Security Awareness Training Blog

Keeping You Informed. Keeping You Aware.
Stay on top of the latest in security including social engineering, ransomware and phishing attacks.

Stu Sjouwerman

Recent Posts

[Heads Up] The Chinese Have Likely Hacked Your Exchange Email Server

What if Chinese state-sponsored hackers have owned your OWA using several brand-new zero-day vulns? On March 2, Microsoft released emergency security updates to plug four security holes ...
Continue Reading

Think Your Cyber Insurance is Going to Cover that $6 Million in Cyber Fraud? Think Again.

The latest tale of an organization falling victim to a business email compromise attack on their credit card processor highlights how very specific the scenario needs to be to see a ...
Continue Reading

1 in 4 Business Email Compromise Attacks Use Lookalike Domains to Trick Victims

The latest Data on BEC scams shows how the bad guys are using a mix of gmail accounts, increases in stolen wire transfers, and a shift to payroll diversions to trick you out of your money.
Continue Reading

Phishing Attacks Continue to Impersonate Trusted Brands to Deceive Potential Victims

The use of impersonation in phishing attacks helps to establish credibility and a sense of ease. New data shows exactly how the bad guys are using this tactic to their advantage.
Continue Reading

Vendor Email Compromise is Officially A Big (Seven-Figure) Problem

While the Solarwinds “sunburst” attack brought to light the compromising of a vendor, VEC has been around for some time and now seems to be going mainstream.
Continue Reading

Phishing Scammers Send a Fake “Private Shared Document” as the Initial Attack Vector for Stealing LinkedIn Credentials

A new social engineering scam demonstrates how cybercriminals are both evolving their tactics while still using tried and true methods that just work to attain their goals.
Continue Reading

Someone Hacked The Four Top Russian Cybercrime Forums In One Month

Intrepid investigative cyber security reporter Brian Krebs has some interesting news. He said: "Over the past few weeks, three of the longest running and most venerated Russian-language ...
Continue Reading

KnowBe4 Fresh Content Updates from February: Including New Season 3 of 'The Inside Man' Now Available

Here are important fresh content updates and new features to share with you that happened in the month of February.
Continue Reading

[ALERT] New Stanford Research: 88% Of Data Breaches Are Caused By Human Error

A recent 2020 report we just discovered confirms what we have been saying for many years now. About 9 out 10 data breaches are caused by your users. We are pleased that the somewhat older ...
Continue Reading

Most Phishing Emails Are After Credentials

57% of phishing emails in 2020 were designed for stealing credentials, according to Cofense’s most recent Annual State of Phishing Report. Meanwhile, just 12% of phishing attacks last ...
Continue Reading

POTRAZ Warns of Phishing Scams

The Postal and Telecommunications Regulatory Authority of Zimbabwe (POTRAZ) has issued a warning regarding an increase in email and SMS phishing attacks, the Chronicle reports. Dr. Gift ...
Continue Reading

Universal Health Services Becomes Next Victim of Ryuk Ransomware, Costing $67 Million

Fortune 500 hospital and health care service provider Universal Health Services (UHS) recently became victim to Ryuk ransomware in September 2020.
Continue Reading

By Their Poor Idiomatic Control Shall Ye Know Them

A new phishing campaign is impersonating Zoom in order to steal users’ Outlook credentials, according to researchers at GreatHorn. The attackers are using phishing URLs that spoof Zoom’s ...
Continue Reading

Hacking Multifactor Authentication: An IT Pro’s Lessons Learned After Testing 150 MFA Products

Multi-Factor Authentication (MFA) can be a highly effective way to safeguard your organization’s data, but that doesn’t mean it’s unhackable. And nobody knows that better than ...
Continue Reading

[HEADS UP] New Dutch Data Breach Report Warns of Explosive Increase in Cyber Attacks and Stolen Personal Data

The Dutch Data Protection Authority (AP) recently measured the number of reports of data theft in 2020 and the number of attacks skyrocketed. The report documented that it increased no ...
Continue Reading

New York State Education Department Warns of Phishing Campaign

The New York State Education Department (NYSED) released an advisory warning that scammers are impersonating its employees in an attempt to steal social security numbers and money. The ...
Continue Reading

Phishing Attacks Double in 2020 While Carrying the Highest Month of Attacks on Record

The latest data from the Anti-Phishing Working Group (AWPG) shows massive gains in phishing attacks in Q4 of last year, quantifying the growth and setting the expectation of what’s to ...
Continue Reading

UK Police Arrest SIM-Swapping Gang Responsible for the Theft of Over $100 Million in Cryptocurrency

This month the UK’s National Crime Agency (NCA) arrested eight suspects who targeted famous sports stars and musicians in the US and stole from victim’s bank accounts and crypto wallets.
Continue Reading

Microsoft Dominates as the Most Impersonated Brand in Phishing Attacks

New data from phishing detection vendor Inky highlights which brands are most often used by cybercriminals in phishing attacks that will give them the edge needed for a successful phish.
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews