Security Awareness Training Blog

Keeping You Informed. Keeping You Aware.
Stay on top of the latest in security including social engineering, ransomware and phishing attacks.

[IRS Alert] Three Tips To Protect Against Tax Season Refund Scams

Urging taxpayers and tax professionals to be vigilant, the Internal Revenue Service (IRS) provides some simple guidance on how to spot new scams aimed at being able to file fake tax ...
Continue Reading

Why Security Awareness Training Is Effective in Reducing Cybersecurity Risk

Security awareness training (SAT) works! A well-designed security awareness training campaign will significantly reduce cybersecurity risk.
Continue Reading

Brand New BazarCall Phishing Campaign Abuses Google Forms

A new BazarCall phishing campaign is using Google Forms to send phony invoices, according to researchers at Abnormal Security.
Continue Reading

As the Holiday Season Ramps Up, So Do Scams Impersonating the U.S. Postal Service

Taking traditional “delayed package” scams up a notch, new phishing and smishing attack campaigns are leveraging freemium DNS services to avoid detection by security solutions.
Continue Reading

Phishing Is Still the No. 1 Attack Vector, With Huge 144% Malicious URL Spike

Analysis of nearly a year’s worth of emails brings insight into exactly what kinds of malicious content are being used, who’s being impersonated, and who’s being targeted.
Continue Reading

Undercover Threat: North Korean Operatives Infiltrate U.S. Companies Through Job Platforms

Researchers at Nisos warn that North Korean threat actors are impersonating skilled job seekers in order to obtain remote employment at US companies.
Continue Reading

How To Fight Long-Game Social Engineering

CISA sent out a warning about a Russian advanced persistent threat (APT) called Star Blizzard warning about their long-game social engineering tactics.
Continue Reading

Russia Weaponizes Israel-Hamas Conflict in Targeted Phishing Attack

Researchers at IBM X-Force are tracking a phishing campaign that’s using themes related to the Israel-Hamas war to deliver Headlace, a backdoor exclusively used by the suspected Russian ...
Continue Reading

Who's Calling? Spam, Scams and Wasted Time

First ever insight into those annoying spam calls provides enlightening detail into how many calls are there, where are they coming from, and how much time is wasted dealing with them.
Continue Reading

Unwrapping the Threat: AI-Powered Phishing Attacks Take Center Stage in 2023 Holidays

As the holiday season approaches, so does the annual surge in online shopping and holiday package tracking. Unfortunately, this joyous time has also become a prime hunting ground for ...
Continue Reading

Russian Hackers Indicted for Phishing Attacks Against U.S. and Allies

The US Justice Department has indicted two individuals for launching spear phishing attacks against the US, the UK, Ukraine and various NATO member countries on behalf of the Russian ...
Continue Reading

Deepfakes: The New Face of Fraud

Security analysts at identity vendor Sumsub are seeing a massive rise in the use of deepfake fraud in their Identity Fraud Report 2023. And one country may be to blame.
Continue Reading

WSJ: "A Hidden Risk in the Municipal Bond Market: Hackers"

December 7, 2023 - The Wall Street Journal has an interesting perspective on K-12 Public schools suffering ransomware attacks. The number doubles between 2021 and 2022 to almost 2,000 a ...
Continue Reading

2024 IT Spending Surge: Surprising Insights from Piper Sandler's CIO Survey

Industry analysts Piper Sandler do a yearly 'Industry Note' where they survey CIOs about their next year budget expectations. For 2024 there is a noticeable improvement regarding ...
Continue Reading

Maximizing Your Purchasing Power: A Source For Validated  KnowBe4 Reviews

One of the key strategies to maximize your purchasing power is to research products and compare total cost of ownership. Take the time to do research and gather data about the platforms ...
Continue Reading

Phishing Defense: Train Often to Avoid the Bait

Surveys, unfortunately, show that the vast majority of organizations do little to no security awareness training. The average organization, if it does security awareness training, does it ...
Continue Reading

Nearly Every CIO Identifies at Least One Cyber Threat as a Risk to their Business

When 97% of CIOs all see things the same way, it’s probably a sign to take the risk of cyber threats seriously – a problem new data shows is only going to get worse in the next five years.
Continue Reading

Cyber Attacks and Data Breaches Cited as the Number One Business Risk for Organizations

Even when looking at the various kinds of risks to business, cyber attacks still remain the biggest problem. But new data shows there may be a lesson to be learned to minimize losses.
Continue Reading

Phishing-Resistant MFA Will Not Stop Phishing Attacks

You would be hard-pressed to find an author and organization (KnowBe4) that has pushed the use of phishing-resistant multi-factor authentication (MFA) harder.
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews