$148 Million Lost to Gift Card Scams in 2021 (So Far)

Dec 16, 2021 12:44:04 PM By Stu Sjouwerman

A US Federal Trade Commission (FTC) data spotlight has found that people in the US lost $148 million to gift-card-related scams in the first nine months of 2021. The spotlight also found ...

NSA: Cyberattacks are Putting the “Security of our Nation” at Stake

Dec 15, 2021 4:24:13 PM By Stu Sjouwerman

When most see cyberattacks as something that is impactful at the organizational level, the head of the National Security Agency sees cyberattacks as being a threat to the entire nation.

The Evolving State of Cyber Insurance May Indicate More Scrutiny for IT and Security Teams

Dec 15, 2021 4:24:05 PM By Stu Sjouwerman

The need to balance offering coverage for cyber incidents with maintaining a profit has cyber insurers rethinking how they will approach measuring insured risk and exposure.

Over 1000 Arrests and $27 Million Intercepted in Massive INTERPOL Sting Operation

Dec 15, 2021 4:24:01 PM By Stu Sjouwerman

Bringing together specialized police units from 20 countries, Operation HAECHI-II targeted those involved in online fraud, romance scams, investment fraud and money laundering.

Netflix is the Latest Impersonated Brand in Ongoing Subscriber Targeting Scams

Dec 15, 2021 4:23:55 PM By Stu Sjouwerman

With the increased interest in and availability of movie and TV streaming services, plenty of new scams are popping up attempting to steal personal details and credit card information.

Wall Street Journal article: "Shaming Employees For Phishing is Counterproductive"

Dec 15, 2021 1:31:44 PM By Stu Sjouwerman

Shaming employees for falling for phishing attacks is the wrong approach, according to Dr. Karen Renaud, a chancellor’s fellow at the University of Strathclyde. In an article for the Wall ...

Log4j vulnerability - KnowBe4 Not Affected

Dec 15, 2021 9:59:45 AM By Stu Sjouwerman

KnowBe4 is aware of the recent log4j vulnerability (CVE-2021-44228) and has been investigating this issue in-depth. We can confirm that no KnowBe4 products are affected by this at this ...

Answer 4 Simple Questions To Avoid a Social Engineering Attack

Dec 14, 2021 2:19:57 PM By Roger Grimes

I am usually not a man of a few words. I am the opposite. I write hundreds of pages a month and talk non-stop in person. But lately, I have been trying to be better at saying more with ...

CyberheistNews Vol 11 #49 [HEADS UP] Tricky New TSA PreCheck Scam Steals Your Personal and Credit Card Details

Dec 14, 2021 9:35:53 AM By Stu Sjouwerman

The Unbearable Lightness of Phishing Pages

Dec 14, 2021 8:45:50 AM By Stu Sjouwerman

Researchers at Kaspersky have found that most phishing pages are active for less than one day, with many of them going offline after just a few hours. Most of these short-lived pages were ...

Socially Engineering Your Way to Customer Data

Dec 13, 2021 9:09:38 AM By Stu Sjouwerman

US telecommunications company Cox Communications has disclosed a data breach that exposed some customers’ information, BleepingComputer reports. The company said in a breach notification ...

2021 Security Hints & Tips for Holiday Travels

Dec 9, 2021 4:00:15 PM By Stu Sjouwerman

The holiday season may be closer to "normal" this year, and that means your users will be even more focused on holiday activities - including travel. Cybercriminals will undoubtedly be ...

Real Cyberattack as Phishbait for a Scammer

Dec 9, 2021 8:46:20 AM By Stu Sjouwerman

Scammers are exploiting a real “cyber incident” at a Riverhead New York high school to send out robocalls that claim to be coming from the local police department, RiverheadLOCAL reports.

Credential-Harvesting Phishing Campaign Urges Review of Spam

Dec 8, 2021 10:47:28 AM By Stu Sjouwerman

Researchers at MailGuard have observed a phishing campaign that’s using phony “spam notification” emails that purport to come from Microsoft Office 365. The emails tell recipients that an ...

Victims: After a Data Breach, Changing Passwords and Good Password Hygiene Remain Unimportant

Dec 7, 2021 10:53:12 AM By Stu Sjouwerman

New shocking data shows how unconcerned victim users are after being notified of a data breach involving their credentials, personal information, and even social media accounts.

New TSA PreCheck Scam Seeks to Collect Your Personal and Credit Card Details

Dec 7, 2021 10:53:06 AM By Stu Sjouwerman

Doing one of the best jobs impersonating a website ever seen, this new scam attempts to take those renewing or initially signing up through a believable process that most would fall for.

Half of All Organizations Have Had Employees Approached to Aid in Ransomware Attacks

Dec 7, 2021 10:52:59 AM By Stu Sjouwerman

Partially due to the shift to working remotely, cybercriminals are finding some resemblance of success in getting internal assistance, begging the question of what to do about it.

SideCopy: How an Intelligence Service Uses Phishbait

Dec 7, 2021 10:15:15 AM By Stu Sjouwerman

Researchers at Malwarebytes offer more details on a spear phishing campaign run by a Pakistani threat actor that’s come to be known as “SideCopy.” The campaign was first reported by ...

CyberheistNews Vol 11 #48 [Heads Up] Morgan Stanley Warns Against Recent “Brushing Scam”

Dec 7, 2021 9:27:41 AM By Stu Sjouwerman

New Phishing Campaign has Fake DHL Shipping

Dec 6, 2021 4:14:40 PM By Stu Sjouwerman

Researchers at Avanan have spotted a new phishing campaign that’s impersonating DHL with phony shipping notifications. The emails inform the recipients that they need to update their ...

Security Awareness Training Blog

View Topics