Security Awareness Training Blog

Keeping You Informed. Keeping You Aware.
Stay on top of the latest in security including social engineering, ransomware and phishing attacks.

Stu Sjouwerman

Recent Posts

Elections In Russia Mean 16 More Years Of Job Security For InfoSec Pros

Russian voters have overwhelmingly backed a ploy by President Vladimir Putin to rule until 2036 in a referendum. 
Continue Reading

See Ridiculously Easy Security Awareness Training and Phishing

Join us for a live demo on Security Awareness Training and phishing in action!
Continue Reading

A "Secure DNS" Scam: an Upgrade that's a Downgrade

A phishing campaign is targeting website owners with convincing, personalized emails that purport to come from WordPress, Naked Security reports. The emails claim that WordPress is ...
Continue Reading

COVID-19 Related Phishing Scams Target Passport Details

The Coronavirus phishing scams have only gotten more aggressive and targeted now than ever before, InfoSecurity Magazine reports. Now researchers at Griffin Law are tracking self-employed ...
Continue Reading

Australia Spending Nearly $1 Billion on Cyberdefense as China Tensions Rise

The NY Times reported some surprising numbers: "Officials promised to recruit at least 500 cyberspies and build on the country’s offensive capabilities to take the online battle overseas. ...
Continue Reading

Phishing in Irish Streams

Netflix is warning users in Ireland to be on the lookout for another phishing campaign that’s impersonating the streaming service, Extra.ie reports. The emails inform recipients that ...
Continue Reading

It's the Best of 2020! Cyber CSI: Learn How to Forensically Examine Phishing Emails to Better  Protect Your Organization

Roger Grimes' lesson on how to forensically examine phishing emails received the highest viewer rating of any webinar so far this year. In case you missed it, make sure to watch this ...
Continue Reading

60% of Organizations are Hit by Cyberattacks Spread by Their Own Employees

The unwitting participant appears to be alive and well, based on new data from security vendor Mimecast. With employees being the source of attack surface expansion, what’s an org to do?
Continue Reading

New Sextortion Method Uses Social Engineering and Doxing To Identify and Target Victims

According to the SANS Internet Storm Center, cybercriminals are engaging their victims online, using social engineering tactics to collect needed details to extort money.
Continue Reading

New Dropbox-Based Pandemic Relief Payment Scam Targets U.K. Microsoft 365 Users, Bypassing Email Security

Using a Dropbox Transfer page, this new scam presses all the urgency buttons while eluding detection as being malicious in an effort to steal the victim’s online credentials.
Continue Reading

Hit Them When They're Down: Two Cyberattacks Leave Operations Halted with a Ransom to Pay

A recent cyberattack on Australian beverage manufacturer Lion demonstrates how even a modicum of precaution after an attack can spell doom for operations.
Continue Reading

One Letter Away: Impersonation, Bitcoin, and Phishing Expeditions

KrebsOnSecurity reports that a phishing website has been impersonating the private messaging service Privnote.com in order to steal Bitcoin. The real Privnote is a free site that allows ...
Continue Reading

Phishing Attacks Significantly Increase in Singapore During COVID-19 Pandemic

The number of phishing attacks in Singapore to give up personal information has almost tripled in the last year and doubled during the COVID-19 pandemic, according to the Cybersecurity ...
Continue Reading

Work From Home in America Sets Major Target for Russian Hackers

A Russian ransomware group named "Evil Corp" who was indicted by the Justice Department in December is now targeting employees working from home during the COVID-19 pandemic and ...
Continue Reading

[Heads Up] A New Devilish Malware Worm Called Lucifer Is Targeting Your Windows Workstations

Palo Alto Networks’ Unit 42 Security experts have identified a malware worm called Lucifer, that targets Windows systems with cryptojacking and distributed denial-of-service (DDoS) ...
Continue Reading

New Training Modules Added on Data-Driven Defense

We have exciting news to share! Two new modules have been released about data-driven defense, both featuring Data-Driven Evangelist Roger Grimes.
Continue Reading

Survey Says...You've Been Pwned

Surveys are enticing, and so are survey scams. But they’re easy to recognize if you know what to look for, according to Paul Ducklin at Naked Security. Ducklin describes a typical survey ...
Continue Reading

‘New VPN Configuration’ Email Tricks Microsoft 365 Users Out of Credentials

Scammers are taking advantage of the prominent use of VPNs by remote workforces to send out this very topically relevant phishing email that just wants to steal your credentials.
Continue Reading

20% of Organizations Provided No Cybersecurity Guidance to Users Making the Shift to Working from Home

At a time when cyber risk is at its highest levels, new data shows how little organizations have done to ensure employees are prepared for cyber attack while working from home.
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews