Security Awareness Training Blog

Keeping You Informed. Keeping You Aware.
Stay on top of the latest in security including social engineering, ransomware and phishing attacks.

You know it's going to be a long day when...

…you’re sending out emails like the below to all staff at 8 in the morning.
Continue Reading

Election-themed Phishing is Likely to Persist

The US elections have come and gone, but people should still be on the lookout for election-themed phishbait, according to Roger Kay at Inky. Emotions are still running high in the US, ...
Continue Reading

Phishing Campaign Targets COVID Vaccine Cold Supply Chain

Researchers at IBM’s X-Force have identified a phishing campaign targeting the COVID-19 vaccine “cold chain” (the part of the supply chain focused on “the safe preservation of vaccines in ...
Continue Reading

Ransomware Gangs Are Now Cold-Calling Victims If They Restore From Backups Without Paying

Catalin Cimpanu at ZDNet reported on another evil escalation in ransomware extortion tactics.  In attempts to put pressure on victims, some ransomware gangs are now cold-calling victims ...
Continue Reading

Exploits Leveraging Excel 4.0 Macros Increase as Organizations Continue to Rely on this Legacy Technology

Despite being nearly 30 years old, Excel’s very functional macro technology appears to be a little too functional, as attackers have stepped up its use to advance cyberattacks.
Continue Reading

BEC Scam Litigation Demonstrates How Your Company Can Be Out $500,000

The case of Arrow Truck Sales Inc. v. Top Quality Truck & Equipment tells a familiar tale, but provides insight into how the law interprets cases and who’s at fault.
Continue Reading

New “Back to Work” HR-Themed Phishing Scam Works to Steal Internal User Credentials

Using a fake internal memo from HR, per-user custom-named email attachments, SharePoint Online, and a realistic-looking HR form, this phishing attack has all the ingredients to trick your ...
Continue Reading

Think Tanks Targeted by APT Actors

The US Cybersecurity and Infrastructure Security Agency (CISA) and the FBI have issued a joint advisory warning that nation-state advanced persistent threat (APT) actors are targeting US ...
Continue Reading

How Are Credential-Theft Phishing Websites Avoiding Detection? They Just Invert the Website Background

Sometimes the easiest solution is the best solution. And in the case of phishing attacks intent of stealing credentials using a fake logon page, it appears that background inversion does ...
Continue Reading

Number of Phishing Websites Double and Unique Phishing Campaigns Triple in Q3

New data shows the bad guys have been working diligently to step up their game on both the front and back end of phishing attacks, despite still being mid-pandemic.
Continue Reading

Maze Ransomware Group Retires (Retires!), Leaving a Gap in the Ransomware Marketplace

The news last month of the “retirement” of Maze should be a warning to organizations wondering what ransomware will come next and how much worse will it be.
Continue Reading

[On-Demand Webinar] When the Bad Guys Hide in Plain Sight: Hacking Platforms You Know and Trust

Today’s hackers are concealing their attacks in places you wouldn’t expect… utilizing tools your users know and trust to deliver their malicious payloads. Secure email services with ...
Continue Reading

KnowBe4 Fresh Content Updates from November: Including A New Holiday Training Resource Kit

Here are important fresh content updates and new features to share with you for the month of November.
Continue Reading

Average Ransomware Payment Significantly Increases Risk

The average ransomware payout has increased by 178% over the past year, according to researchers at Atlas VPN. In Q4 2019, the payments averaged $84,000. By Q3 2020, the average payment ...
Continue Reading

[HEADS UP] FBI Warns US Companies of BEC Scammers

The Federal Bureau Investigation is issuing warnings to US companies that are taking advantage of email auto-forwarding. If successful, this would fall right into the trap of a business ...
Continue Reading

Dutch Government Sees Phishing More Than Double in 2020

In an exclusive article, the Dutch IRS gave its perspective on the cyber threat landscape in the Netherlands. December is typically one of the busiest months of the year for cybercrime ...
Continue Reading

South African Post Office Issues Warning on Postal Phishing Attack

The South African Post Office recently issued a warning about a phishing attack. The post office advised everyone to delete the email immediately.
Continue Reading

Zoom Impersonation a New Variant of Familiar Phishbait

Zoom-themed phishing attacks have spiked since the start of the pandemic, the Better Business Bureau (BBB) warns. Attackers adapted quickly earlier this year when a large portion of ...
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews