Security Awareness Training Blog

Keeping You Informed. Keeping You Aware.
Stay on top of the latest in security including social engineering, ransomware and phishing attacks.

Stu Sjouwerman

Recent Posts

Ransomware Attack Causes School 'District-Wide Shutdown'

A ransomware attack hitting Las Cruces Public Schools forced the district to shut down the entire computer system to contain the infection.
Continue Reading

Vishing, from (not) the Bank

We saw yesterday how phishing affects the financial sector. Here we see another, related trend: impersonation attacks that purport to be from the victim’s bank.
Continue Reading

[NEW FEATURE] KnowBe4 Assessments Help Gauge Proficiency of Your Users in Security Awareness and Sentiment Towards Security Culture

Social engineering attacks continue to be the leading cause of compromised networks and data breaches. Today, organizations of all sizes are susceptible to these attacks and are ...
Continue Reading

A Recent Spate Of Spear Phishing Attacks Is Targeting The Financial Industry

Phishing attacks are getting harder to spot, especially as more attackers realize the value of targeted, well-crafted phishing attacks, according to Johannes Ullrich, the dean of research ...
Continue Reading

Phishing Attack Targets Humanitarian Organizations

Researchers at Lookout have discovered an ongoing phishing campaign targeting humanitarian non-governmental organizations (NGOs), including UNICEF and the Red Cross. The infrastructure ...
Continue Reading

Phishing in Office 365's Pond

Heimdal Security has come across a phishing campaign that uses compromised accounts to target Microsoft users. The attackers use email and social media accounts they’ve already breached ...
Continue Reading

Data Breaches Devastate Small Businesses in 2019 with 10 Percent Closing Their Doors

A new report from the National Cyber Security Alliance sheds some light on how prepared small and medium size businesses are and what the aftermath of a data breach really looks like.
Continue Reading

FBI Updates Initiative to Protect U.S. Elections from Cyberattacks

FBI has updated and expanded the resources and tools designed to help political campaigns, private businesses, and individuals to better understand and mitigate risks posed by foreign ...
Continue Reading

CNN Says "Hack Our Reporter," and White Hat Rachel Tobac *Does*

It’s “disturbingly easy” to steal someone’s personal data using information gleaned from their social media accounts, according to Donie O’Sullivan at CNN. O’Sullivan met with Rachel ...
Continue Reading

Credential Phishing With a Masked URL

Cofense warns of a phishing campaign going after credentials for the Stripe online payment platform. The attackers are sending emails purporting to be from Stripe Support, telling the ...
Continue Reading

Q3 2019 Top-Clicked Phishing Email Subjects from KnowBe4 [INFOGRAPHIC]

KnowBe4 reports on the top-clicked phishing emails by subject lines each quarter in three different categories: subjects related to social media, general subjects, and 'In the Wild' - we ...
Continue Reading

A New Strain of Tech Support Scam in the U.K.

The BBC reports a tech support scam that caused a British man, Doug Varey, to lose £4,000. The scam began when Mr. Varey saw an online ad for twelve years’ worth of computer security ...
Continue Reading

Smishing and Carrier Impersonation

While most phishing campaigns involve email, SMS text messages are an ideal alternative for attackers, according to Paul Ducklin at Naked Security. Text messages are brief and uniform in ...
Continue Reading

Shipping giant Pitney Bowes hit by ransomware

TechCrunch reported that shipping tech giant Pitney Bowes has confirmed a cyberattack on its systems.
Continue Reading

Alexa and Google Home abused to eavesdrop and phish passwords

Ars Technica is on a roll lately with some very good articles! Here is another one that made me go "Yikes!"
Continue Reading

Can An Employee's Bad Conscience Be A Vulnerability?

It can be useful to remember that social engineering succeeds much better when its marks are stressed or hurried. That appears to be the case with an ongoing scam campaign that lays its ...
Continue Reading

KnowBe4 Wins ComputingSecurity Award: Education and Training Provider of the Year

We are extremely pleased to announce we won the ComputingSecurity Award for Education and Training Provider of the Year. Here is the team accepting the award.
Continue Reading

Don’t Fall Victim to Breach Fatigue

People shouldn’t let news of data breaches dissuade them from trying to protect their information, according to security researcher Ray [REDACTED]. On the CyberWire’s Hacking Human ...
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews