Security Awareness Training Blog

Keeping You Informed. Keeping You Aware.
Stay on top of the latest in security including social engineering, ransomware and phishing attacks.

Stu Sjouwerman

Recent Posts

[Eye Opener] Lessons Learned from a Big Hotel's Recent Data Breach Caused By Social Engineering

This week Marriott International, one of the largest hotel chains, suffered their second data breach of 2022. The attack by a group named 'Group with No Name' (GNN) took place in early ...
Continue Reading

One Employee’s Desire for a New Job Cost His Employer $540 million

A “Fake Job” scam allows cybercriminals to gain entrance to the network at Sky Mavis, makers of the game Axie Infinity, and eventually take the company for half a billion dollars in ...
Continue Reading

Your KnowBe4 Fresh Content Updates from June 2022

Check out the 68 new pieces of training content added in June, alongside the always fresh content update highlights and new features.
Continue Reading

FBI Issues Warning on China for Attempting to 'Ransack' Western Companies

Bloomberg recently reported that FBI Director Christopher Wray issued a warning to Western companies that China wants to 'ransack' their IP. The goal of this attack would be to dominate ...
Continue Reading

Phishing Campaign Impersonates the UAE

Researchers at CloudSEK have observed a financially motivated phishing campaign that’s impersonating the United Arab Emirates (UAE) Ministry of Human Resources. The large-scale campaign ...
Continue Reading

Expect More Travel-Themed Phishing Scams as 80% of Americans Plan to Travel

The lure of last-minute deals to get away after staying home for the last 2 years is so strong, scammers are using it to their advantage with scams intent on stealing online credentials.
Continue Reading

New WhatsApp Scam Uses Call Forwarding Social Engineering to Hijack Accounts

This is a great example of how even the simplest of social engineering tactics can be used as the first step in a likely-larger scam. In a recent short post on LinkedIn, Rahul Sasi, CEO ...
Continue Reading

New Phishing Campaign is Targeting TrustWallet With Impersonation Emails

Vade Secure warns that a phishing campaign is targeting TrustWallet cryptocurrency wallet users with phony verification emails.
Continue Reading

Ransomware Gang Creates “User-Friendly” Stolen Data Search Site for Employee Victims

In an interesting extortion twist to get ransomware victims to pay up, one gang has created a search site to allow employees to see if their own private information has been made public.
Continue Reading

Phishing Emails Top the List as the Initial Attack Vector for Ransomware Attacks

The latest data on ransomware trends from backup vendor Veeam demonstrate the impact these attacks have on backups and an organization’s ability to recover.
Continue Reading

Email-Based Threats Double as Malware, Credential Phishing, and BEC Detections Increase

Newly released data from TrendMicro about high-risk email threats in 2021 shows where cybercriminals are placing their focus and where yours should be as well.
Continue Reading

[FREE Resource Kit] July Is Ransomware Awareness Month

July is Ransomware Awareness Month, and we’ve got you covered with free resources!
Continue Reading

New Phishing Campaign Impersonates Canada Revenue Agency

A phishing campaign is impersonating the Canada Revenue Agency (CRA) in an attempt to steal Canadians’ personal information, according to Rene Holt at ESET. The phishing emails inform ...
Continue Reading

[New FBI and CISA Alert] This ransomware strain uses RDP flaws to hack into your network

As of May 2022, MedusaLocker has been observed predominantly exploiting vulnerable Remote Desktop Protocol (RDP) configurations to access victims' networks, according to a new joint ...
Continue Reading

[Heads Up] Online Fraud Now Sky-high With 'Tinder Swindler' Romance Scams Costing Hundreds of Millions

A new article in Bloomberg focused on new sky-high online fraud numbers, they are horrendous. Here is a short summary and I recommend you read the whole article.
Continue Reading

Wars and Lechery, Nothing Else Holds Fashion for Phishing Attacks

Shakespeare said it first, and things haven’t changed: suffering and desire continue to drive victims to the social engineers. Researchers at Bitdefender have observed a phishing campaign ...
Continue Reading

Bad News to Ransom Payers: 80% of You Will Face a Second Attack Within 30 Days

New insight into what happens during and after a ransomware attack paints a rather dismal picture of what to expect from attackers, your executives, and your operations.
Continue Reading

80% of Organizations Await “Inevitable” Negative Consequences From Email-Born Cyberattacks

With nearly every organization experiencing some form of phishing attack, new data suggests these attacks are improving in sophistication, effectiveness, and impact.
Continue Reading

New Evasive Phishing Techniques Help Cybercriminals Launch “Untraceable” Campaigns

Scary new details emerge of cybercriminals using reverse tunneling and URL shorteners to evade detection by security solutions, allowing them to take victims for their credentials and ...
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews