Security Awareness Training Blog

Keeping You Informed. Keeping You Aware.
Stay on top of the latest in security including social engineering, ransomware and phishing attacks.

View Topics

Homographic Domain Name Phishing Tactics

Jun 6, 2022 1:00:22 PM By Stu Sjouwerman
Bitdefender warns that Microsoft Office applications are vulnerable to phishing tactics that exploit international domain names (IDNs). Affected applications include Outlook, Word, Excel, ...
Continue Reading

[On-Demand Webinar] Understanding the Threat of NFT and Cryptocurrency Cyber Attacks and How to Defend Against Them

Jun 6, 2022 11:39:00 AM By Stu Sjouwerman
A growing number of organizations worldwide are utilizing cryptocurrency for a host of investment, operational, and transactional purposes. Seemingly overnight, technologies like ...
Continue Reading

Why We Recommend Your Passwords Be Over 20-Characters Long

Jun 3, 2022 8:13:08 AM By Roger Grimes
KnowBe4 just released its official guidance and recommendations regarding password policy. It has been a project in the works for many months now, but we wanted to make sure we got it ...
Continue Reading

Introducing KnowBe4’s Password Policy E-Book

Jun 3, 2022 8:11:54 AM By Roger Grimes
KnowBe4 just released its first e-book covering password attacks, defenses and what your password policy should be. Here is a summary of its recommendations:
Continue Reading

Your KnowBe4 Fresh Content Updates from May 2022

Jun 3, 2022 8:09:30 AM By Stu Sjouwerman
Check out the 26 new pieces of training content added in April, alongside the always fresh content update highlights and new features.
Continue Reading

Smishing and Home Delivery

Jun 2, 2022 9:10:57 AM By Stu Sjouwerman
A smishing campaign is impersonating the UK-based delivery company Evri with text messages informing recipients that their package couldn’t be delivered, according to Paul Ducklin at ...
Continue Reading

SideWinder Targets Pakistani Entities With Phishing Attacks

Jun 2, 2022 9:09:56 AM By Stu Sjouwerman
The India-aligned APT SideWinder is using a variety of social engineering techniques to target Pakistani government and military entities, according to researchers at Group-IB. The threat ...
Continue Reading

U.K.’s National Health Service Becomes the Latest Victim of a Credential Harvesting Phishing Operation

Jun 1, 2022 6:09:40 PM By Stu Sjouwerman
Part of a six-month attack, email accounts on the NHS’ Microsoft 365 instance were compromised, resulting in over 1,100 targeted email attacks used to obtain more credentials.
Continue Reading

Phishing Attacks Rise 54% as the Initial Attack Vector Across All Threat Incidents

Jun 1, 2022 6:09:19 PM By Stu Sjouwerman
As cybercriminal groups hone their craft, one analysis shows them shying away from zero-day exploits, use of valid accounts, and third-party vulnerabilities to gain initial access during ...
Continue Reading

The Business (and Success) of Ransomware Explained as a Simple Funnel

Jun 1, 2022 6:08:53 PM By Stu Sjouwerman
The rise of Ransomware-as-a-Service has given rise to a number of more successful groups who have their “business” down to a simple exercise of playing the numbers.
Continue Reading

CyberheistNews Vol 12 #22 [Heads Up] The New Verizon 2022 Data Breach Investigation Report Shows Sharp Rise in Ransomware

Jun 1, 2022 8:59:33 AM By Stu Sjouwerman
Continue Reading

Phishing Campaign Targets QuickBooks Users

Jun 1, 2022 8:23:44 AM By Stu Sjouwerman
Accounting software provider Intuit has warned of a phishing scam targeting its customers, BleepingComputer reports. The phishing campaign affected users of Intuit’s QuickBooks product, ...
Continue Reading

We Do Not Talk Enough About Social Engineering and It’s Hurting Us

May 27, 2022 8:04:40 AM By Roger Grimes
One of the most important things I have tried to communicate to audiences since at least the 1990s is how prevalent a role social engineering plays in cybersecurity attacks. I have ...
Continue Reading

The $44 Million Smishing Problem and How to Not Be a Victim

May 27, 2022 8:04:11 AM By Stu Sjouwerman
Consumer Affairs reported on how big of a problem SMS phishing scams have become, and how it's about to get a lot worse. According to a recent FBI report, more than 320,000 Americans were ...
Continue Reading

Collaring the (Alleged) Leader of a BEC Gang

May 26, 2022 8:44:12 AM By Stu Sjouwerman
A joint operation by INTERPOL and the cybercrime unit of the Nigeria Police Force have concluded a yearlong investigation into the SilverTerrier business email compromise gang by ...
Continue Reading

Verizon: Ransomware Involved in 25% of Data Breaches as Credentials and Phishing are Seen as “Key Paths” for Attack Success

May 25, 2022 12:30:10 PM By Stu Sjouwerman
With the much-anticipated annual Verizon Data Breach Investigations Report finally released, we get a view of ransomware from the data breach perspective that points to a common weakness ...
Continue Reading

That’s Not Actually Elon Musk

May 25, 2022 8:55:58 AM By Stu Sjouwerman
Scammers are using deepfake videos of Elon Musk in an attempt to trick people into handing over cryptocurrency, BleepingComputer reports. The scammers set up a phony cryptocurrency ...
Continue Reading

New Scam Uses Fraud Support Social Engineering to Take Victims for Thousands of Dollars

May 24, 2022 9:54:37 AM By Stu Sjouwerman
A new scam borrows a page from the tech support scams that target older victims telling them potential fraud has been found, offering to “help” solve the issue and ultimately asking for ...
Continue Reading

Phishing Scammers Benefit from Shady SEO Practices to Rank Better Than Legitimate Domains

May 24, 2022 9:54:10 AM By Stu Sjouwerman
So-called “Black Hat SEO” services have popped up on Dark Web forums bringing advantageous search results to anyone willing to pay a small monthly fee.
Continue Reading

New IRS Phishing Scam Uses Fake Notices to Steal Microsoft 365 Credentials

May 24, 2022 9:53:40 AM By Stu Sjouwerman
Scammers use an “overdue tax bill” along with a sophisticated and obfuscated javascript-based “invoice” attachment to identify targeted victims, validate credentials, and transmit them ...
Continue Reading
Subscribe

Search Our Blog


Anti-Phishing Guide ebook

Subscribe To Our Blog

Posts By Topic

View all

Get the latest about social engineering

Subscribe to CyberheistNews