Security Awareness Training Blog

Keeping You Informed. Keeping You Aware.
Stay on top of the latest in security including social engineering, ransomware and phishing attacks.

View Topics

You know it's going to be a long day when...

Dec 8, 2020 1:22:27 PM By Stu Sjouwerman
…you’re sending out emails like the below to all staff at 8 in the morning.
Continue Reading

CyberheistNews Vol 10 #50 [Scam of the Week] Warn Your Employees About New Zoom Phishing Attacks

Dec 8, 2020 9:38:50 AM By Stu Sjouwerman
Continue Reading

Election-themed Phishing is Likely to Persist

Dec 8, 2020 8:47:24 AM By Stu Sjouwerman
The US elections have come and gone, but people should still be on the lookout for election-themed phishbait, according to Roger Kay at Inky. Emotions are still running high in the US, ...
Continue Reading

Phishing Campaign Targets COVID Vaccine Cold Supply Chain

Dec 5, 2020 10:50:50 AM By Stu Sjouwerman
Researchers at IBM’s X-Force have identified a phishing campaign targeting the COVID-19 vaccine “cold chain” (the part of the supply chain focused on “the safe preservation of vaccines in ...
Continue Reading

Ransomware Gangs Are Now Cold-Calling Victims If They Restore From Backups Without Paying

Dec 5, 2020 10:16:20 AM By Stu Sjouwerman
Catalin Cimpanu at ZDNet reported on another evil escalation in ransomware extortion tactics.  In attempts to put pressure on victims, some ransomware gangs are now cold-calling victims ...
Continue Reading

Exploits Leveraging Excel 4.0 Macros Increase as Organizations Continue to Rely on this Legacy Technology

Dec 4, 2020 11:12:56 AM By Stu Sjouwerman
Despite being nearly 30 years old, Excel’s very functional macro technology appears to be a little too functional, as attackers have stepped up its use to advance cyberattacks.
Continue Reading

BEC Scam Litigation Demonstrates How Your Company Can Be Out $500,000

Dec 4, 2020 11:12:30 AM By Stu Sjouwerman
The case of Arrow Truck Sales Inc. v. Top Quality Truck & Equipment tells a familiar tale, but provides insight into how the law interprets cases and who’s at fault.
Continue Reading

New “Back to Work” HR-Themed Phishing Scam Works to Steal Internal User Credentials

Dec 4, 2020 11:11:11 AM By Stu Sjouwerman
Using a fake internal memo from HR, per-user custom-named email attachments, SharePoint Online, and a realistic-looking HR form, this phishing attack has all the ingredients to trick your ...
Continue Reading

Think Tanks Targeted by APT Actors

Dec 3, 2020 8:28:48 AM By Stu Sjouwerman
The US Cybersecurity and Infrastructure Security Agency (CISA) and the FBI have issued a joint advisory warning that nation-state advanced persistent threat (APT) actors are targeting US ...
Continue Reading

How Are Credential-Theft Phishing Websites Avoiding Detection? They Just Invert the Website Background

Dec 3, 2020 8:21:40 AM By Stu Sjouwerman
Sometimes the easiest solution is the best solution. And in the case of phishing attacks intent of stealing credentials using a fake logon page, it appears that background inversion does ...
Continue Reading

Number of Phishing Websites Double and Unique Phishing Campaigns Triple in Q3

Dec 3, 2020 8:19:09 AM By Stu Sjouwerman
New data shows the bad guys have been working diligently to step up their game on both the front and back end of phishing attacks, despite still being mid-pandemic.
Continue Reading

Maze Ransomware Group Retires (Retires!), Leaving a Gap in the Ransomware Marketplace

Dec 3, 2020 8:16:06 AM By Stu Sjouwerman
The news last month of the “retirement” of Maze should be a warning to organizations wondering what ransomware will come next and how much worse will it be.
Continue Reading

[On-Demand Webinar] When the Bad Guys Hide in Plain Sight: Hacking Platforms You Know and Trust

Dec 3, 2020 8:15:00 AM By Stu Sjouwerman
Today’s hackers are concealing their attacks in places you wouldn’t expect… utilizing tools your users know and trust to deliver their malicious payloads. Secure email services with ...
Continue Reading

KnowBe4 Fresh Content Updates from November: Including A New Holiday Training Resource Kit

Dec 3, 2020 8:00:00 AM By Stu Sjouwerman
Here are important fresh content updates and new features to share with you for the month of November.
Continue Reading

Average Ransomware Payment Significantly Increases Risk

Dec 2, 2020 11:05:57 AM By Stu Sjouwerman
The average ransomware payout has increased by 178% over the past year, according to researchers at Atlas VPN. In Q4 2019, the payments averaged $84,000. By Q3 2020, the average payment ...
Continue Reading

[HEADS UP] FBI Warns US Companies of BEC Scammers

Dec 1, 2020 1:49:29 PM By Stu Sjouwerman
The Federal Bureau Investigation is issuing warnings to US companies that are taking advantage of email auto-forwarding. If successful, this would fall right into the trap of a business ...
Continue Reading

Dutch Government Sees Phishing More Than Double in 2020

Dec 1, 2020 1:48:47 PM By Jelle Wieringa
In an exclusive article, the Dutch IRS gave its perspective on the cyber threat landscape in the Netherlands. December is typically one of the busiest months of the year for cybercrime ...
Continue Reading

South African Post Office Issues Warning on Postal Phishing Attack

Dec 1, 2020 11:51:55 AM By Stu Sjouwerman
The South African Post Office recently issued a warning about a phishing attack. The post office advised everyone to delete the email immediately.
Continue Reading

CyberheistNews Vol 10 #49 [Eye Opener] How Many Phishing Sites? A Whopping 2 Million in 2020 So Far

Dec 1, 2020 9:34:39 AM By Stu Sjouwerman
Continue Reading

Zoom Impersonation a New Variant of Familiar Phishbait

Dec 1, 2020 8:23:31 AM By Stu Sjouwerman
Zoom-themed phishing attacks have spiked since the start of the pandemic, the Better Business Bureau (BBB) warns. Attackers adapted quickly earlier this year when a large portion of ...
Continue Reading
Subscribe

Search Our Blog


Ransomware Hostage Rescue Manual

Subscribe To Our Blog

Posts By Topic

View all

Get the latest about social engineering

Subscribe to CyberheistNews