Security Awareness Training Blog

Keeping You Informed. Keeping You Aware.
Stay on top of the latest in security including social engineering, ransomware and phishing attacks.

Bogus Bug Reports as Phishbait, Scams

Some bug bounty seekers are using extortionist or fear-mongering tactics in an effort to get paid for reporting trivial flaws, according to Chester Wisniewski at Sophos. He calls them ...
Continue Reading

Microsoft Finds 80% of Organizations Encounter an Increase in Security Threats Due to Remote Workers

Learning from last year’s shift to a remote workforce can help dictate how operations should evolve. New data from Microsoft points at the need to better secure remote workers.
Continue Reading

Microsoft: SolarWinds attack took more than 1,000 engineers to create

You may have missed this extremely interesting bit of data that ZDNet just published. "Microsoft reckons that the huge attack on security vendors and more took the combined power of at ...
Continue Reading

Phishing and Impersonated Brands

Microsoft is still the most impersonated brand for phishing campaigns, according to researchers at Vade Secure. The security firm spotted 30,621 unique Microsoft-related phishing URLs in ...
Continue Reading

Caught by a CAPTCHA?

Be aware of being involved in malicious CAPTCHA solving.
Continue Reading

A Ransomware Victim Refuses to Pay

Video game studio CD Projekt Red, makers of The Witcher series and Cyberpunk 2077, have disclosed a ransomware attack, WIRED reports. The attackers claimed to have stolen source code for ...
Continue Reading

New Novel Campaign Targeting Security Researchers Uses Really Creative Social Engineering to Fool Victims

Pretending to be security researchers themselves, this group of cybercriminals went to great lengths to make sure legitimate security researchers would fall for the attack.
Continue Reading

New Phishing Scam Uses Fake PPP Loans to Trick Victims into Giving Up Personal Information

Taking advantage of people’s need for financial assistance, these scammers pose as a bank offering “forgivable business loans to individuals impacted by the pandemic.”
Continue Reading

Dutch Intelligence Agencies Warn About Chinese and Russian Cyber Espionage

Chinese and Russian state hackers threaten the Dutch economy. Three Dutch intelligence agencies jointly sound the alarm about digital espionage in financial newspaper Het Financieele ...
Continue Reading

[Heads Up] Growing Collaboration Among Criminal Groups Heightens Ransomware Triple Threat

Increased communication and collaboration among cybercrime groups is heightening the ransomware threat for the healthcare sector, according to the Cyber Threat Intelligence League (CTI ...
Continue Reading

[Scary?] AI Can Now Learn To Manipulate Human Behavior

The Conversation just published something I have been worried about for a while now. Scary? Could be getting that way sometime soon.  They said: "Artificial intelligence (AI) is learning ...
Continue Reading

Phishing for Love

Valentine’s Day-themed phishing campaigns are spiking, researchers at Check Point warn. There was a 29% increase in Valentine’s Day-related phishing domains last month, compared to a 6% ...
Continue Reading

[New E-Book] Comprehensive Anti-Phishing Guide

Spear phishing emails remain a top attack vector for the bad guys, yet most companies still don’t have an effective strategy to stop them.
Continue Reading

It’s Not Only About the URL

You have to look at the totality of an email to determine whether it is a phishing attack or not.
Continue Reading

[HEADS UP] NHS Issues Warning as UK COVID-19 Vaccine Scams Are Still Running Rampant

The National Health Service (NHS) in the UK recently sent a warning that cybercriminals are using social engineering tactics to target people wanting a COVID-19 vaccine email that is ...
Continue Reading

US Gmail Users Are Preferred Phishing Targets

Google has found that most phishing attacks (42%) target Gmail users in the US. Users in the UK were the second most targeted, with 10% of attacks. Japan came in third with 5% of phishing ...
Continue Reading

New Phishing Attack Uses Morse Code to Avoid Detection by Email Scanners

Yes – you read that right: Cybercriminals have found a way to use 1830’s technology to trick 2020s security solutions into not identifying phishing attachments as malicious.
Continue Reading

New Phishing Attack Uses Google Firebase to Trick Microsoft and Achieve a Spam Confidence Level of Just 1

This new phishing scam takes advantage of inherent trust in credible domains to get past the scrutiny of even Microsoft to trick Office 365 users into giving up their online credentials.
Continue Reading

Cannabis Company Loses Millions in BEC Scam

Australian medicinal cannabis company Cann Group has lost $3.6 million in a business email compromise (BEC) attack, Stockhead reports. The company had thought it was paying an unnamed ...
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews