Security Awareness Training Blog

Keeping You Informed. Keeping You Aware.
Stay on top of the latest in security including social engineering, ransomware and phishing attacks.

Homographic Domain Name Phishing Tactics

Bitdefender warns that Microsoft Office applications are vulnerable to phishing tactics that exploit international domain names (IDNs). Affected applications include Outlook, Word, Excel, ...
Continue Reading

[On-Demand Webinar] Understanding the Threat of NFT and Cryptocurrency Cyber Attacks and How to Defend Against Them

A growing number of organizations worldwide are utilizing cryptocurrency for a host of investment, operational, and transactional purposes. Seemingly overnight, technologies like ...
Continue Reading

Why We Recommend Your Passwords Be Over 20-Characters Long

KnowBe4 just released its official guidance and recommendations regarding password policy. It has been a project in the works for many months now, but we wanted to make sure we got it ...
Continue Reading

Introducing KnowBe4’s Password Policy E-Book

KnowBe4 just released its first e-book covering password attacks, defenses and what your password policy should be. Here is a summary of its recommendations:
Continue Reading

Your KnowBe4 Fresh Content Updates from May 2022

Check out the 26 new pieces of training content added in April, alongside the always fresh content update highlights and new features.
Continue Reading

Smishing and Home Delivery

A smishing campaign is impersonating the UK-based delivery company Evri with text messages informing recipients that their package couldn’t be delivered, according to Paul Ducklin at ...
Continue Reading

SideWinder Targets Pakistani Entities With Phishing Attacks

The India-aligned APT SideWinder is using a variety of social engineering techniques to target Pakistani government and military entities, according to researchers at Group-IB. The threat ...
Continue Reading

U.K.’s National Health Service Becomes the Latest Victim of a Credential Harvesting Phishing Operation

Part of a six-month attack, email accounts on the NHS’ Microsoft 365 instance were compromised, resulting in over 1,100 targeted email attacks used to obtain more credentials.
Continue Reading

Phishing Attacks Rise 54% as the Initial Attack Vector Across All Threat Incidents

As cybercriminal groups hone their craft, one analysis shows them shying away from zero-day exploits, use of valid accounts, and third-party vulnerabilities to gain initial access during ...
Continue Reading

The Business (and Success) of Ransomware Explained as a Simple Funnel

The rise of Ransomware-as-a-Service has given rise to a number of more successful groups who have their “business” down to a simple exercise of playing the numbers.
Continue Reading

Phishing Campaign Targets QuickBooks Users

Accounting software provider Intuit has warned of a phishing scam targeting its customers, BleepingComputer reports. The phishing campaign affected users of Intuit’s QuickBooks product, ...
Continue Reading

We Do Not Talk Enough About Social Engineering and It’s Hurting Us

One of the most important things I have tried to communicate to audiences since at least the 1990s is how prevalent a role social engineering plays in cybersecurity attacks. I have ...
Continue Reading

The $44 Million Smishing Problem and How to Not Be a Victim

Consumer Affairs reported on how big of a problem SMS phishing scams have become, and how it's about to get a lot worse. According to a recent FBI report, more than 320,000 Americans were ...
Continue Reading

Collaring the (Alleged) Leader of a BEC Gang

A joint operation by INTERPOL and the cybercrime unit of the Nigeria Police Force have concluded a yearlong investigation into the SilverTerrier business email compromise gang by ...
Continue Reading

Verizon: Ransomware Involved in 25% of Data Breaches as Credentials and Phishing are Seen as “Key Paths” for Attack Success

With the much-anticipated annual Verizon Data Breach Investigations Report finally released, we get a view of ransomware from the data breach perspective that points to a common weakness ...
Continue Reading

That’s Not Actually Elon Musk

Scammers are using deepfake videos of Elon Musk in an attempt to trick people into handing over cryptocurrency, BleepingComputer reports. The scammers set up a phony cryptocurrency ...
Continue Reading

New Scam Uses Fraud Support Social Engineering to Take Victims for Thousands of Dollars

A new scam borrows a page from the tech support scams that target older victims telling them potential fraud has been found, offering to “help” solve the issue and ultimately asking for ...
Continue Reading

Phishing Scammers Benefit from Shady SEO Practices to Rank Better Than Legitimate Domains

So-called “Black Hat SEO” services have popped up on Dark Web forums bringing advantageous search results to anyone willing to pay a small monthly fee.
Continue Reading

New IRS Phishing Scam Uses Fake Notices to Steal Microsoft 365 Credentials

Scammers use an “overdue tax bill” along with a sophisticated and obfuscated javascript-based “invoice” attachment to identify targeted victims, validate credentials, and transmit them ...
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews