Security Awareness Training Blog

Keeping You Informed. Keeping You Aware.
Stay on top of the latest in security including social engineering, ransomware and phishing attacks.

Phishing for Student Email Accounts

University student accounts are being exploited for business email compromise. Researchers at Avanan have observed a rise in attacks that compromise legitimate college student accounts in ...
Continue Reading

BazarCall Expands Callback Phishing Campaigns to Include More Support Sites and Malicious Tactics

The king of callback phishing campaigns has evolved their methods to include better phishing emails, phone call scams, and final payloads to ensure they achieve their malicious goals.
Continue Reading

New Credential Harvesting Scam Impersonates Google Translate to Trick Victims

In an interesting twist, this latest scam identified by security researchers at Avanan attempts to establish legitimacy by making the victim think the logon page is being translated.
Continue Reading

[INFOGRAPHIC] 10 Tips for Running a Successful Compliance Training Program

Compliance training is often seen as a chore that organizations need to just get through. That said, compliance cannot simply be ignored. A recent report from software firm GlobalScape ...
Continue Reading

New Phishing Attack Attempts to Steal Social Security Numbers

A phishing campaign is impersonating the US Social Security Administration (SSA) in an attempt to steal Social Security numbers, according to researchers at INKY.
Continue Reading

Phishing Targets US Election Workers

Researchers at Trellix warn of phishing attacks targeting election workers in advance of the US midterm elections. These attacks spiked ahead of the primary elections in Arizona and ...
Continue Reading

Scary Metaverse - Cybersecurity Risk Implications

The Metaverse, while still mostly a concept at the moment, consists of the possibilities that arise when you combine the advances and affordability in extended reality (XR) space with the ...
Continue Reading

New COVID-19 Phishing Wave Misuses Google Forms to Steal Victim Information

This new credential harvesting scam impersonates a real U.S. Government COVID-related grant program to harvest credentials and personal details using a blatantly obvious Google form.
Continue Reading

91% of Organizations are Concerned About Ransomware Attacks in 2022

With ransomware attacks becoming more frequent, evasion getting more sophisticated, and ransoms increasing, new data shows organizations aren’t fighting for staff and budget.
Continue Reading

[HEADS UP] South African Post Office Sends Warning of Targeted Phishing Attacks

The South Africa Post Office (SAPO) recently warned customers of phishing emails to portray the post office. These cybercriminals are asking for outstanding customs fees that require ...
Continue Reading

WSJ: "Cybersecurity Tops the CIO Agenda as Threats Continue to Escalate"

Steven Rosenbush at the WSJ reported: "Chief information officers say cybersecurity once again will be their top investment priority in 2023, a sign of how companies are racing to manage ...
Continue Reading

Name-and-Shame Scams on Discord

Scammers are sending Discord messages with phony accusations to trick users into clicking on phishing links, according to Shan Abdul at MakeUseOf. The messages are sent from compromised ...
Continue Reading

How To Stop Job Scams

I am reading and hearing about a ton of job scams these days. So many, I wondered how anyone could get a real job or employee, especially in these days of often full-time, work-from-home ...
Continue Reading

Sloppy but Dangerous: Fake Ransomware

Conventional ransomware encrypts the victims’ files and holds them hostage, unavailable to their owners, promising to provide a decryptor once the victims pay the ransom. In some cases ...
Continue Reading

Cyberattacks are the biggest risk to the UK financial system – Bank of England research

Cyberattacks are the biggest risk to the UK financial system, according to new research from the Bank of England.
Continue Reading

New Phishing Campaign Uses Office Docs to Install Cobalt Strike Beacon

Under the guise of determining applicant eligibility for a U.S. federal government job, this latest phishing attack plants the seed for a future attack on the victim organization.
Continue Reading

Cyber-Zombie Apocalypse: Ransomware Gangs Continue to Come Back from the Dead

With ransomware gangs making so much money and then dropping off the face of the earth, what’s the motivation to come back to life and potentially risk getting caught?
Continue Reading

German Hackers Arrested for Stealing €4 Million in 7-Month Banking Phishing Scams

The recent arrest demonstrates how very small and unsophisticated a cybercriminal team can be to launch a very successful phishing campaign that takes victims for millions.
Continue Reading

Small Business Grants as Phishbait

INKY has published a report on the use of small business grants as phishing lures. Scammers are impersonating the US Small Business Administration (SBA) to distribute phony grant ...
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews