Security Awareness Training Blog

Keeping You Informed. Keeping You Aware.
Stay on top of the latest in security including social engineering, ransomware and phishing attacks.

View Topics

5 Notable Obscure Phishing Scams

Dec 29, 2021 11:01:12 AM By Roger Grimes
I love that KnowBe4’s customers are among the most knowledgeable and educated people in the world in avoiding phishing scams. KnowBe4’s products help its customers to educate and test ...
Continue Reading

Conti Ransomware Affiliate Attacks Australian Utilities Giant's Corporate Network

Dec 29, 2021 11:01:00 AM By Stu Sjouwerman
While news reports indicate no impact to the utilities company’s ability to deliver electricity to its’ customers, this could be the start of attacks on critical infrastructure in ...
Continue Reading

Google Takes a Step Towards Reducing the Use of Calendar Invitations as Phishing Tools

Dec 29, 2021 11:00:50 AM By Stu Sjouwerman
Doing their part, Google adds new functionality that defaults to automatically adding Google-based calendar invites to a victim’s calendar to lower the malicious value of an invite.
Continue Reading

CyberheistNews Vol 11 #51 [Heads Up] Phishing Attacks Remain the Top Type of Cybersecurity Breach This Year

Dec 29, 2021 9:36:00 AM By Stu Sjouwerman
Continue Reading

West Virginia Healthcare Breach Traced to Phishing

Dec 28, 2021 1:28:54 PM By Stu Sjouwerman
Monongalia Health System in West Virginia has disclosed a data breach that exposed sensitive patient and employee information.
Continue Reading

[Eye Opener] New Phishing Research Shows 37% of Sites Had More Than a Day Downtime

Dec 28, 2021 11:19:30 AM By Stu Sjouwerman
More than half (55%) of phishing attacks target IT departments, according to research commissioned by OpenText. Additionally, nearly half of survey respondents said they had fallen for a ...
Continue Reading

New Nigerian Phishing Scams Target U.S. Military Families with Needed “Services”

Dec 23, 2021 4:17:23 PM By Stu Sjouwerman
With loved ones potentially a half a world away, scammers prey on families with scams that offer to assist with communication, care packages, leave, and more.
Continue Reading

Office 365 “Spam Notification” Phishing Emails Seek to Capture Credentials

Dec 23, 2021 4:17:00 PM By Stu Sjouwerman
A new campaign spotted in the wild uses a tried-and-true method of convincing victims to provide their Office 365 logon credentials to be used in future attacks.
Continue Reading

U.K. Workers Aren’t Concerned about Company Cybersecurity Despite 60% Having Been Victims of a Cyberattack

Dec 23, 2021 12:07:22 PM By Stu Sjouwerman
New data shows a huge disparity between the likelihood of cyberattack against U.K. organizations and their employee’s cybersecurity awareness and vigilance.
Continue Reading

One-Third of Phishing Pages Are Inactive After Just One Day

Dec 23, 2021 11:39:19 AM By Stu Sjouwerman
We’ve always known phishing scammers work very quickly, moving from campaign to campaign, but new data indicates some scammers are moving on in terms of literally hours.
Continue Reading

Canadian Government Urges Organizations to Take Additional Steps to Protect Against Ransomware Attacks

Dec 23, 2021 11:38:50 AM By Stu Sjouwerman
Citing upticks in attacks, Canada’s Centre for Cyber Security asks organizations to step up protective measures, offering guidance and a playbook to improve security.
Continue Reading

Having an Efficient Security Awareness Training Program

Dec 23, 2021 9:06:46 AM By Roger Grimes
I love that KnowBe4’s customers are among the most knowledgeable and educated people in the world in avoiding phishing scams. KnowBe4’s products help its customers to educate and test ...
Continue Reading

With KnowBe4’s Phish Alert Button, You Can Now Collect Feedback from Your Users When They Report Suspicious Emails

Dec 21, 2021 11:51:13 AM By Stu Sjouwerman
We are excited to announce the availability of KnowBe4’s enhanced Phish Alert Button for Microsoft 365 with the new User Comments feature! 
Continue Reading

Phishing Campaign Impersonates Pfizer

Dec 21, 2021 10:20:31 AM By Stu Sjouwerman
A phishing campaign is impersonating Pfizer with phony request-for-quotation (RFQ) emails, according to Roger Kay at INKY. The email lures had fairly convincing PDF attachments that ...
Continue Reading

CyberheistNews Vol 11 #50 [EYE OPENER] New EU Phishing Study Shows That Crowd-sourcing Phishing Defense Is Successful

Dec 21, 2021 9:20:08 AM By Stu Sjouwerman
Continue Reading

Phishing Remains Top Form of Cybersecurity Breach in 2021

Dec 20, 2021 3:14:15 PM By Stu Sjouwerman
Over half of organizations say they’ve experienced a cybersecurity breach caused by phishing in the last 12 months, dwarfing the second-place breach cause (malware) by almost 30%.
Continue Reading

Double Extortion Ransomware Attacks That Publish Victim Data Increase 935%

Dec 20, 2021 3:13:47 PM By Stu Sjouwerman
According to new data, the number of victim companies impacted by double extortion has jumped from 229 by the first half of 2020 to nearly 2400 by the first half of 2021.
Continue Reading

Embedded Email Attacks Are on the Rise and Aren’t Being Detected by Security Solutions

Dec 20, 2021 3:13:11 PM By Stu Sjouwerman
This classic tactic is making a comeback and is elegantly simple to execute, yet sufficiently complex enough to keep email scanning solutions from seeing it as malicious.
Continue Reading

Spam Calling Rates Spike Globally

Dec 20, 2021 11:56:12 AM By Stu Sjouwerman
Spam calls in the US spiked in October, according to Truecaller’s annual Global Spam Report. The report observed that Truecaller customers in the US received 3,115,861 spam calls in ...
Continue Reading

Whitelisting On Known Headers Not Recommended

Dec 20, 2021 10:53:58 AM By Stu Sjouwerman
We found a discussion on Twitter about this topic and we thought it would be useful to provide to provide the correct technical background related to whitelisting. 
Continue Reading
Subscribe

Search Our Blog


Ransomware Hostage Rescue Manual

Subscribe To Our Blog

Posts By Topic

View all

Get the latest about social engineering

Subscribe to CyberheistNews