Security Awareness Training Blog

Keeping You Informed. Keeping You Aware.
Stay on top of the latest in security including social engineering, ransomware and phishing attacks.

James Bond-Style Scamming Profits Explode

There is a type of scam where victims are contacted by someone fraudulently posing as a popular trusted entity (e.g., Amazon, U.S. Post Office, etc.), law enforcement, or an intelligence ...
Continue Reading

No, KnowBe4 Is Not Being Exploited

Some of our customers are reporting “Threat Alerts” from Mimecast stating hackers have exploited KnowBe4 or KnowBe4 domains to send email threats.
Continue Reading

Be Careful of Malicious Ads

For decades, we have all been warned to be appropriately skeptical of internet search engine results. Sadly, most people are not.
Continue Reading

Why Controversial Phishing Emails Do Not Work

Frequently, when a cybersecurity training manager sends out a controversial simulated phishing attack message that angers a bunch of employees and ends up making headlines, we get called ...
Continue Reading

CISA Strongly Recommends Phishing-Resistant MFA

We are excited to see the Cybersecurity Infrastructure Security Agency (CISA) and outgoing Director Jen Easterly strongly recommend PHISHING-RESISTANT multi-factor authentication (MFA).
Continue Reading

Beware of Fake Tech Support Scams

About five years ago, I was having trouble with an expensive brand-name refrigerator that my wife and I had bought. It was a great refrigerator feature-wise. My wife and I initially loved ...
Continue Reading

Purina’s Champions Program Is the Best I Have Seen

In my most recent book, Fighting Phishing: Everything You Can Do to Fight Social Engineering and Phishing, I highlight the use of “champions," which are co-workers in your organization ...
Continue Reading

Step-by-Step To Creating Your First Realistic Deepfake Video in a Few Minutes

Learn how to step-by-step create your first realistic deepfake video in a few minutes.
Continue Reading

If Social Engineering Is 70% - 90% of Attacks, Why Aren’t We Acting Like It?

Over a decade ago, I noticed that social engineering was the primary cause for all malicious hacking. It has been that way since the beginning of computers, but it took me about half of ...
Continue Reading

Every Cybersecurity List Should Be a Risk-Ranked List

Cybersecurity is all about risk management and reduction. You cannot get rid of all risk. Well, I guess you could, but you (and everyone else) would probably not want to work in a true ...
Continue Reading

Don’t Put Real Answers Into Your Password Reset Questions

This recent article on how a hacker used genealogy websites to help better guess victims' password reset answers made it a great time to share a suggestion: Don’t answer password reset ...
Continue Reading

Educate Your Users About Malicious SEO Poisoning Attacks

Since the beginning of computers, social engineering has been the number one way that computers and networks have been compromised. Social engineering is involved in 70% to 90% of all ...
Continue Reading

[Cybersecurity Awareness Month] Prepare for All Manner of Cyber Threats Like the Heroes of ‘The Inside Man’

Mark Shepherd, the Inside Man, is on a mission.
Continue Reading

[On-Demand Webinar] On How To Avoid Hiring Nation-State Fake Employees

In July 2024, KnowBe4 revealed that we had unknowingly hired a North Korean who was pretending to be someone else. We locked down the laptop that was sent to the fake employee within 25 ...
Continue Reading

More Carrots and Fewer Sticks

This blog was co-written by Perry Carpenter and Roger A. Grimes. As I sit in the 2024 Seattle Convene conference this week and listen to speaker after speaker talk about their successful ...
Continue Reading

Is Disabling Clickable URL Links Enough?

Recently, we had a customer reach out to ask if disabling clickable uniform resource locator (URL) links in emails was enough protection by itself to potentially not need employee ...
Continue Reading

Roger’s Hacking Stories

In this post, I'll share two fascinating hacking stories I've experienced: one involving a sophisticated scam that targeted a major U.S. Fortune 500 conglomerate, and another detailing ...
Continue Reading

CISA’s Red Team Exercise Shows Value of Phishing, but Misses the Best Recommendation

Phishing is used to completely compromise the victim’s environment after other repeated methods failed.
Continue Reading

Chile Leads Latin America With New Cybersecurity Governance

Chile took a major step toward a more resilient cyber landscape for its citizens and the Latin American region on Tuesday, March 26, 2024, when Chile’s president of the Republic, Gabriel ...
Continue Reading

Ransomware Attacks on Healthcare Is Costing Lives

Ransomware is more prolific and expensive than ever. Depending on the source you read, the average or median ransomware payment was at least several hundred thousand dollars to well over ...
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews