Security Awareness Training Blog

Keeping You Informed. Keeping You Aware.
Stay on top of the latest in security including social engineering, ransomware and phishing attacks.

New Phishing Campaign Impersonates Canada Revenue Agency

A phishing campaign is impersonating the Canada Revenue Agency (CRA) in an attempt to steal Canadians’ personal information, according to Rene Holt at ESET. The phishing emails inform ...
Continue Reading

[New FBI and CISA Alert] This ransomware strain uses RDP flaws to hack into your network

As of May 2022, MedusaLocker has been observed predominantly exploiting vulnerable Remote Desktop Protocol (RDP) configurations to access victims' networks, according to a new joint ...
Continue Reading

Celebrity Crypto Scams Just Keep on Getting Worse

Bloomberg News recently reported that fake celebrity-endorsed crypto scams have doubled in the UK this year, and on average scammed victims out of $14,540 in stolen value before they ...
Continue Reading

[Heads Up] Online Fraud Now Sky-high With 'Tinder Swindler' Romance Scams Costing Hundreds of Millions

A new article in Bloomberg focused on new sky-high online fraud numbers, they are horrendous. Here is a short summary and I recommend you read the whole article.
Continue Reading

Wars and Lechery, Nothing Else Holds Fashion for Phishing Attacks

Shakespeare said it first, and things haven’t changed: suffering and desire continue to drive victims to the social engineers. Researchers at Bitdefender have observed a phishing campaign ...
Continue Reading

Bad News to Ransom Payers: 80% of You Will Face a Second Attack Within 30 Days

New insight into what happens during and after a ransomware attack paints a rather dismal picture of what to expect from attackers, your executives, and your operations.
Continue Reading

80% of Organizations Await “Inevitable” Negative Consequences From Email-Born Cyberattacks

With nearly every organization experiencing some form of phishing attack, new data suggests these attacks are improving in sophistication, effectiveness, and impact.
Continue Reading

New Evasive Phishing Techniques Help Cybercriminals Launch “Untraceable” Campaigns

Scary new details emerge of cybercriminals using reverse tunneling and URL shorteners to evade detection by security solutions, allowing them to take victims for their credentials and ...
Continue Reading

Innovative Way to Bypass MFA Using Microsoft WebView2 Is Familiar Nevertheless

An interesting way to bypass multi-factor authentication (MFA) was recently announced by Bleeping Computer. This particular attack method requires a potential victim to be tricked into ...
Continue Reading

FBI Warns of Deepfakes Used to Apply for Remote Jobs

If you're looking for your company's next remote IT position, you may want to think twice before doing so. The FBI recently reported to the Internet Complaint Center today that there are ...
Continue Reading

Try the new Compliance Audit Readiness Assessment today for the NIST Cybersecurity Framework

When it's time to complete a compliance audit of your cybersecurity readiness plan, are you thinking, "Ugh, is it that time again?"
Continue Reading

MetaMask Crypto Wallet Phishing

A phishing campaign is attempting to steal credentials for MetaMask cryptocurrency wallets, according to Lauryn Cash at Armorblox.
Continue Reading

Amazon Prime Day 2022 is Coming: Here are Quick Cybersecurity Tips to Help You Stay Safe

Amazon Prime Days this year are July 12 - 13th 2022. As a result, cybercriminals are taking every step to capitalize on the holiday with new phishing attacks. I have been getting asked ...
Continue Reading

Technology, Microlearning, and its Impact on Users and Cybersecurity

Technology is everywhere in society these days from our communication, shopping, and commerce capabilities. Whether email, online purchases, or using the blockchain, it amounts to large ...
Continue Reading

Pre-Hijacking of Online Accounts are the Latest Method for Attackers to Impersonate and Target

Rather than run a complex credential harvesting phishing scam, attackers use existing information about their victim and hijack a popular web service account *before* it’s created.
Continue Reading

“Failure to Authenticate” Wire Transaction at the Heart of a Cyber Insurance Appeal Case

Lawsuits over denied cyber insurance claims provide insight into what you should and shouldn’t expect from your policy – and that actions by your own users may make the difference.
Continue Reading

Phishing Scammers Leverage Telegraph’s Loose Governance to Host Crypto and Credential Scams

The free and unmonitored webpage publishing platform has been identified as being used in phishing scams dating back as early as mid-2019, as a key part to bypass security solutions.
Continue Reading

Vendor Impersonation Competing with CEO Fraud

Researchers at Abnormal Security have observed an increase in vendor impersonation in business email compromise (BEC) attacks.
Continue Reading

[Heads Up]  Russia has increased the cyber attacks against countries that help Ukraine

The Wall Street Journal just reported that Russian intelligence agencies have increased the pace of cyberattacks against nations that have provided aid to Ukraine, according to new ...
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews