Security Awareness Training Blog

Keeping You Informed. Keeping You Aware.
Stay on top of the latest in security including social engineering, ransomware and phishing attacks.

[NEW PhishER Feature] Remove, Inoculate, and Protect Against Email Threats Faster With PhishRIP

Your users are likely already reporting potentially dangerous emails in some fashion within your organization. The increase of this email traffic can present a new problem!
Continue Reading

Security Awareness Advocate Kai Roer Discusses the 2020 Security Culture Report

Our security awareness advocate Kai Roer recently did an interview with Cybercrime Magazine. Kai discusses the history of CLTRe (now KnowBe4 Research) and his background on security ...
Continue Reading

High-Profile Caper Spawns Phishing Campaign

A phishing campaign is using the recent Twitter hack as phishbait, HackRead reports. In mid-July, hackers used social engineering against Twitter employees to gain access to more than a ...
Continue Reading

Funds Transfer Fraud Has Increased 35% Since the Onset of COVID-19

With reported losses from thousands of dollars to well over $1 million, funds transfer fraud represents 27% of cyber insurance claims in 2020.
Continue Reading

Business Email Compromise attacks increase 67% Leading to Fraud, Ransomware, and Data Breaches

Involved in 60% of cybersecurity insurance claims, Business Email Compromise (BEC) is growing in interest by cybercriminals as the initial malicious action as part of a larger attack.
Continue Reading

CISA’s Advice on Countering Phishing

The US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has published an advisory on best practices to thwart email-based phishing attacks. The ...
Continue Reading

Ransomware Dominates 41% of all Cyber Insurance Claims in H1 2020

Just-released data from cyber insurer Coalition shows massive increases in both the frequency of ransomware attacks and the ransom demand with Maze and Ryuk leading the way.
Continue Reading

Fake Alert Scams: Actually Unwanted Programs

Mobile tech support scams are on the rise, according to researchers at Sophos. These scams are similar to traditional desktop tech support scams, in that they try to frighten the user ...
Continue Reading

The Dangerous Attraction of Original Gangsters

Users need to be mindful of the ways in which hackers can take over their accounts, according to Brian Krebs. Krebs says his experience as the owner of an “OG” Gmail address made him ...
Continue Reading

They're Back: Bad Guys Spoof KnowBe4 Again

Earlier this week customers using the Phish Alert Button (PAB) began reporting yet another round of spoofed KnowBe4 security awareness training emails.  The emails reported are fairly ...
Continue Reading

Extradited Member of a U.K. Scammer Highlights How His Gang Took Banks for $2 Million

Details on how this global gang of cybercriminals used spoofing and impersonation methods to social engineer banks time and time again shows how effective these tactics are.
Continue Reading

CyberheistNews Vol 10 #37 [Heads Up] How to Check Your Email Rules for Maliciousness. Do This Now.

  CyberheistNews Vol 10 #37 [Heads Up] How to Check Your Email Rules for Maliciousness. Do This Now. Roger Grimes wrote: "Email rules have been used maliciously for decades. Learn about ...
Continue Reading

Email and SMS Phishing Campaign Impersonates Lloyds Bank

A convincing phishing campaign is targeting customers of Lloyds Bank, Infosecurity Magazine reports. Law practice Griffin Law warns that more than 100 people have reported receiving ...
Continue Reading

Legitimate Services, but still Hook, Line, and Sinker

A malware distribution campaign is abusing organizations’ contact forms to send malicious emails designed to catch the attention of companies’ customer support personnel. The attackers ...
Continue Reading

The New Version of Qbot Trojan Steals Damn Near Everything, Hijacks Email Threads to Spread Infection

Originally seen all the way back in 2008, this banking trojan is continuously being developed. Its latest iteration is downright nasty and has already infected 5% of all organizations ...
Continue Reading

Users Are Still Falling for Phishing Attacks. Want to Know Why?

With phishing and spear phishing so prevalent as the primary initial attack vector for malware, ransomware, and data breach attacks, why aren’t users getting wise.
Continue Reading

[On-Demand] Think Like a Hacker: Learn How to Use Open Source Intelligence (OSINT) to Defend Your Organization

In today's digital age we are surrounded by massive amounts of data every day. This makes it ridiculously easy to gather shockingly detailed information about anyone… even your ...
Continue Reading

[Heads Up] My Name Is Being Used In Criminal Identity Theft Attacks At The Moment

There is an old Dutch expression: "High trees catch a lot of wind". Well. once you get in the public eye there is definitely the effect you become a bigger target of identity theft. In ...
Continue Reading

Malicious Actors & State Actors: IT Admins Targeted with Fake Warning Notice

By Eric Howes,  KnowBe4 Principal Lab Researcher. For several years both Google and Yahoo have been warning users about potential attacks on their accounts by "state actors." Indeed, ...
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews