Security Awareness Training Blog

Keeping You Informed. Keeping You Aware.
Stay on top of the latest in security including social engineering, ransomware and phishing attacks.

Rustock Botnet Cybercrime Takedown, Thanks to MS-Led Multi-Party Effort

The infamous Rustock botnet, estimated by some parties to be responsible for between 30 and 50 percent of all the spam in the world—up to 30 BILLION items per day—has been taken down. ...
Continue Reading

Symantec's Latest 'State of Spam & Phishing' Report

Report #51 from Symantec, the "State of Spam & Phishing" for March 2011 is out. From the phishing side, the news is grim but not unexpected. Phishing is up 38.56% for the month, ...
Continue Reading

M86 Security Documents Clever New HTML-based Phishing Scam

In the ongoing game of cops-and-robbers that network security so often involves, the cops have recently upped the ante on phishing detection in modern Web browsers. These days browsers ...
Continue Reading

APWG Website Is a Great Anti-Phishing Resource

Continue Reading

Online Bank Cyberheists Reach Higher and "Restoration of Lost Funds"

The insurance industry trade Web site insuranceheadlines.com recently republished a fascinating story from Bloomberg dated June 18, 2010. It's entitled "Banking's big dilemma: How to stop ...
Continue Reading

Cybercrime: M86 Security Creates Security Suite for SMBs

Internet threat management company M86 Security recently announced a brand-new small business security suite that promises to help small businesses get a workable handle on their security ...
Continue Reading

Phishing: Malware Infected Web Sites Experience Explosive Growth

Heh! Heh! We're not sure if we were alarmed by the content in this recent CrunchGear blog post, or captivated by the cute "malweb critter" used to give the story a little visual interest ...
Continue Reading

Cybercrime: Beware of Fake IRS "Instant Return" or "Direct Deposit" Scams

This is a a good news/bad news blog. The good news is that because April 15 falls on a Friday this year, the filing deadline has been extended until April 18. The bad news is with tax ...
Continue Reading

DNS Cyberheist Hijack Prompts Credit Card Credential and Other Compromises

An interesting tidbit has emerged from the eCrime Trends Report for Q4-2010 from online security firm Internet Identity (aka IID). Over the Christmas holidays, an online payment ...
Continue Reading

Two New Cyberheist Spyware Programs Can Infect Android Phones

According to this story at CSOOnline. com (" More Mobile Spyware Hits Android"), security software firm NetQin Mobile, Inc. has captured a pair of new spyware programs from the wild that ...
Continue Reading

Cybercrime: IC3 2010 Annual Report on Internet Crime Hits the Web

[caption id="attachment_343" align="aligncenter" width="300" caption="The latest IC3 Internet Crime Report makes for interesting reading"] [/caption] Last week, the Internet Crime ...
Continue Reading

Cybercrime is here to stay...

In a recent story for PC World, veteran security writer (and former About.com security guru) Tony Bradley's headline says it all " Cybercrime: A Recession-Proof Growth Industry." In that ...
Continue Reading

SmartPhones Increasingly Targeted for Cybercrime, Spam and Attack

In its most recent Threats Report for Q4 2010 (.PDF), network security company McAfee points out what they call "a steady growth of threats to mobile platforms," with smartphones ...
Continue Reading

Cyberheist: Another Bank Suit Seeks to Recover from Security Issues

[caption id="attachment_334" align="aligncenter" width="444" caption="Story Header from YourMoneyIsNotSafeInTheBank.org"] [/caption] As reported on YourMoneyIsNotSafeInTheBank.org, ...
Continue Reading

FFIEC Rewrites Its Rules For Banks to Enhance Security, Prevent Cyberheist

The latest edition of the "Your Money Is Not Safe In The Bank" newsletter (sign up on their home page) takes a look at the new authentication guidelines about to be issued from the ...
Continue Reading

Phishing: Further Ruminations on Whaling Attacks

In phishing terms, whaling means applying phishing attacks to "big fish"--namely, corporate executives, public figures, celebrities, and, of course, very wealthy persons. We've been ...
Continue Reading

Cyberheist Snippet 4: More on Trusteer Rapport

As we mentioned in Cyberheist Snippet 1, 2, and 3, we're working on a book here at KnowBe4.com, and it features Cyberheist as the first word in its title. Here's a fourth snippet from the ...
Continue Reading

Cyberheist Snippet 3: Spear-Phishing Definition

As we mentioned in Cyberheist Snippet 1 and Cyberheist Snippet 2, we're working on a book here at KnowBe4.com, and it features Cyberheist as the first word in its title. Here's a third ...
Continue Reading

Cyberheist: The Real Bite in Company Suits Against Banks for Negligence

As we've mentioned repeatedly in this blog, the FDIC does not insure SMBs against losses to fraudulent account access the same way that it covers individual bank accounts. This has left ...
Continue Reading

Cyberheist Theft of Carbon Credits Shows Just How Far Cyberthieves Will Go!

We read with great interest in a recent edition of The Economist about the theft of carbon emission credits through the Emissions Trading Scheme (ETS), a market overseen by the European ...
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews