Security Awareness Training Blog

Keeping You Informed. Keeping You Aware.
Stay on top of the latest in security including social engineering, ransomware and phishing attacks.

Game-Changer: Biometric-Stealing Malware

I have been working in cybersecurity for a long time, since 1987, over 35 years. And, surprisingly to many readers/observers, I often say I have not seen anything new in the ...
Continue Reading

Credential Theft Is Mostly Due To Phishing

According to IBM X-Force’s latest Threat Intelligence Index, 30% of all cyber incidents in 2023 involved abuse of valid credentials. X-Force’s report stated that abuse of valid ...
Continue Reading

Anyone Can Be Scammed and Phished, With Examples

I recently read an article about a bright, sophisticated woman who fell victim to an unbelievable scam. By unbelievable, I mean most people reading or hearing about it could not believe ...
Continue Reading

Hard Lessons From Romance Scams

Seeing as this week is Valentine’s Day, I should have written something about rom coms, true love, and trusting your heart more. But this is not one of those posts. This post is about ...
Continue Reading

Calculating Materiality for SEC Rule 1.05

The U.S. Securities and Exchange Commission (SEC), through a new requirement of Item 1.05 of the 8-K, requires that all regulated companies report significant cybersecurity breaches ...
Continue Reading

Cybersecurity Resiliency and Your Board of Directors

Growing cybersecurity threats, especially ransomware attacks, and the Securities and Exchange Commission’s (SEC) recent rules have made having a cybersecurity-aware Board of Directors ...
Continue Reading

AI Does Not Scare Me, But It Will Make The Problem Of Social Engineering Much Worse

I am not scared of AI. What I mean is that I do not think AI is going to kill humanity Terminator-style. I think AI is going to be responsible for more cybercrime and more realistic ...
Continue Reading

Beware of "Get to Know Me" Surveys

Trained security awareness professionals are aware that whatever someone says about themselves and personal experiences can be used against them in a social engineering scam. It is always ...
Continue Reading

Beyond the Scams: Unraveling the Dark Tactics of Real-World Kidnapping Scams and Virtual Extortion

The world can be a scary and dangerous place. Its unethical scammers have no problem doing almost anything to make a buck, but sometimes, their plots seem to be extra messed up.
Continue Reading

Beware of Fraudulent Charge Messages

Be careful of emails, SMS messages, or calls claiming to be from your bank about your card being used fraudulently. If this ever happens, call the phone number on the back of your card.
Continue Reading

A Dream Team Security Awareness Training Program?

Every person and organization is different and requires slightly different methods and ways of learning. But every person and organization can benefit by more frequent security awareness ...
Continue Reading

We Do What We Are Trained To Do

When I was young, I was an oceanfront lifeguard, firefighter and EMT paramedic. All disciplines involved frequent education and training.
Continue Reading

Why Security Awareness Training Is Effective in Reducing Cybersecurity Risk

Security awareness training (SAT) works! A well-designed security awareness training campaign will significantly reduce cybersecurity risk.
Continue Reading

How To Fight Long-Game Social Engineering

CISA sent out a warning about a Russian advanced persistent threat (APT) called Star Blizzard warning about their long-game social engineering tactics.
Continue Reading

Phishing Defense: Train Often to Avoid the Bait

Surveys, unfortunately, show that the vast majority of organizations do little to no security awareness training. The average organization, if it does security awareness training, does it ...
Continue Reading

Phishing-Resistant MFA Will Not Stop Phishing Attacks

You would be hard-pressed to find an author and organization (KnowBe4) that has pushed the use of phishing-resistant multi-factor authentication (MFA) harder.
Continue Reading

New SEC Rules Will Do More Than Result in Quick Breach Reporting

On July 26, the U.S. Security & Exchange Commission (SEC) announced several new cybersecurity rules, taking affect mid-December 2023, that will significantly impact all U.S. ...
Continue Reading

Security Awareness Training Can Help Defeat Deepfake and AI Phishing

There is no doubt that more pervasive deepfake and AI technologies will make for more realistic, sophisticated, phishing attacks, and add to an already huge problem.
Continue Reading

[HEADS UP] FBI Warns About Callback Phishing

In a recent official advisory, the FBI warned about the threat of callback phishing (among other threats). Below is the relevant excerpt.
Continue Reading

Should You Use Controversial Simulated Phishing Test Emails?

The Wall Street Journal recently published an article about using highly-emotionally charged, “controversial”, subjects in simulated phishing tests. Controversial topic examples include ...
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews