Security Awareness Training Blog

Keeping You Informed. Keeping You Aware.
Stay on top of the latest in security including social engineering, ransomware and phishing attacks.

Stu Sjouwerman

Recent Posts

Recent Cryptocurrency Scam Posed as “The Elon Musk Mutual Aid Fund”

A phishing campaign is pushing cryptocurrency scams posing as the “Elon Musk Mutual Aid Fund,” according to BleepingComputer. The emails have odd subject lines and content, but contain an ...
Continue Reading

[INFOGRAPHIC] How to Run a Successful Security Awareness Training Program

As you're preparing for Cybersecurity Awareness Month, thinking about how to strengthen your security awareness training program is probably top of mind.
Continue Reading

Over $100,000,000 Lost to Romance Scams in Seven Months

People in the US lost $133,400,000 to romance scams between January 1st and July 31st of 2021, according to the FBI. The average amount lost was in the tens of thousands of dollars. The ...
Continue Reading

[NEW FEATURE] Admins Can Save and Schedule KnowBe4 Reports to Automatically Send on a Recurring Basis

We are excited to announce the availability of KnowBe4’s new ‘Save and Send’ Reporting feature. The 60+ predefined reports available in the KnowBe4 platform already give you a variety of ...
Continue Reading

Enterprise Organizations Have as Much as an 85% Chance of Receiving a BEC Attack Every Week

Business Email Compromise is a multi-billion dollar business, representing 43% of all cybercrime last year. Despite it being dwarfed in the news by ransomware, it represents a growing ...
Continue Reading

Probability of Experiencing a Vendor Email Compromise Attack Increases 96%

Vendor Email Compromise requires first taking control of a strategic email account within the victim organizations. According to new data, cybercriminals are getting really good at this.
Continue Reading

New Phishing Attack on Microsoft 365 Users Leverages Open Redirects to Avoid Detection

The use of open redirects from legitimate domains makes phishing emails that much more believable and credible, obfuscating the dangerous nature of these attacks.
Continue Reading

That's Not the US Department of Transportation, It's a Phishing Attack

A phishing campaign is impersonating the US Department of Transportation (USDOT), according to Roger Kay at INKY. The campaign is targeting infrastructure contractors who are eager to bid ...
Continue Reading

Brute Force Attacks are on the Rise as June sees a 671% increase

With nearly one-third of all organizations targeted in a single week and just above one-quarter on the average, attempts to access externally facing resources is growing in popularity and ...
Continue Reading

Researchers Discover Vulnerability Used for Deception and SSID Stripping

Researchers at AirEye have discovered a vulnerability in the way in which devices connect to wireless networks that could allow an attacker to trick a user into connecting to a malicious ...
Continue Reading

U.S. Cyber Command General Promises 'Surge' To Fight Ransomware Attacks

The Hill reported 9/14/2021: "Gen. Paul Nakasone, the head of U.S. Cyber Command and director of the National Security Agency (NSA), is working to “surge” efforts to respond to the ...
Continue Reading

Register for the Cybersecurity Virtual Summit KB4-CON EMEA Today!

We’re thrilled to host our first KB4-CON Cybersecurity Virtual Summit specifically for EMEA (Europe, the Middle East and Africa). At this one-of-a-kind event you’ll hear world-renowned ...
Continue Reading

Social Media as Artillery Preparation for Spear Phishing

Researchers at ESTsecurity warn that a North Korean threat actor known as “Kumsong 121” is using compromised social media accounts to launch spear phishing attacks, the Daily NK reports. ...
Continue Reading

Business Email Compromise Scam takes New Hampshire Town for $2.3 Million

Social engineering is at the heart of this attack, where scammers successfully tricked a town into redirecting not just one but several bank transfers.
Continue Reading

Ransomware Resurrection? REvil Servers Come Back Online

After months of what was thought to be the retirement of the REvil ransomware gang, REvil-related systems and Tor sites popped up on the Dark Web last week.
Continue Reading

Blame it on the Lizard Brain

People need to work to overcome their inherent biases in order to avoid falling for social engineering attacks, according to Heidi Mitchell at the Wall Street Journal.
Continue Reading

[On-Demand Webinar] A Master Class on Cybersecurity: Roger Grimes Teaches Data-Driven Defense

Even the world’s most successful organizations have significant weaknesses in their cybersecurity defenses, which today’s determined hackers can exploit at will. There’s even a term for ...
Continue Reading

Wanting to Stream the Italian Grand Prix This Weekend? It Might Be a Scam.

With so many fans worldwide wanting to watch the race online, cybercriminals have stepped up to meet the demand with fraudulent websites intent on stealing credit card details.
Continue Reading

A Look at Phishing Keywords

Researchers at Expel offer a useful list of the top keywords used in phishing emails. First on the list is the word “invoice,” which is a general term that will be relevant to most ...
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews