CISA’s Advice on Countering Phishing

Sep 14, 2020 10:19:06 AM By Stu Sjouwerman

The US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has published an advisory on best practices to thwart email-based phishing attacks. The ...

Ransomware Dominates 41% of all Cyber Insurance Claims in H1 2020

Sep 11, 2020 11:00:51 AM By Stu Sjouwerman

Just-released data from cyber insurer Coalition shows massive increases in both the frequency of ransomware attacks and the ransom demand with Maze and Ryuk leading the way.

Fake Alert Scams: Actually Unwanted Programs

Sep 10, 2020 3:05:22 PM By Stu Sjouwerman

Mobile tech support scams are on the rise, according to researchers at Sophos. These scams are similar to traditional desktop tech support scams, in that they try to frighten the user ...

The Dangerous Attraction of Original Gangsters

Sep 9, 2020 8:27:21 AM By Stu Sjouwerman

Users need to be mindful of the ways in which hackers can take over their accounts, according to Brian Krebs. Krebs says his experience as the owner of an “OG” Gmail address made him ...

They're Back: Bad Guys Spoof KnowBe4 Again

Sep 9, 2020 8:19:57 AM By Eric Howes

Earlier this week customers using the Phish Alert Button (PAB) began reporting yet another round of spoofed KnowBe4 security awareness training emails. The emails reported are fairly ...

Extradited Member of a U.K. Scammer Highlights How His Gang Took Banks for $2 Million

Sep 8, 2020 1:45:28 PM By Stu Sjouwerman

Details on how this global gang of cybercriminals used spoofing and impersonation methods to social engineer banks time and time again shows how effective these tactics are.

CyberheistNews Vol 10 #37 [Heads Up] How to Check Your Email Rules for Maliciousness. Do This Now.

Sep 8, 2020 9:40:45 AM By Stu Sjouwerman

CyberheistNews Vol 10 #37 [Heads Up] How to Check Your Email Rules for Maliciousness. Do This Now. Roger Grimes wrote: "Email rules have been used maliciously for decades. Learn about ...

Email and SMS Phishing Campaign Impersonates Lloyds Bank

Sep 8, 2020 8:33:04 AM By Stu Sjouwerman

A convincing phishing campaign is targeting customers of Lloyds Bank, Infosecurity Magazine reports. Law practice Griffin Law warns that more than 100 people have reported receiving ...

Legitimate Services, but still Hook, Line, and Sinker

Sep 8, 2020 7:03:00 AM By Stu Sjouwerman

A malware distribution campaign is abusing organizations’ contact forms to send malicious emails designed to catch the attention of companies’ customer support personnel. The attackers ...

The New Version of Qbot Trojan Steals Damn Near Everything, Hijacks Email Threads to Spread Infection

Sep 8, 2020 7:01:00 AM By Stu Sjouwerman

Originally seen all the way back in 2008, this banking trojan is continuously being developed. Its latest iteration is downright nasty and has already infected 5% of all organizations ...

Users Are Still Falling for Phishing Attacks. Want to Know Why?

Sep 8, 2020 7:00:00 AM By Stu Sjouwerman

With phishing and spear phishing so prevalent as the primary initial attack vector for malware, ransomware, and data breach attacks, why aren’t users getting wise.

[On-Demand] Think Like a Hacker: Learn How to Use Open Source Intelligence (OSINT) to Defend Your Organization

Sep 8, 2020 7:00:00 AM By Stu Sjouwerman

In today's digital age we are surrounded by massive amounts of data every day. This makes it ridiculously easy to gather shockingly detailed information about anyone… even your ...

[Heads Up] My Name Is Being Used In Criminal Identity Theft Attacks At The Moment

Sep 5, 2020 11:07:10 AM By Stu Sjouwerman

There is an old Dutch expression: "High trees catch a lot of wind". Well. once you get in the public eye there is definitely the effect you become a bigger target of identity theft. In ...

Malicious Actors & State Actors: IT Admins Targeted with Fake Warning Notice

Sep 3, 2020 1:51:44 PM By Eric Howes

By Eric Howes, KnowBe4 Principal Lab Researcher. For several years both Google and Yahoo have been warning users about potential attacks on their accounts by "state actors." Indeed, ...

Contact Tracing: Real and Bogus

Sep 3, 2020 8:35:54 AM By Stu Sjouwerman

Scammers are posing as COVID-19 contact tracers and attempting to trick people into handing over their payment information, NPR reports. The scammers are using phone calls, texts, and ...

New Phishing Attack Uses a Compromised Vendor Account and Box to Elude Detection

Sep 3, 2020 8:31:01 AM By Stu Sjouwerman

Using legitimate email accounts is a great way for phishing emails to avoid being identified. Hosting malicious files on Box is another. Put them together and this attack reaches your ...

[On-Demand] Stump the Shark: Ask Roger Grimes Your Most Burning IT Security Questions!

Sep 3, 2020 7:00:00 AM By Stu Sjouwerman

Have you ever wanted to pick the brain of one of the most prolific IT security experts? Now is your chance! In our “Ask Me Anything” session with Roger Grimes, Data-Driven Defense ...

Check Your Email Rules for Maliciousness

Sep 2, 2020 4:07:15 PM By Roger Grimes

Email rules have been used maliciously for decades. Learn about email rules and what you need to do to defend your organization against their malicious misuse.

New Botnet Promising Free Shoes as Phishbait

Sep 2, 2020 8:34:26 AM By Stu Sjouwerman

Researchers at WhiteOps warn that a family of malicious Android apps are spreading a new ad-fraud botnet by promising free shoes and other products to users who install the apps. The ...

Organizations Aren’t Prepared to Recover from Cyberattacks on Active Directory

Sep 2, 2020 8:26:55 AM By Stu Sjouwerman

Cybercriminals are increasingly leveraging Active Directory to spread malware and even hold the organization for ransom. New data suggests you’re nowhere near ready for it.

Security Awareness Training Blog

View Topics