Security Awareness Training Blog

Keeping You Informed. Keeping You Aware.
Stay on top of the latest in security including social engineering, ransomware and phishing attacks.

[Scam of the Week] Black Friday & Cyber Monday Cybersecurity Tips 2021

Cybercriminals are at it again with holiday phishing scams. Because of the popularity of online shopping, retailers' online Black Friday deals attract more and more scammers every year. ...
Continue Reading

SEC Warns of Spoofed Emails Impersonating Their Employees

Scammers are impersonating the US Securities and Exchange Commission (SEC) with spoofed phone calls and other communications that attempt to steal money and personal information from ...
Continue Reading

New Dangerous and Persistent "Metamorphic" Malware Strain Called Tardigrade

Michael Kan at PCMag reported on this new strain of Windows malware. It can constantly adapt to avoid detection and was first found targeting the biotech industry, including the ...
Continue Reading

Phishing Campaign Targets TikTok Influencers

Phishing emails are targeting large TikTok accounts with phony copyright warnings or offers for account verification, according to researchers at Abnormal Security.
Continue Reading

Microsoft Exchange Server Flaws Now Exploited for BEC Attacks

Threat actors are using a couple of dangerous, new tactics to exploit the so-called ProxyShell set of vulnerabilities in on-premises Exchange Servers that Microsoft patched earlier this ...
Continue Reading

'Fake Ransomware' as a Form of Social Engineering

Attackers are exploiting a vulnerability in a WordPress plugin to deface several hundred websites with phony warnings of ransomware, the Record reports. Researchers at Sucuri found that ...
Continue Reading

Social Engineering, Persistence, and a Few Phone Calls is All it Takes to Steal $1 Million

The story of a Swiss investor who was convinced they were purchasing pre-IPO shares of AirBnB is the cautionary tale of how little it really takes to turn someone into a victim.
Continue Reading

Ransomware Gangs Now Have Enough Money to Afford Zero-Day Exploits

Normally so expensive that they are only associated with nation-states, zero-day vulnerabilities are now within reach of ransomware gangs that have amassed fortunes to continue attacks.
Continue Reading

Malicious Retail Phishing Sites Spike Ahead of Shopping Holidays

Researchers at Check Point have observed a record number of malicious phishing shopping websites that have been set up over the past two months. The researchers assume these sites were ...
Continue Reading

Trends in Cybercrime Report Phishing, Non-Payment Scams, and Extortion

Social engineering attacks account for the vast majority of cybercrime in the US, according to researchers at SEON. The security firm found that phishing, non-payment or non-delivery ...
Continue Reading

Rosa Smothers is Featured in the Women Know Cyber Documentary

Our very own Rosa Smothers, SVP of Cyber Operations, has been featured in the Women Know Cyber documentary by Cybercrime Magazine.
Continue Reading

Phishing Emails Use Small Font Size to Bypass Security Filters

Researchers at Avanan have spotted phishing emails that use a font size of one to fool email security scanners. The emails appear to be password expiration notifications from Microsoft ...
Continue Reading

One-Fifth of U.K. Residents Have Experienced a ‘Proof of Vaccination’ Attack

As the pandemic now focuses on proving vaccination status in many locales, scammers are taking the opportunity to leverage the need for documentation to steal personal information.
Continue Reading

“Customer Complaint” May Get Your Attention

A spear phishing campaign is sending phony “customer complaints” that contain a link to a malicious website, according to Paul Ducklin at Naked Security. The phishing emails appear to ...
Continue Reading

Will Ransomware Extortion Tactics Ever Stop Evolving?

The latest development in extortion methods by developers of Conti shows we should begin to continually expect new and innovative extortion tactics by cybercriminal gangs moving forward.
Continue Reading

Use of Ransomware Data Leak Sites Begin to Slow Down?

New analysis of ransomware attacks by security vendor Digital Shadows in their Ransomware Q3 Roll Up highlights the current state of data leak site use with a peek into what may be to ...
Continue Reading

Bait Attacks as Reconnaissance

Researchers at Barracuda warn that attackers are sending non-malicious emails as a precursor to targeted phishing attacks.
Continue Reading

Phishing Attacks Aimed at Social Accounts Now in the Top Three Targeted Sectors

New data on the use of impersonation in phishing attacks focused on social media accounts shows some very realistic and worrisome websites and emails that could definitely fool you.
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews