees Aren’t the Slightest Bit Prepared for Cyberattacks

Microsoft 365 Phishing Attacks Masterfully Use Brand Name Sites to Establish Legitimacy

Business Email Compromise Attacks Focused on Invoice Fraud Surge by 75%

June Content Update: Including New Roger Grimes Video Series on Data-Driven Defense

Looking for Binge-Worthy Viewing Options This Summer?

Elections In Russia Mean 16 More Years Of Job Security For InfoSec Pros

See Ridiculously Easy Security Awareness Training and Phishing

A "Secure DNS" Scam: an Upgrade that's a Downgrade

COVID-19 Related Phishing Scams Target Passport Details

Australia Spending Nearly $1 Billion on Cyberdefense as China Tensions Rise

CyberheistNews Vol 10 #27 [Heads Up] How Slack Phishing Works - The Latest Tricky Attack Vector

Phishing in Irish Streams

It's the Best of 2020! Cyber CSI: Learn How to Forensically Examine Phishing Emails to Better  Protect Your Organization

60% of Organizations are Hit by Cyberattacks Spread by Their Own Employees

New Sextortion Method Uses Social Engineering and Doxing To Identify and Target Victims

New Dropbox-Based Pandemic Relief Payment Scam Targets U.K. Microsoft 365 Users, Bypassing Email Security

Hit Them When They're Down: Two Cyberattacks Leave Operations Halted with a Ransom to Pay

One Letter Away: Impersonation, Bitcoin, and Phishing Expeditions

Phishing Attacks Significantly Increase in Singapore During COVID-19 Pandemic

Work From Home in America Sets Major Target for Russian Hackers

[Heads Up] A New Devilish Malware Worm Called Lucifer Is Targeting Your Windows Workstations

New Training Modules Added on Data-Driven Defense

Survey Says...You've Been Pwned

‘New VPN Configuration’ Email Tricks Microsoft 365 Users Out of Credentials

20% of Organizations Provided No Cybersecurity Guidance to Users Making the Shift to Working from Home

Enterprises Experience Nearly Five Times as Many Mobile Phishing Attacks as Last Year

How You Can Increase Employee Engagement with Security Awareness Training

New Ransomware Strain CryCryptor Targets Canada on COVID-19 Tracing App

Phishing and Redirection

[HEADS UP] Sodinokibi Ransomware Strain Learns New Trick

CyberheistNews Vol 10 #26 Twitter Takes Down Over 32,000 Nation State Accounts Involved in Disinformation Campaigns

Slack Phishing

How to Combat the Fake News and Disinformation Being Used to Attack Your Organization

Pyongyang's Phishing with Job Offers

Microsoft 365 to Provide Detonation Details About Malicious Email Content

Microsoft Warns of New Java-Based “PonyFinal” Ransomware Used as Part of Human-Operated Attacks

WARNING: The List of Ransomware-Turned-Data Breach Operators is Getting Long

Top 12 Most Common Rogue URL Tricks

[Heads Up] North Korean State Hackers Plan a June 21 COVID-19 Phishing Attack That Targets 5 Million in Six Nations

[Heads Up] Australian Government and businesses hit by massive cyber attack from ‘sophisticated, state-based actor’

How to Keep SOX on Track During a Pandemic

Find Out How to Use Your Organization's Data to Become a Risk Management Expert

Microsoft on COVID-19 Themed Cyberattacks

[MSP News] Manage Your KnowBe4 Accounts Faster With NEW Managed Phishing Functionality

The Face of APT Actors

Researchers Uncover Six Years of Russian Attempts to Mold International Politics

Phony Data Theft, Like Phony Sextortion

Increase in BLM Domain Names Forecasts BLM Phishing Attacks

Twitter Takes Down Over 32,000  Nation State Accounts Involved in Disinformation Campaigns

CyberheistNews Vol 10 #25 [Eye Opener] "For a long time I've had a gap in my O365 security. PhishRIP is amazing and solves the problem."

BEC Isn't Back; It Never Left

Another Bitcoin Scam, with Bogus SpaceX on the Side

Fraudsters Are Exploiting Newborns and Recently Deceased People

Australian Beverage Manufacturer Shutdown IT Systems After Cyberattack

Japan CERT: 75% of BEC Email Scams Involve the Forgery of an Invoice from a Business Partner

Multifactor Authentication Versus Credential Stuffing?

Sharp Increase Of Phishing "From" Dutch Tax Authority

Maze Ransomware “Cartel” Adds More Ransomware Gangs to its Data Leak Platform

Pretexting Defined

[HEADS UP] Recent Phishing Attack in Germany Hits Coronavirus Task Force

CyberheistNews Vol 10 #24 [Heads Up] Remote Work Isn’t Good for Corporate Security. 30% of Organizations Have Been the Victim of Phishing Scams Since the Lockdown

The Enduring Threat of Ransomware During COVID-19

[EXCLUSIVE] Indian Cyber Firm Spied on Investors and Politicians Across the Globe

Why BEC Punches Above Its Weight

Hurricane Season Means Disaster-Related Scams

Security Awareness is the Biggest Security Challenge for Remote Workforces

Why People Don't Learn (It's Not Always Their Fault)

May Content Update: Including New When You Report, We Get Stronger Video Series

Prediction: Ransomware Attacks to Spike as Employees Return to the Office

[HEADS UP] Cybercriminals in Australia Harass Recipients with Abusive Transaction Descriptions on Bank Statements

[BEWARE] New Report on Doxxing Exposes Cybercriminal Trends

[HEADS UP] More Australian Companies Hit By Mespinoza/Pysa Ransomware

Excel Macros Bypass Your Filters and Slip in Malware Payloads

Combatting Rogue URL Tricks: How You Can Quickly Identify and Investigate the Latest Phishing Attacks

Remote Work Isn’t Good for Corporate Security (Part 2): 30% of Organizations Have Been the Victim of Phishing Scams Since the Lockdown

Remote Work Isn’t Good for Corporate Security (Part 1): 6 in 10 Employee’s Online Accounts Have Been Compromised Since Working Remotely

COVID-19 Tax Refund Phishing Attacks Offering Fake U.K. Government Grants

Ransomware Gangs Team Up To Form Extortion Cartel

Pandemics, Killer Insects, and Riots Stir Up Cybercriminals

[Heads Up] The REvil Ransomware Gang Is Now *Auctioning Off* Their Victim Data

CyberheistNews Vol 10 #23 [Eye-Opener] More Than Half of Your Employees Cut Security Corners When They Work Remote

Phishing for Supermarket Deliveries

How Low Will Cybercriminals Go?

The Latest Ransomware Attacks Can Require a Data Breach Notification

Human Performance as a Risk Factor

Supreme Court “Summons” is the Latest Phishing Attack Aimed at Stealing Your Microsoft 365 Credentials

Verizon: Phishing is the Attack Vector Most Often Seen in Data Breaches

EasyJet Becomes the Latest Victim of Data Breach Impacting 9 Million Customers

State Unemployment Programs Are the Latest Victim of Massive Fraud

Netwalker Ransomware Adopts an Affiliate Model to Help Increase Attacks and Profits

[Eye-Opener] More Than Half Of Your Employees Cut Security Corners When They Work Remote

What to do About BEC?

[Heads Up] Ransomware Damage Skyrockets As Ransoms Grew 14 Times In Just 12 Months

Beware of Phony LogMeIn Security Updates

CyberheistNews Vol 10 #22 [Scam of the Week] Microsoft Warns to Look out for This Massive Covid-19 Excel Phishing Attack

Phishing Campaigns Using Google Firebase Storage

[Scam Of The Week] Microsoft Warns To Look Out for This Massive Covid-19 Excel Phishing Attack

[Heads Up] The COVID Remote Work Mandate Skyrockets "Work From Home" Training Enrollments

Nearly Every Organization is More Concerned about Cybersecurity Than Before COVID-19

Your Next Ransomware Attack May Require Two Payments!

Preying on the Unemployed

CyberheistNews Vol 10 #21 [Heads Up] World's Largest Sovereign Wealth Fund Falls for 10 Million Social Engineering Attack

Biases People Take Home With Them

The Three Pillars of the Three Computer Security Pillars

Scammers Exploit Rollout of COVID-19 Contact-Tracing Apps

Dutch Online Retailer Wehkamp Loses 144,000 Euros in Bankruptcy Business Email Compromise

That Email from President Trump? Yeah, That’s a Phishing Scam

World's Largest Sovereign Wealth Fund Falls For $10m Social Engineering Attack

Paying the Ransom Doubles the Cost of a Ransomware Attack

OUCH! REvil Ransomware Attack Hits A-List Celeb Law Firm

Watch Out for the Coming Tsunami of Mortgage Rescue Phishing Scams

[HEADS UP] Coronavirus Phishing Attacks Skyrocket to 30% Increase

Why Does Someone Click and Become a Victim of a Scam?

Hacker Group Compromises the Email Accounts of More Than 150 Company’s High-Ranking Executives

Healthcare Providers Get Free Assistance with Remediating Ransomware Attacks

Half of Employees Put the Organization at Risk by Watching Adult Content on Work Computers

CyberheistNews Vol 10 #20 [Scam of the Week] Unemployed Americans Are Now Deceived Into Grabbing ‘Remote Jobs’ as Money Mules

Your Ransomware Task Force: Response, Recovery, and Remediation Tips from the Pros

[Scam of The Week] Unemployed Americans Are Now Deceived Into Grabbing ‘Remote Jobs’ As Money Mules

It Starts with a Phish: Employee PII at Risk When Pipeline Development Outsourcer Falls Victim to Ransomware Attack

Fake Zoom Downloader is the Latest Method of Attack on Remote Workers

Cybercriminals Lean Heavily on Social Engineering Tactics to Gain Access to Bank Accounts

COVID-19 Security Hints & Tips Email Templates In 10 Additional Languages

It's World Password Day 2020 - Is Your Organization Safe?

Some Phishers Who Know Their Trade

What is the Right Password Policy?

Q&A With Data-Driven Evangelist Roger Grimes on the Great Password Debate

Implausible Phishbait, But Someone May Bite

Reuters: 'State-backed hackers targeting coronavirus responders'

[HEADS UP] Coronavirus in Australia: Government Warns Phishing Email Target

1,000+ SEC Filings Show Ransomware an On-Going Risk for Public Companies

CyberheistNews Vol 10 #19 [Heads Up] 'Florentine Banker Group' Use Microsoft 365 Functionality to Scam Private Equity Firm out of 1.2 Million

Medical Suppliers Targeted With Agent Tesla Infostealer

We're All Third-Party Management Organizations

PerSwaysion: Convincing Executives to Act Against Their Own Interest

GitHub is the Latest Target of Social Engineering Phishing Attacks

Zelle Users Continue to be the Target of Scams Intent on Fraud

Half of all Breaches Start with Phishing and Social Engineering

The Need for Pandemic Financial Relief Spurs a Phishing Attack Impersonating the U.S. Federal Reserve

Is That COVID-19 Email Legitimate or a Phish?

April Content Update: Including New Work from Home Training Module from Twist & Shout

Scammers Can Use Recent Transactions to Trick You

[NEW FEATURE] Brandable Content Now Available

[Heads Up] Microsoft: Ransomware Gangs That Don't Threaten To Leak Your Data Steal It Anyway

[Click Alert] So, What Is The Phish-prone Percentage On Recent Coronavirus Phishing Tests?

Can COVID-19 Related Data Breach Worries Stop Your Mergers Or Acquisitions?

CyberheistNews Vol 10 #18 [Heads Up] An Ugly New COVID-19 Malware Strain Is Bricking Your Endpoints

COVID-19 Spam Delivers Remcos RAT

[HEADS UP] Experts Predict 30,000% Increase in COVID-19 Cybersecurity Threats

Two-thirds of Remote Workers Received No Security Awareness Training in the Last Year

'Florentine Baker Group' Use Microsoft 365 Functionality to Scam Private Equity Firm Out of $1.2 Million

The Best and First Defenses You Should Implement

See me On-Demand at the WSJ Pro Webinar: Covid-19 Themed Cybercrime

Postcards from a Film Director. The challenges of creating a sitcom during COVID-19 Lockdown

How Sharing Personal Information Helps Scam Artists

Phishing Kit Prices Rise

COVID-19 Emails go From Zero to Half a Million a Day in Just Three Months

German Health Authorities Lose €1.5 Million in COVID-19 Mask Purchase Scam

CyberheistNews Vol 10 #17 3 Eye Opening Reasons Why Security Awareness Training Is Even More Critical Now That You Have a Remote Workforce

Third-Party Risk Management Questionnaire for Extended Emergencies

Apple, Netflix, and Yahoo Were the Most Impersonated Brands in Q1 2020

[HEADS UP] DHS Deadline Notice of 56 Million Security Awareness Training Funding Opportunity

New COVID-19 Malware Variants Render Your Endpoints Useless

Quarantine Text Scam Tricks U.K. Residents into Paying “Fine”

Zeus Sphinx Banking Trojan is Revived Under the Guise of COVID-19 Assistance

Netflix Scams Target People Sheltering in Place

It’s Look-Alike Day: While Doppelganger Humans Can Be Funny, Domains Are Not

Damage From Phishing Doubles For Dutch Banks

[Heads-Up] Hacking Attacks Double Against Users Who Now Suddenly Work From Home

Re-Opening the American Economy? Malicious Actors Have a Plan...

[NEW PhishER Feature] Remove, Inoculate, and Protect Against Email Threats Faster with PhishRIP

Phishing Trend: Quality, Not Quantity?

Spanish Hospital Faces Netwalker Ransomware Attack in the Midst of Pandemic

Coronavirus-Related Spear Phishing Attacks See a Massive 667% Increases in March

When the Implausible Seems, Well, More Plausible

See me at the WSJ Pro Webinar - Wednesday 22nd April. 1pm ET / 10am PT.

Phishing *Better* Than the Bad Guys During the Pandemic

CyberheistNews Vol 10 #16 [Heads Up] Killing Your Zoom Meeting IDs Is Only Suppressing the Real Problem

3 Eye Opening Reasons Why Security Awareness Training is Even More Critical Now That You Have a Remote Workforce

Three More Ransomware Families Join the Extortion Game

Novel, but Retrospectively Obvious: a QR Code Generator Scam

Removing Zoom Meeting ID's: Treating the Symptom, Not the Cause

Q1 2020 Coronavirus-Related Phishing Email Attacks Are Up 600%

New Articles and Updates From the KnowBe4 Technical Content Team in Q1 2020

The Bad Guys Use A New Text Reversal Technique To Get Phishing Attacks Past Your Security Filters

[On-Demand Webinar] The Art of Invisibility: Important New Privacy Concerns for Your Quickly Evolving Remote Workforce

3 Lessons COVID-19 Can Teach Us About Cybersecurity

Hackers have hit every country on Earth with coronavirus-themed cyberattacks

Struggling with the Whole WFH Thing? Fear Not! The Bad Guys are Here to Help!

Zoom's Recent Hypergrowth Challenges -- And How To Use It In A Secure Way

NASA sees an “exponential” jump in malware attacks as personnel work from home

Share the Red Flags of Social Engineering Infographic With Your Employees

Cloud-based Business Email Compromise

March Content Update: Including Work From Home and Coronavirus Training Resources

CyberheistNews Vol 10 #15 The Dilemma: Should You Phish Test During the COVID-19 Pandemic?

Phishing Trends Recap of COVID-19 Related Phishing Schemes


Get the latest about social engineering

Subscribe to CyberheistNews