Security Awareness Training Blog

Keeping You Informed. Keeping You Aware.
Stay on top of the latest in security including social engineering, ransomware and phishing attacks.

KnowBe4 2019 Security Threats and Trends Report – October 2019

Executive Summary The yearly, independent, KnowBe4 2019 Security Threats and Trends Survey polled 600 organizations worldwide mid-2019 on the major security issues they will face in the ...
Continue Reading

Don't Let Your Users Download Malicious Chrome Extensions

Here's a relatively "innocent" example of this risk. The ‘AdBlock’ and ‘uBlock’ look just like legitimate Chrome extensions but instead engage in cookie stuffing to defraud affiliate ...
Continue Reading

Less Than a Third of Small Businesses Deliver Annual Cybersecurity Training

Only 31% of employees receive annual cybersecurity training, Chubb’s Third Annual Cyber Report has found. According to Small Business Trends, the report shows that employees’ perception ...
Continue Reading

Disgusting Fake Employment Site Targets Veterans And Installs Remote Access Trojan

Just when you think they could not sink any lower, you see something like this. A fake website pretending to be an organization that offers job opportunities for U.S. veterans is ...
Continue Reading

A Short, Very Useful Guide to Social Engineering

Knowing how to identify indicators of social engineering can alert you when someone tries to manipulate you, according to Roger A. Grimes, KnowBe4’s Data-Driven Defense Evangelist. In an ...
Continue Reading

No, Really, They're Just Not That Into You

There are numerous ways to check the authenticity of someone on a dating site so you don’t fall for a romance scam, according to HackRead. You should always be cautious when interacting ...
Continue Reading

The Emotet Trojan Botnet is Back in Business

The Emotet botnet is up and running again after four months of inactivity, according to Ars Technica. Multiple security firms have reported seeing phishing emails delivering the malware ...
Continue Reading

Massive phishing wave of account hijacks hits YouTube creators

Over the past few days, a massive wave of account hijacks has hit YouTube users, and especially creators in the auto-tuning and car review community, a ZDNet investigation discovered ...
Continue Reading

PDF Phishing Attacks Using Microsoft OneDrive Surge Nearly 200%

Scammers use a mixture of familiar brand, unsuspecting users, legitimate document types and locations, and credential harvesting in this attack aimed at getting into your Office 365.
Continue Reading

CEO Fraud Attacks Now Use Deepfake Audio and AI to Mimic Executives Over the Phone

While deepfake video gets most of the attention on social media, it’s deepfake audio that is quickly becoming the cybercriminal’s tools of choice for committing fraud.
Continue Reading

In the Hot Seat: Three Experts Tackle 10 Critical Security Awareness Issues

Three experts. 10 hot topics. Sixty minutes. What happens when you lock highly opinionated security awareness experts in a room with a microphone and a list of top security issues facing ...
Continue Reading

Amazon Phishing Scam in Progress

HackRead has come across a phishing scam that’s trying to trick Amazon customers into handing over their account credentials, personal information, and financial details. The phishing ...
Continue Reading

The U.S. Cybersecurity and Infrastructure Security Agency Lays Out Strategic Vision and Priorities in the Wake of Texas Ransomware Attacks.

This new document, entitled Strategic Intent highlights ways to “defend today, secure tomorrow” and comes out as the CISA director admits that ransomware is “only getting worse.”
Continue Reading

Microsoft Remains the Most Impersonated Brand in Phishing Attacks, with Facebook Phishing Surging

For the fifth quarter in a row, Microsoft is the favorite domain of choice for scammers using phishing attacks to lure their victims into clicking on malicious content.
Continue Reading

Advice For Women: "Breaking Into the InfoSec Business"

KnowBe4’s Senior Vice President of Cyber Operations Rosa Smothers was recently interviewed on the CyberWire’s Daily Podcast, where she discussed her background working for the CIA and ...
Continue Reading

18 Months, 61 Billion Credential-Stuffing Attacks

Akamai observed 61 billion credential stuffing attacks between January 2018 and June 2019, according to Computer Business Review. In a new report on Internet security, Akamai researchers ...
Continue Reading

Phishing Attacks Up, Especially Against SaaS And Webmail Services

Phishing attacks continued to rise into the summer of 2019 with cybercrime gangs’ focus on branded webmail and SaaS providers remaining very keen, according to the APWG report. ...
Continue Reading

Oklahoma Pension Fund Robbed of $4.2 million via Compromised Email

Attackers stole millions of dollars from Oklahoma’s pension fund for retired law enforcement officers, the Oklahoman reports. The Oklahoma Law Enforcement Retirement System (OLERS) said ...
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews