Security Awareness Training Blog

Keeping You Informed. Keeping You Aware.
Stay on top of the latest in security including social engineering, ransomware and phishing attacks.

Hard Lessons From Romance Scams

Seeing as this week is Valentine’s Day, I should have written something about rom coms, true love, and trusting your heart more. But this is not one of those posts. This post is about ...
Continue Reading

Security Teams Spend 71 Hours Responding to Every One Hour in a Cyber Attack

New data sheds light on what kinds of cyber attacks are targeting your cybersecurity team, what it’s costing them, why it’s taking so much time to fix, and where you should focus ...
Continue Reading

Americans Lose a Record $10 Billion to Fraud in 2023; Mostly Due To Investment Scams

The US Federal Trade Commission (FTC) has disclosed that people in the United States lost a record $10 billion to fraud in 2023, a 14% increase from 2022. Nearly half of the losses were ...
Continue Reading

Browser-Based Phishing Attacks Increase 198%, With Evasive Attacks Increasing 206%

A new report shows massive increases in browser attacks in the second half of 2023, with over 31,000 threats specifically designed to bypass security solution detection.
Continue Reading

Calculating Materiality for SEC Rule 1.05

The U.S. Securities and Exchange Commission (SEC), through a new requirement of Item 1.05 of the 8-K, requires that all regulated companies report significant cybersecurity breaches ...
Continue Reading

Cybersecurity Resiliency and Your Board of Directors

Growing cybersecurity threats, especially ransomware attacks, and the Securities and Exchange Commission’s (SEC) recent rules have made having a cybersecurity-aware Board of Directors ...
Continue Reading

Watch Out For Valentine’s Day Romance Scams

Users should be wary of online romance scams ahead of Valentine’s Day, according to Imogen Byers at ESET. While in the past these scams could often be thwarted by using reverse image ...
Continue Reading

Unprecedented Rise of Malvertising as a Precursor to Ransomware

Cybercriminals increasingly used malvertising to gain initial access to victims’ networks in 2023, according to Malwarebytes’s latest State of Malware report.
Continue Reading

81% of Organizations Cite Phishing as the Top Security Risk

Organizations are finally dialing in on where they need to focus their cybersecurity strategies, starting with phishing. But the top four cited security risks all have one element in ...
Continue Reading

Chinese Hackers Spy on Dutch Ministry of Defense: A Story of Alarming Cyber Espionage

In a revelation that adds yet another chapter to the ongoing saga of international cybersecurity threats, the Dutch Ministry of Defense recently shed light on a significant security ...
Continue Reading

[On-Demand Webinar] How to Fight Long-Game Social Engineering Attacks

Sophisticated cybercriminals are playing the long game. Unlike the typical hit-and-run cyber attacks, they build trust before laying their traps. They create a story so believable and ...
Continue Reading

Synthetic Data: The New Frontier in Cyber Extortion

Organizations are increasingly facing cyber attacks resulting in data breaches, and part of their post-incident responsibilities includes adhering to mandatory reporting requirements.
Continue Reading

Generative AI Used to Launch Phishing Attacks

Criminal threat actors are increasingly utilizing generative AI tools like ChatGPT to launch social engineering attacks, according to researchers at Check Point.
Continue Reading

Fake “I Can’t Believe He’s Gone” Posts Seek to Steal Facebook Credentials

A new scam relies on a victim's sense of curiosity, brand impersonation, and the hopes of a new login to compromise Facebook credentials.
Continue Reading

New Phishing-As-A-Service Kit with Ability to Bypass MFA Targets Microsoft 365 Accounts

A phishing-as-a-service platform called “Greatness” is facilitating phishing attacks against Microsoft 365 accounts, according to researchers at Sucuri.
Continue Reading

Social Engineering Masterstroke: How Deepfake CFO Duped a Firm out of $25 Million

Check out this one line for a moment...“duped into attending a video call with what he thought were several other members of staff, but all of whom were in fact deepfake recreations.”
Continue Reading

Vendor Email Compromise Attacks Against Financial Services Surge 137% Last Year

Analysis of 2023 attacks shows how the financial services industry had a very bad year, with increases in both vendor email compromise (VEC) and business email compromise (BEC) attacks, ...
Continue Reading

Microsoft Teams: The New Phishing Battlefront - How Attackers Are Exploiting Trusted Platforms

Attackers are abusing Microsoft Teams to send phishing messages, according to researchers at AT&T Cybersecurity.
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews