Security Awareness Training Blog

Keeping You Informed. Keeping You Aware.
Stay on top of the latest in security including social engineering, ransomware and phishing attacks.

Stu Sjouwerman

Recent Posts

Don't Leave Your Users At Risk For Holiday Scams. Get Your Free Resource Kit From KnowBe4!

With users focused on holiday activities, cybercriminals take advantage of lowered defenses and holiday distractions to scam users into becoming victims. Phishing emails about shipping ...
Continue Reading

PayPal Becomes the Most Popular Phishbait

Vade Secure has found that PayPal is now the most impersonated brand in phishing attacks, surpassing Microsoft for the first time, Help Net Security reports. Vade detected 16,547 unique ...
Continue Reading

Your CEO's Email May Be Hacked And You Don't Even Know It

Hackers focused on CEO fraud (or Business Email Compromise - BEC) attacks often go to great lengths to hide the fact they have access to your CEO’s mailbox as part of a larger scam.
Continue Reading

Instagram Copyright Infringement is the Latest Phishing Scam Targeting Social Media

Focused on compromising social media credentials, scammers trick Instagram users into giving up credentials and other personally identifiable information with convincing phishing emails.
Continue Reading

Bogus eCommerce Sites Spinning Up for Holidays

The number of potential e-commerce phishing domains registered in the first nine months of 2019 is more than six times the amount registered during the same period in 2016, a report from ...
Continue Reading

Reuters: "Hackers hit UK political parties with back-to-back cyberattacks"

LONDON (Reuters) - Hackers hit Britain’s two main political parties with back-to-back cyberattacks on Tuesday, sources told Reuters, attempting to force political websites offline with a ...
Continue Reading

Mexican Oil Company Pemex Dodges $5M Ransomware Bullet

Mexican state-owned oil company Petróleos Mexicanos (Pemex) on Sunday suffered a ransomware attack that took down parts of its network.
Continue Reading

[Heads Up] This New, Unusual Ransomware Strain Goes Exclusively After Servers

Danny Palmer at ZDnet alerted on the following: "An unconventional form of ransomware is being deployed in targeted attacks against enterprise servers – and it appears to have links to ...
Continue Reading

Third Party Phishing: The New Spear-Phishing Attacks That Traditional Defenses Just Don't Stop

Joe in accounting is pretty cyber-savvy. He doesn’t fall for basic phishing emails with masked URLs or phony password reset requests. But what happens when Joe gets an email from a ...
Continue Reading

LIVE DEMO: Identify & Respond to Email Threats Faster with PhishER

Your users are likely already reporting potentially dangerous emails in some fashion within your organization. The increase of this email traffic can present a new problem!
Continue Reading

TrickBot Malware Uses Highly Personalized Fake Sexual Harassment Complaints as Phishing Bait

Fake sexual harassment complaints appearing to come from the U.S. Equal Employment Opportunity Commission (EEOC) are the latest baits used by attackers to disseminate TrickBot banking ...
Continue Reading

People Need to Work Together to Spot Con Artists

It might not be possible to resist a good con artist, according to award-winning author, journalist, and champion poker player Maria Konnikova. On the CyberWire’s Hacking Humans podcast, ...
Continue Reading

Phishing Resistance for Charities

81% of charities say they’ve been targeted by a phishing attack this year, according to Ed Macnair, writing for UK Fundraising. Meanwhile, only 37% of charities think their IT and ...
Continue Reading

Mac users warned that disabling all Office macros doesn’t actually disable all Office macros

Graham Cluley warned: "It’s been almost 25 years since macro malware first reared its head, and it would be nice to think that the defences Microsoft has built into its Office suite in ...
Continue Reading

Lower Your Business Risk with Best Practice Data Privacy Impact Assessments (DPIA's)

Whether you're creating a new product, going through a merger & acquisitions, or significantly changing a process in your organization, new processing activities can present high risk to ...
Continue Reading

US Govt Asks Users to Be Wary of Holiday Scams and Malware

US consumers are encouraged by the Department of Homeland Security (DHS) to be wary of malicious campaigns and scams that usually start targeting during each year's holiday season.
Continue Reading

New articles and updates from the KnowBe4 Technical Content Team

Here are all of the major items and updates our Technical Content Engineers have added to our knowledge base and KMSAT product in the last couple of months.
Continue Reading

Specially Crafted ZIP Files Used to Bypass Secure Email Gateways

Attackers are always looking for new tricks to distribute malware without them being detected by antivirus scanners and secure email gateways. This was illustrated in a new phishing ...
Continue Reading

The Direct Deposit Phish: Revisiting the Scene of the Crime

By Eric Howes,  KnowBe4 Principal Lab Researcher.  Well over a year ago we reported on the rise of a new form of CEO fraud in which malicious actors persuaded unwitting employees working ...
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews