Security Awareness Training Blog

Keeping You Informed. Keeping You Aware.
Stay on top of the latest in security including social engineering, ransomware and phishing attacks.

Stu Sjouwerman

Recent Posts

FBI Warns of Deepfakes Used to Apply for Remote Jobs

If you're looking for your company's next remote IT position, you may want to think twice before doing so. The FBI recently reported to the Internet Complaint Center today that there are ...
Continue Reading

Try the new Compliance Audit Readiness Assessment today for the NIST Cybersecurity Framework

When it's time to complete a compliance audit of your cybersecurity readiness plan, are you thinking, "Ugh, is it that time again?"
Continue Reading

MetaMask Crypto Wallet Phishing

A phishing campaign is attempting to steal credentials for MetaMask cryptocurrency wallets, according to Lauryn Cash at Armorblox.
Continue Reading

Pre-Hijacking of Online Accounts are the Latest Method for Attackers to Impersonate and Target

Rather than run a complex credential harvesting phishing scam, attackers use existing information about their victim and hijack a popular web service account *before* it’s created.
Continue Reading

“Failure to Authenticate” Wire Transaction at the Heart of a Cyber Insurance Appeal Case

Lawsuits over denied cyber insurance claims provide insight into what you should and shouldn’t expect from your policy – and that actions by your own users may make the difference.
Continue Reading

Phishing Scammers Leverage Telegraph’s Loose Governance to Host Crypto and Credential Scams

The free and unmonitored webpage publishing platform has been identified as being used in phishing scams dating back as early as mid-2019, as a key part to bypass security solutions.
Continue Reading

Vendor Impersonation Competing with CEO Fraud

Researchers at Abnormal Security have observed an increase in vendor impersonation in business email compromise (BEC) attacks.
Continue Reading

[Heads Up]  Russia has increased the cyber attacks against countries that help Ukraine

The Wall Street Journal just reported that Russian intelligence agencies have increased the pace of cyberattacks against nations that have provided aid to Ukraine, according to new ...
Continue Reading

Spear Phishing Campaign Targets the US Military

Researchers at Zscaler warn that a spear phishing campaign is targeting the US military and other sectors with phishing emails that purport to be voicemail notifications. The emails ...
Continue Reading

FBI Warns of Fraudsters on LinkedIn

The US FBI has warned that scammers on LinkedIn are a “significant threat,” CNBC reports. Sean Ragan, the FBI’s special agent in charge of the San Francisco and Sacramento field offices, ...
Continue Reading

KnowBe4 June 2022 Perspective

Information Security is mission-critical today. The global risk situation is higher than ever. Your employees are still your largest attack vector. New-school security awareness training ...
Continue Reading

Smishing Text Scams Have Doubled in the Last Three Years

New data shows a rise in the use of text messages as an effective vehicle to connect with potential victims for social engineering scams as Americans increase their preference of the ...
Continue Reading

New PDF-Based Phishing Attack Demonstrates that Office Docs Aren’t Passé – They are Just Obfuscated!

Security researchers have discovered a cunning PDF-based phishing attack that leverages social engineering and PDF prompt specifics to trick users into opening malicious Office docs.
Continue Reading

Over 2000 Social Engineering Scammers Arrested in Multi-Country Crackdown on Fraud, BEC, and Money Laundering

Thousands of members of cybercriminal groups were arrested in a sting that lasted 2 months and involved coordinated efforts of the law enforcement departments of 76 countries.
Continue Reading

Vishing Attacks Increase 550% Over Last Year as the Financial Sector Continues to be a Primary Target

Cybercriminals are continuing to bypass the use of malware in favor of response-based and credential-centric social engineering attacks, according to new data from Agari and PhishLabs.
Continue Reading

142 Million Customer Records From MGM Resorts Leaked for Free Download

The availability of such a massive number of records at no cost to any cybercriminal interested is a recipe for countless phishing campaigns using the data itself as a means of ...
Continue Reading

New Phishing Campaign Uses ChatBot Functionality to Build Trust and Steal Credit Card Details

Rather than go for the phishing jugular and point the victim immediately to a webpage to steal credentials or personal details, a new phishing campaign uses a chatbot to lower victim ...
Continue Reading

The Next Evolution in Cyberattacks You Need to Worry About: AI

New testimony to U.S. Senate Armed Services Committee Subcommittee on Cybersecurity by Microsoft’s Chief Scientific Officer sheds light on AI-powered cyberattacks.
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews