Security Awareness Training Blog

Keeping You Informed. Keeping You Aware.
Stay on top of the latest in security including social engineering, ransomware and phishing attacks.

[EYE OPENER] New EU Phishing Study Shows That Crowd-sourcing Phishing Defense Is Successful

A Swiss phishing study involving roughly 15,000 participants in a 15-month experiment produced some interesting results. The study was run by researchers at ETH Zurich, working together ...
Continue Reading

$148 Million Lost to Gift Card Scams in 2021 (So Far)

A US Federal Trade Commission (FTC) data spotlight has found that people in the US lost $148 million to gift-card-related scams in the first nine months of 2021. The spotlight also found ...
Continue Reading

NSA: Cyberattacks are Putting the “Security of our Nation” at Stake

When most see cyberattacks as something that is impactful at the organizational level, the head of the National Security Agency sees cyberattacks as being a threat to the entire nation.
Continue Reading

The Evolving State of Cyber Insurance May Indicate More Scrutiny for IT and Security Teams

The need to balance offering coverage for cyber incidents with maintaining a profit has cyber insurers rethinking how they will approach measuring insured risk and exposure.
Continue Reading

Over 1000 Arrests and $27 Million Intercepted in Massive INTERPOL Sting Operation

Bringing together specialized police units from 20 countries, Operation HAECHI-II targeted those involved in online fraud, romance scams, investment fraud and money laundering.
Continue Reading

Netflix is the Latest Impersonated Brand in Ongoing Subscriber Targeting Scams

With the increased interest in and availability of movie and TV streaming services, plenty of new scams are popping up attempting to steal personal details and credit card information.
Continue Reading

Wall Street Journal article: "Shaming Employees For Phishing is Counterproductive"

Shaming employees for falling for phishing attacks is the wrong approach, according to Dr. Karen Renaud, a chancellor’s fellow at the University of Strathclyde. In an article for the Wall ...
Continue Reading

Log4j vulnerability - KnowBe4 Not Affected

KnowBe4 is aware of the recent log4j vulnerability (CVE-2021-44228) and has been investigating this issue in-depth. We can confirm that no KnowBe4 products are affected by this at this ...
Continue Reading

Answer 4 Simple Questions To Avoid a Social Engineering Attack

I am usually not a man of a few words. I am the opposite. I write hundreds of pages a month and talk non-stop in person. But lately, I have been trying to be better at saying more with ...
Continue Reading

The Unbearable Lightness of Phishing Pages

Researchers at Kaspersky have found that most phishing pages are active for less than one day, with many of them going offline after just a few hours. Most of these short-lived pages were ...
Continue Reading

Socially Engineering Your Way to Customer Data

US telecommunications company Cox Communications has disclosed a data breach that exposed some customers’ information, BleepingComputer reports. The company said in a breach notification ...
Continue Reading

2021 Security Hints & Tips for Holiday Travels

The holiday season may be closer to "normal" this year, and that means your users will be even more focused on holiday activities - including travel. Cybercriminals will undoubtedly be ...
Continue Reading

Real Cyberattack as Phishbait for a Scammer

Scammers are exploiting a real “cyber incident” at a Riverhead New York high school to send out robocalls that claim to be coming from the local police department, RiverheadLOCAL reports.
Continue Reading

Credential-Harvesting Phishing Campaign Urges Review of Spam

Researchers at MailGuard have observed a phishing campaign that’s using phony “spam notification” emails that purport to come from Microsoft Office 365. The emails tell recipients that an ...
Continue Reading

Victims: After a Data Breach, Changing Passwords and Good Password Hygiene Remain Unimportant

New shocking data shows how unconcerned victim users are after being notified of a data breach involving their credentials, personal information, and even social media accounts.
Continue Reading

New TSA PreCheck Scam Seeks to Collect Your Personal and Credit Card Details

Doing one of the best jobs impersonating a website ever seen, this new scam attempts to take those renewing or initially signing up through a believable process that most would fall for.
Continue Reading

Half of All Organizations Have Had Employees Approached to Aid in Ransomware Attacks

Partially due to the shift to working remotely, cybercriminals are finding some resemblance of success in getting internal assistance, begging the question of what to do about it.
Continue Reading

SideCopy: How an Intelligence Service Uses Phishbait

Researchers at Malwarebytes offer more details on a spear phishing campaign run by a Pakistani threat actor that’s come to be known as “SideCopy.” The campaign was first reported by ...
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews