Security Awareness Training Blog

Keeping You Informed. Keeping You Aware.
Stay on top of the latest in security including social engineering, ransomware and phishing attacks.

Stu Sjouwerman

Recent Posts

85% Of Employees are More Likely to Leak Files Now Than Pre-Coronavirus

According to research released Thursday by Code42, 85% of employees are more likely to leak files today than before the COVID-19 pandemic.
Continue Reading

Zoom Phishing is Still Rampant

Cybercriminals are still using Zoom and other conferencing platforms as phishbait, according to Zlati Meyer at Fast Company. This phishing theme isn’t likely to let up any time soon, so ...
Continue Reading

Data Breaches Are Expected to Decline While Ransomware and BEC Gain Steam

A new report from the Identity Theft Research Center discusses which cybersecurity attacks will be most impactful next year as part of the ITRC’s 2021 predictions.
Continue Reading

All 200 Million Office 365 Users at Risk by a New Global Spear Phishing Attack Spoofing Microsoft.com

A new spear phishing campaign appearing to come from a microsoft.com email address is targeting organizations in critical industries that use Office 365 for email to steal credentials.
Continue Reading

CISA Emergency Directive: Pull Plug On SOLARWINDS ORION NOW.

It's all over the press. A wide swath of U.S. Government orgs were hacked by the Russians. They accessed those networks by slipping malware into a SolarWinds software update, according to ...
Continue Reading

Just How Far Can Three Cybercriminals Reach? How about 150 Countries!

As three members of the cybercriminal group TMT were recently arrested, details emerge around the breadth and depth of their attacks from a year-long Interpol investigation.
Continue Reading

Check Point Says to Expect More Shipping and Delivery Phishing Emails This Season

With in-person shopping still considered “high risk”, online shopping with home delivery and the need to meet delivery deadlines creates the perfect scenario for scammers.
Continue Reading

Who’s on the Phone? It’s the Ransomware Guys “Encouraging” You to Pay the Ransom!

Since August of this year, some ransomware attacks are being followed up by phone calls to increase pressure, promote the attack internally, and increase the chances of getting paid.
Continue Reading

Updates on Vishing

Voicemail scams are on the rise, according to Paul Ducklin at Naked Security. These scams are a form of voice phishing (“vishing”) in which scammers churn out automated phone calls and ...
Continue Reading

GDPR Compliance Scams Rising

Organizations need to be on the lookout for GDPR-themed phishing lures, according to Mike Puglia, Chief Product Officer at Kaseya. In an article for ITProPortal, Puglia explains that GDPR ...
Continue Reading

You know it's going to be a long day when...

…you’re sending out emails like the below to all staff at 8 in the morning.
Continue Reading

Election-themed Phishing is Likely to Persist

The US elections have come and gone, but people should still be on the lookout for election-themed phishbait, according to Roger Kay at Inky. Emotions are still running high in the US, ...
Continue Reading

Phishing Campaign Targets COVID Vaccine Cold Supply Chain

Researchers at IBM’s X-Force have identified a phishing campaign targeting the COVID-19 vaccine “cold chain” (the part of the supply chain focused on “the safe preservation of vaccines in ...
Continue Reading

Ransomware Gangs Are Now Cold-Calling Victims If They Restore From Backups Without Paying

Catalin Cimpanu at ZDNet reported on another evil escalation in ransomware extortion tactics.  In attempts to put pressure on victims, some ransomware gangs are now cold-calling victims ...
Continue Reading

Exploits Leveraging Excel 4.0 Macros Increase as Organizations Continue to Rely on this Legacy Technology

Despite being nearly 30 years old, Excel’s very functional macro technology appears to be a little too functional, as attackers have stepped up its use to advance cyberattacks.
Continue Reading

BEC Scam Litigation Demonstrates How Your Company Can Be Out $500,000

The case of Arrow Truck Sales Inc. v. Top Quality Truck & Equipment tells a familiar tale, but provides insight into how the law interprets cases and who’s at fault.
Continue Reading

New “Back to Work” HR-Themed Phishing Scam Works to Steal Internal User Credentials

Using a fake internal memo from HR, per-user custom-named email attachments, SharePoint Online, and a realistic-looking HR form, this phishing attack has all the ingredients to trick your ...
Continue Reading

Think Tanks Targeted by APT Actors

The US Cybersecurity and Infrastructure Security Agency (CISA) and the FBI have issued a joint advisory warning that nation-state advanced persistent threat (APT) actors are targeting US ...
Continue Reading

How Are Credential-Theft Phishing Websites Avoiding Detection? They Just Invert the Website Background

Sometimes the easiest solution is the best solution. And in the case of phishing attacks intent of stealing credentials using a fake logon page, it appears that background inversion does ...
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews