Security Awareness Training Blog

Keeping You Informed. Keeping You Aware.
Stay on top of the latest in security including social engineering, ransomware and phishing attacks.

New Survey Uncovers Primary Challenges in Creating A Security Culture

New survey data from security vendor nCipher uncovers why organizations are finding it difficult to engage users to participate willingly in security-minded processes and behaviors.
Continue Reading

The Fake French Minister In A Silicone Mask Who Stole Millions

Identity theft is said to be the world's fastest-growing crime, but in sheer chutzpah there can be few cons to match the story of the fake French minister and his silicone mask.
Continue Reading

Maryland governor signs order to boost cybersecurity after Baltimore ransomware attack

The Hill reported: "Maryland Gov. Larry Hogan (R) on Tuesday signed an executive order aimed at strengthening the state’s cybersecurity capabilities, a month after a debilitating ...
Continue Reading

Bogus Emails: 3.4 Billion Are Sent Every Day...

Research from Valimail shows that at least 3.4 billion phony emails are sent every day, Help Net Security reports. Despite this staggering number, most organizations still aren’t ...
Continue Reading

How Hackers Emptied Church Coffers with a Phishing Attack and Social Engineering Phone Call

Cyber thieves aren't bound by a code of ethics. They look for weak targets and high rewards, which is exactly what Saint Ambrose Catholic offered.
Continue Reading

Massive Cyberheist Bankrupts Medical Debt Collector

AMCA, a medical billing collections agency that was hacked last year in an incident believed to impact millions of medical patients is now seeking a federal bankruptcy court’s protection ...
Continue Reading

Hit by Ransomware Attack, Florida City Agrees to Pay Hackers $600,000

It was all over the press, and even made it in the New York Times: "The leaders of Riviera Beach, Fla., looking weary, met quietly this week for an extraordinary vote to pay nearly ...
Continue Reading

[NEW FEATURES] Branded Certificates and End User Surveys

We are excited to announce the release of two new features in the KnowBe4 platform. Branded Certificates and End User Training Surveys!
Continue Reading

Subdomain Scam Hits Australian Government Seeking Money to “Register” Bogus Domain Names

Employees of agencies within the Australian government have been receiving targeted emails offering to register what amounts to a subdomain of a legitimate look-alike domain.
Continue Reading

U.S. May Face Cyberwar with Russia After Purported U.S. Attacks on Russian Power Grid

The hacking of Russia’s power grid by the U.S. has led to a formal warning from the Kremlin that could escalate into an all-out cyberwar with attacks on U.S. businesses, agencies, and ...
Continue Reading

“File Deletion” Alert Becomes the Latest Scam to Compromise Office 365 Credentials

Attackers use simple cause for concern as the basis of a scam intent on tricking victims into offering up their Office 365 credentials.
Continue Reading

Two-Thirds of Organizations See an Increase in Impersonation Attacks

Nothing fools a user like an email seemingly from someone they know. And, according to the latest data from Mimecast, the bad guys are stepping up their impersonation game.
Continue Reading

Business Email Compromise Continues to Rise with Malicious URLs as the Favorite Among Attackers

According to the latest research by Proofpoint, attackers are fine-tuning their efforts to increase the success of BEC campaigns.
Continue Reading

Ransomware Halts Production For Days At Major Airplane Parts Manufacturer

As a result of having IT systems crippled by the ransomware infection, the company has sent home approximately 1,000 of its 1,400 workers on paid leave.
Continue Reading

Voicemail Phishing Scam Steals Credentials

A new phishing campaign is asking victims to click on a link in an email to download a voicemail, My Online Security reports. When recipients click on the link, they’ll be redirected to a ...
Continue Reading

FBI’s Advice on Spotting Phishing

The FBI’s Internet Crime Complaint Center (IC3) released a PSA warning that attackers are exploiting people’s trust in sites that use HTTPS. Cybersecurity training has in the past rightly ...
Continue Reading

No, Government Contractors Can't Falsify Claims of Compliance with Cybersecurity Standards

Seems obvious, but a recent lawsuit highlights the need for government contractors to comply with government-mandated cybersecurity controls.
Continue Reading

Social Engineering is at the Root of Nearly all Fraud Attacks

According to the latest fraud report from RSA, all four of the documented fraud attack methods use some form of social engineering to trick victims into giving up their money.
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews