Security Awareness Training Blog

Keeping You Informed. Keeping You Aware.
Stay on top of the latest in security including social engineering, ransomware and phishing attacks.

Cybercrime: FFIEC Plans To Boost Online Transaction Authentication Guidelines for US Banks

We picked this news item up from the SANS Newsbites Newsletter, Volume XIII, Issue: 8, dated January 25, 2011, entitled “U.S. Banks to Get Updated Online Authentication Guidelines.” ...
Continue Reading

Symantec Covers Top Social Networking Cyberheist Scams, Including Phishing

The Norton/Symantec “Your Security Resource” newsletter recently featured a story entitled “ Top 5 Social Media Scams” that’s worth a read-through. It talks about the kinds of scams and ...
Continue Reading

Anatomy of a Blantant Phishing Message

In earlier blogs about Phishing (especially Phishing Primer Part 1 and Part 2) we described phishing as an artful attempt to get readers to click links in e-mail, thereby opening ...
Continue Reading

Fabulous Anti-Phishing/Cybercrime News Resource

[caption id="attachment_130" align="aligncenter" width="488" caption="The banner at YourMoneyIsNotSafeInTheBank.org says it all!"] [/caption] The name of the site that provides the ...
Continue Reading

Hackers Pull A Tasty Variation on the ACH Cyberheist Technique

On January 19, PC World reported an interesting twist on an old but still favorite phishing scam called the ACH, or Automated Clearing House, scam in a story entitled "Hackers Steal ...
Continue Reading

Phishing Primer Part 2: Spotting the Lure

Last Thursday, we posted a blog entitled "Phishing Primer, Part 1;" here is Part 2 in that ongoing series of brief expositions on this fascinating subject that is also a clear and present ...
Continue Reading

FDIC Issues "Patriot Act" Phishing Scam Warning

Earlier this week on January 18, the US Federal Deposit Insurance Corporation (FDIC) issued its tenth special alert for 2011 (SA-10-2011). Its summary provides an excellent explanation ...
Continue Reading

Internet Security Awareness Training: The Enduring Value of User Education and Awareness

There’s an old saying that “If you create a system that any idiot can use, then only idiots will find it useful.” And while many companies and organizations may feel compelled to “dumb ...
Continue Reading

Internet Security Awareness Training Basics

A great many “teaching stories” from various traditions emphasize how the press of daily life, or normal human emotions, can crowd out and turn off common sense. At its core foundation, ...
Continue Reading

Phishing Primer, Part 1

Phishing takes its inspiration from the piscatorial arts, where an angler uses an attractive and perhaps even appetizing-looking or –seeming lure (well, to a fish anyway) to entice an ...
Continue Reading

Phishing for Trouble: At-work Email Behavior Can Affect the Bottom Line in Unexpected Ways

Even financial professionals can get snared at work by e-mails that purport to deal with routine, straightforward transactions. One interesting phishing scam that occurred as recently as ...
Continue Reading

Internet Security Awareness Training: KnowBe4 Is Going On The Road

KnowBe4 will be making a splash in 2011! We have several events on our calendar where you can see us and we hope to see you at several of these events where we would love to show you our ...
Continue Reading

Phish-Prone Percentage: 20%

Today we did a "Free Security Audit" with a company that wanted to test their 100+ employees. When we talked to the IT Manager and told him what simulated attack we were planning, he said ...
Continue Reading

Internet Security Awareness Training: Dynamic Content Updates - The Secret Sauce

Up to now, Security Awareness Training was static. Canned instruction sessions that could be a year old, an eternity on the Internet. Cyber criminals move fast though. Malware evolves ...
Continue Reading

Internet Security Awareness Training: 7 Reasons Why Organizations Use Online Training

7 Reasons Why Organizations Use Online Training 1. Reduce Costs - How you manage training is always about how you manage costs. 2. Access to Talent - Especially hard when it gets to ...
Continue Reading

Internet Security Awareness Training: Defense-In-Depth

What is defense-in-depth? Organizations defend their networks on each of the six levels in the graph you see. End-user Internet Security Awareness Training resides in the outer layer: ...
Continue Reading

Cybercrime and Cyberheists: How The Bad Guys Siphoned $70 Million

"The Internet is the crime scene of the 21st Century,"
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews