Security Awareness Training Blog

Keeping You Informed. Keeping You Aware.
Stay on top of the latest in security including social engineering, ransomware and phishing attacks.

Missing the Lock Icon in Chrome’s Address Bar? It’s a Move to Make You More Secure

In response to what Google calls “over trust” in the web address lock icon to indicate that a site is authentic and its’ communications are secure, they’ve swapped the lock out in an ...
Continue Reading

Underground Cyber Crime Marketplaces are Now Showing Up on the Open Web

Marketplaces such as OLVX are shifting from the dark web to the open web to take advantage of traditional web services to assist in marketing to and providing access to new customers.
Continue Reading

Interest in AI-Generated ‘Undressing’ Increases 2000% as it Becomes a Mainstream Online Business

The advent of non-consensual intimate imagery (NCII) as a monetized business on the Internet has shifted pornography into the realm of undressing anyone you like.
Continue Reading

Cancer Center Patients Become Attempted Victims of Data Extortion

Cybercriminals of the lowest kind breached as many as 800,000 patients and then sent emails threatening to sell their data if they didn’t pay a fee to block it from selling.
Continue Reading

“Mr. Anon” Infostealer Attacks Start with a Fake Hotel Booking Query Email

This new attack is pretty simple to spot on the front, but should it be successful in launching its’ malicious code, it’s going to take its victims for everything of value they have on ...
Continue Reading

New Remote “Job” Scam Tells Victims They'll Get Paid For Liking YouTube Videos

Researchers at Bitdefender warn that scammers are tricking victims with fake remote job opportunities. In this case, the scammers tell victims that they’ll get paid for liking YouTube ...
Continue Reading

Holiday Scams Include Thousands of Impersonation Phishing Domains per Brand

Midstride in this year’s holiday shopping, it’s important to realize just how many websites exist that impersonate legitimate online retailers. More importantly, your users need to know ...
Continue Reading

Unique Malware Used in Cyber Attacks Increases by 70% in Just One Quarter

As more cybercriminal gangs continue to enter the game, the massive increase in unique types of malware means it will become increasingly difficult to identify and stop attacks.
Continue Reading

[IRS Alert] Three Tips To Protect Against Tax Season Refund Scams

Urging taxpayers and tax professionals to be vigilant, the Internal Revenue Service (IRS) provides some simple guidance on how to spot new scams aimed at being able to file fake tax ...
Continue Reading

Why Security Awareness Training Is Effective in Reducing Cybersecurity Risk

Security awareness training (SAT) works! A well-designed security awareness training campaign will significantly reduce cybersecurity risk.
Continue Reading

Brand New BazarCall Phishing Campaign Abuses Google Forms

A new BazarCall phishing campaign is using Google Forms to send phony invoices, according to researchers at Abnormal Security.
Continue Reading

As the Holiday Season Ramps Up, So Do Scams Impersonating the U.S. Postal Service

Taking traditional “delayed package” scams up a notch, new phishing and smishing attack campaigns are leveraging freemium DNS services to avoid detection by security solutions.
Continue Reading

Phishing Is Still the No. 1 Attack Vector, With Huge 144% Malicious URL Spike

Analysis of nearly a year’s worth of emails brings insight into exactly what kinds of malicious content are being used, who’s being impersonated, and who’s being targeted.
Continue Reading

Undercover Threat: North Korean Operatives Infiltrate U.S. Companies Through Job Platforms

Researchers at Nisos warn that North Korean threat actors are impersonating skilled job seekers in order to obtain remote employment at US companies.
Continue Reading

How To Fight Long-Game Social Engineering

CISA sent out a warning about a Russian advanced persistent threat (APT) called Star Blizzard warning about their long-game social engineering tactics.
Continue Reading

Russia Weaponizes Israel-Hamas Conflict in Targeted Phishing Attack

Researchers at IBM X-Force are tracking a phishing campaign that’s using themes related to the Israel-Hamas war to deliver Headlace, a backdoor exclusively used by the suspected Russian ...
Continue Reading

Who's Calling? Spam, Scams and Wasted Time

First ever insight into those annoying spam calls provides enlightening detail into how many calls are there, where are they coming from, and how much time is wasted dealing with them.
Continue Reading

Unwrapping the Threat: AI-Powered Phishing Attacks Take Center Stage in 2023 Holidays

As the holiday season approaches, so does the annual surge in online shopping and holiday package tracking. Unfortunately, this joyous time has also become a prime hunting ground for ...
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews