Security Awareness Training Blog

Keeping You Informed. Keeping You Aware.
Stay on top of the latest in security including social engineering, ransomware and phishing attacks.

Conti Ransomware Affiliate Attacks Australian Utilities Giant's Corporate Network

While news reports indicate no impact to the utilities company’s ability to deliver electricity to its’ customers, this could be the start of attacks on critical infrastructure in ...
Continue Reading

Google Takes a Step Towards Reducing the Use of Calendar Invitations as Phishing Tools

Doing their part, Google adds new functionality that defaults to automatically adding Google-based calendar invites to a victim’s calendar to lower the malicious value of an invite.
Continue Reading

West Virginia Healthcare Breach Traced to Phishing

Monongalia Health System in West Virginia has disclosed a data breach that exposed sensitive patient and employee information.
Continue Reading

[Eye Opener] New Phishing Research Shows 37% of Sites Had More Than a Day Downtime

More than half (55%) of phishing attacks target IT departments, according to research commissioned by OpenText. Additionally, nearly half of survey respondents said they had fallen for a ...
Continue Reading

New Nigerian Phishing Scams Target U.S. Military Families with Needed “Services”

With loved ones potentially a half a world away, scammers prey on families with scams that offer to assist with communication, care packages, leave, and more.
Continue Reading

Office 365 “Spam Notification” Phishing Emails Seek to Capture Credentials

A new campaign spotted in the wild uses a tried-and-true method of convincing victims to provide their Office 365 logon credentials to be used in future attacks.
Continue Reading

U.K. Workers Aren’t Concerned about Company Cybersecurity Despite 60% Having Been Victims of a Cyberattack

New data shows a huge disparity between the likelihood of cyberattack against U.K. organizations and their employee’s cybersecurity awareness and vigilance.
Continue Reading

One-Third of Phishing Pages Are Inactive After Just One Day

We’ve always known phishing scammers work very quickly, moving from campaign to campaign, but new data indicates some scammers are moving on in terms of literally hours.
Continue Reading

Canadian Government Urges Organizations to Take Additional Steps to Protect Against Ransomware Attacks

Citing upticks in attacks, Canada’s Centre for Cyber Security asks organizations to step up protective measures, offering guidance and a playbook to improve security.
Continue Reading

Having an Efficient Security Awareness Training Program

I love that KnowBe4’s customers are among the most knowledgeable and educated people in the world in avoiding phishing scams. KnowBe4’s products help its customers to educate and test ...
Continue Reading

With KnowBe4’s Phish Alert Button, You Can Now Collect Feedback from Your Users When They Report Suspicious Emails

We are excited to announce the availability of KnowBe4’s enhanced Phish Alert Button for Microsoft 365 with the new User Comments feature!
Continue Reading

Phishing Campaign Impersonates Pfizer

A phishing campaign is impersonating Pfizer with phony request-for-quotation (RFQ) emails, according to Roger Kay at INKY. The email lures had fairly convincing PDF attachments that ...
Continue Reading

Phishing Remains Top Form of Cybersecurity Breach in 2021

Over half of organizations say they’ve experienced a cybersecurity breach caused by phishing in the last 12 months, dwarfing the second-place breach cause (malware) by almost 30%.
Continue Reading

Double Extortion Ransomware Attacks That Publish Victim Data Increase 935%

According to new data, the number of victim companies impacted by double extortion has jumped from 229 by the first half of 2020 to nearly 2400 by the first half of 2021.
Continue Reading

Embedded Email Attacks Are on the Rise and Aren’t Being Detected by Security Solutions

This classic tactic is making a comeback and is elegantly simple to execute, yet sufficiently complex enough to keep email scanning solutions from seeing it as malicious.
Continue Reading

Spam Calling Rates Spike Globally

Spam calls in the US spiked in October, according to Truecaller’s annual Global Spam Report. The report observed that Truecaller customers in the US received 3,115,861 spam calls in ...
Continue Reading

Whitelisting On Known Headers Not Recommended

We found a discussion on Twitter about this topic and we thought it would be useful to provide to provide the correct technical background related to whitelisting.
Continue Reading

[EYE OPENER] New EU Phishing Study Shows That Crowd-sourcing Phishing Defense Is Successful

A Swiss phishing study involving roughly 15,000 participants in a 15-month experiment produced some interesting results. The study was run by researchers at ETH Zurich, working together ...
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews