Security Awareness Training Blog

Keeping You Informed. Keeping You Aware.
Stay on top of the latest in security including social engineering, ransomware and phishing attacks.

View Topics

Phishing for Student Email Accounts

Oct 24, 2022 9:23:57 AM By Stu Sjouwerman
University student accounts are being exploited for business email compromise. Researchers at Avanan have observed a rise in attacks that compromise legitimate college student accounts in ...
Continue Reading

BazarCall Expands Callback Phishing Campaigns to Include More Support Sites and Malicious Tactics

Oct 21, 2022 1:59:44 PM By Stu Sjouwerman
The king of callback phishing campaigns has evolved their methods to include better phishing emails, phone call scams, and final payloads to ensure they achieve their malicious goals.
Continue Reading

New Credential Harvesting Scam Impersonates Google Translate to Trick Victims

Oct 21, 2022 1:59:35 PM By Stu Sjouwerman
In an interesting twist, this latest scam identified by security researchers at Avanan attempts to establish legitimacy by making the victim think the logon page is being translated.
Continue Reading

[INFOGRAPHIC] 10 Tips for Running a Successful Compliance Training Program

Oct 20, 2022 9:46:34 AM By Stu Sjouwerman
Compliance training is often seen as a chore that organizations need to just get through. That said, compliance cannot simply be ignored. A recent report from software firm GlobalScape ...
Continue Reading

New Phishing Attack Attempts to Steal Social Security Numbers

Oct 20, 2022 8:54:27 AM By Stu Sjouwerman
A phishing campaign is impersonating the US Social Security Administration (SSA) in an attempt to steal Social Security numbers, according to researchers at INKY.
Continue Reading

Phishing Targets US Election Workers

Oct 19, 2022 2:24:49 PM By Stu Sjouwerman
Researchers at Trellix warn of phishing attacks targeting election workers in advance of the US midterm elections. These attacks spiked ahead of the primary elections in Arizona and ...
Continue Reading

Scary Metaverse - Cybersecurity Risk Implications

Oct 19, 2022 8:51:27 AM By Anna Collard
The Metaverse, while still mostly a concept at the moment, consists of the possibilities that arise when you combine the advances and affordability in extended reality (XR) space with the ...
Continue Reading

New COVID-19 Phishing Wave Misuses Google Forms to Steal Victim Information

Oct 18, 2022 2:41:20 PM By Stu Sjouwerman
This new credential harvesting scam impersonates a real U.S. Government COVID-related grant program to harvest credentials and personal details using a blatantly obvious Google form.
Continue Reading

91% of Organizations are Concerned About Ransomware Attacks in 2022

Oct 18, 2022 2:41:17 PM By Stu Sjouwerman
With ransomware attacks becoming more frequent, evasion getting more sophisticated, and ransoms increasing, new data shows organizations aren’t fighting for staff and budget.
Continue Reading

[HEADS UP] South African Post Office Sends Warning of Targeted Phishing Attacks

Oct 18, 2022 1:31:01 PM By Stu Sjouwerman
The South Africa Post Office (SAPO) recently warned customers of phishing emails to portray the post office. These cybercriminals are asking for outstanding customs fees that require ...
Continue Reading

WSJ: "Cybersecurity Tops the CIO Agenda as Threats Continue to Escalate"

Oct 18, 2022 10:42:39 AM By Stu Sjouwerman
Steven Rosenbush at the WSJ reported: "Chief information officers say cybersecurity once again will be their top investment priority in 2023, a sign of how companies are racing to manage ...
Continue Reading

Name-and-Shame Scams on Discord

Oct 18, 2022 10:05:18 AM By Stu Sjouwerman
Scammers are sending Discord messages with phony accusations to trick users into clicking on phishing links, according to Shan Abdul at MakeUseOf. The messages are sent from compromised ...
Continue Reading

CyberheistNews Vol 12 #42 [Heads Up] Almost 19% of Phishing Emails Bypass Microsoft Defender

Oct 18, 2022 9:30:00 AM By Stu Sjouwerman
Continue Reading

How To Stop Job Scams

Oct 17, 2022 4:01:57 PM By Roger Grimes
I am reading and hearing about a ton of job scams these days. So many, I wondered how anyone could get a real job or employee, especially in these days of often full-time, work-from-home ...
Continue Reading

Sloppy but Dangerous: Fake Ransomware

Oct 17, 2022 8:34:05 AM By Stu Sjouwerman
Conventional ransomware encrypts the victims’ files and holds them hostage, unavailable to their owners, promising to provide a decryptor once the victims pay the ransom. In some cases ...
Continue Reading

Cyberattacks are the biggest risk to the UK financial system – Bank of England research

Oct 15, 2022 9:38:11 AM By Stu Sjouwerman
Cyberattacks are the biggest risk to the UK financial system, according to new research from the Bank of England.
Continue Reading

New Phishing Campaign Uses Office Docs to Install Cobalt Strike Beacon

Oct 14, 2022 9:03:08 AM By Stu Sjouwerman
Under the guise of determining applicant eligibility for a U.S. federal government job, this latest phishing attack plants the seed for a future attack on the victim organization.
Continue Reading

Cyber-Zombie Apocalypse: Ransomware Gangs Continue to Come Back from the Dead

Oct 14, 2022 9:03:02 AM By Stu Sjouwerman
With ransomware gangs making so much money and then dropping off the face of the earth, what’s the motivation to come back to life and potentially risk getting caught?
Continue Reading

German Hackers Arrested for Stealing €4 Million in 7-Month Banking Phishing Scams

Oct 14, 2022 9:02:56 AM By Stu Sjouwerman
The recent arrest demonstrates how very small and unsophisticated a cybercriminal team can be to launch a very successful phishing campaign that takes victims for millions.
Continue Reading

Small Business Grants as Phishbait

Oct 13, 2022 9:10:04 AM By Stu Sjouwerman
INKY has published a report on the use of small business grants as phishing lures. Scammers are impersonating the US Small Business Administration (SBA) to distribute phony grant ...
Continue Reading
Subscribe

Search Our Blog


Ransomware Hostage Rescue Manual

Subscribe To Our Blog

Posts By Topic

View all

Get the latest about social engineering

Subscribe to CyberheistNews