Security Awareness Training Blog

Keeping You Informed. Keeping You Aware.
Stay on top of the latest in security including social engineering, ransomware and phishing attacks.

View Topics

Roger Grimes

Roger Grimes
Roger A. Grimes is a Data-Driven Defense Evangelist at KnowBe4. He is a 30-year computer security professional, author of 13 books and over 1,200 national magazine articles. He frequently consults with the world’s largest and smallest companies, and militaries, and he has seen what does and doesn’t work. Grimes was a weekly security columnist for InfoWorld and CSO magazines from 2005 - 2019. He regularly presents at national computer security conferences, and has been interviewed by national magazines and radio shows, including Newsweek magazine and NPR’s All Things Considered. Roger is known for his often contrarian, fact-filled viewpoints.
Find me on:
 

Recent Posts

One-Fourth of a SOC’s Life Is Researching Sketchy Emails

Feb 5, 2021 1:52:21 PM By Roger Grimes
This is a pretty amazing stat – nearly one-fourth of a security operation center’s (SOC’s) time is spent preventing, detecting, responding to, and researching potentially malicious ...
Continue Reading

Beware the Long Con Phish

Jan 28, 2021 8:00:00 AM By Roger Grimes
Social engineering and phishing happen when a con artist communicates a fraudulent message pretending to be a person or organization which a potential victim might trust in order to get ...
Continue Reading

Motivations of Phishing Criminals

Jan 22, 2021 8:44:00 AM By Roger Grimes
Phishers, people who are phishing other people (i.e., victims), have reasons for doing so. They are all criminals…cons…each pretending to be something they are not in order to trick ...
Continue Reading

The Many Ways You Can Be Phished

Jan 22, 2021 8:38:17 AM By Roger Grimes
Social engineering and deception are as old as humanity itself. Phishing is social engineering and deception via digital means and has been with us since the beginning of computers. After ...
Continue Reading

2020 Top Phishing and Vishing Attacks And Trends

Dec 31, 2020 10:06:25 AM By Roger Grimes
It’s an extra challenging year, harder than most, to choose the most impactful cybersecurity events. The year ended with a bang – the Solarwinds supply chain attack – which possibly ...
Continue Reading

How Can You Be More at Risk With MFA?

Dec 23, 2020 1:43:26 PM By Roger Grimes
In my recent comment on the Solarwinds’ cyber attack, I made the claim that using multifactor authentication (MFA) can sometimes make you more at risk than using a simple login name and ...
Continue Reading

Solarwinds MFA Bypass Attack Pushes Limits

Dec 16, 2020 12:59:35 PM By Roger Grimes
Excellent, long-time, tech reporter Dan Goodin reported in Ars Technica that the recent Solarwinds’ supply chain attack involved hackers bypassing a popular multi-factor authentication ...
Continue Reading

Shame! Shame! I Got Phished

Dec 14, 2020 8:00:00 AM By Roger Grimes
I can’t be phished. At least that’s what I used to believe.
Continue Reading

Why Are You Being Phished?

Dec 8, 2020 4:05:42 PM By Roger Grimes
People often wonder, why are they being phished? Why are they being phished by a hacker in the first place? What does their organization have that some hacker decided they were noteworthy ...
Continue Reading

The Most Common Password Frustrations

Nov 9, 2020 5:01:48 PM By Roger Grimes
We all know the well-worn adage to make our passwords long and complex. Sometimes trying to do so can be completely frustrating.
Continue Reading

6 Lessons I Learned from Hacking 130 MFA Solutions

Nov 5, 2020 2:16:43 PM By Roger Grimes
I was fortunate enough to write Wiley’s Hacking Multifactor Authentication. It’s nearly 600-pages dedicated to showing attacks against various multi-factor authentication (MFA) solutions ...
Continue Reading

[NEW BOOK] Hacking Multi-Factor Authentication

Oct 27, 2020 8:58:07 AM By Roger Grimes
I’m excited to announce the release of my 12th book, Hacking Multifactor Authentication.
Continue Reading

Beware of Fake Forwarded Phishes

Sep 17, 2020 3:29:13 PM By Roger Grimes
There are many specific, heightened challenges of spear phishing emails coming from compromised, trusted third parties. Trusted third-party phishing emails usually come from the ...
Continue Reading

Check Your Email Rules for Maliciousness

Sep 2, 2020 4:07:15 PM By Roger Grimes
Email rules have been used maliciously for decades. Learn about email rules and what you need to do to defend your organization against their malicious misuse.
Continue Reading

How to Defend Against Phishes Coming from Trusted Partners

Aug 31, 2020 9:54:51 AM By Roger Grimes
One of the most frequent concerns I hear from IT security practitioners and CISOs is the rise of phishing attacks coming from compromised trusted partners and contractors. The attackers ...
Continue Reading

Watch Out for OAuth Phishing Attacks and How You Can Stay Safe

Aug 19, 2020 3:53:03 PM By Roger Grimes
A steadily growing phishing trend involves phishing emails which attempt to modify your OAuth permissions. Simply clicking on one Allow button or hitting ENTER by mistake can ...
Continue Reading

Phishing Golden Hour

Aug 12, 2020 6:08:44 PM By Roger Grimes
In emergency healthcare settings, the “golden hour” is the time between when a patient suffering a life threatening event (e.g., heart attack, stroke, aneurysm, etc.) is most likely to ...
Continue Reading

Like Twitter, MFA Will Not Save You!

Jul 16, 2020 1:24:50 PM By Roger Grimes
I’m sure we are all interested in the latest Twitter hack. As the author of the soon to be released Wiley book called Hacking Multifactor Authentication, I have to laugh at the “experts” ...
Continue Reading

How To Improve Employee Engagement in Security Awareness Training

Jun 24, 2020 12:37:10 PM By Roger Grimes
One of the most common questions I get asked working for a security awareness training company is, how do I make employees more engaged with and care about the training? I get it. Who ...
Continue Reading

Top 12 Most Common Rogue URL Tricks

Jun 19, 2020 3:18:27 PM By Roger Grimes
It’s nearly impossible to find an Internet scam or phishing email that doesn’t involve a malicious Uniform Resource Locator (URL) link of some type. The link either directs the user to a ...
Continue Reading
Subscribe

Search Our Blog


Ransomware Hostage Rescue Manual

Subscribe To Our Blog

Posts By Topic

View all

Get the latest about social engineering

Subscribe to CyberheistNews