Security Awareness Training Blog

Keeping You Informed. Keeping You Aware.
Stay on top of the latest in security including social engineering, ransomware and phishing attacks.

Spoofing-as-a-Service Site Taken Down

Law enforcement authorities across Europe, Australia, the United States, Ukraine, and Canada have taken down a popular website used by cybercriminals to impersonate major corporations in ...
Continue Reading

[Keep An Eye Out] Beware of New Holiday Gift Card Scams

Every holiday season brings on an increase in gift card scams. Most people love to buy and use gift cards. They are convenient, easy to buy, easy to use, easy to gift, usually allow the ...
Continue Reading

Quiet Quitting Can Potentially Lead to Insider Security Risks

The phenomenon known as “quiet quitting,” in which employees become disengaged from their work while formally remaining in their jobs, can lead to serious security risks, according to Tim ...
Continue Reading

Merriam-Webster has announced "gaslighting" as the 2022 word of the year

Merriam-Webster has announced "gaslighting" as the 2022 word of the year. One definition of gaslighting is "to manipulate (someone) into believing that he or she is going insane or that ...
Continue Reading

[New App] Empower Your Users to Engage with Security Awareness and Compliance Training Anytime, Anywhere with the KnowBe4 Learner App

We’re excited to introduce a new way for your users to engage with KnowBe4 security awareness and compliance training anytime and anywhere with the KnowBe4 Learner App. And the best part? ...
Continue Reading

There’s No Such Thing as a Free Yeti, Only Social Engineering Tactics

It’s easy to think of the typical online holiday scam as something that affects mostly individuals. Sad, maybe, and unfortunate, but not something that might seriously threaten a ...
Continue Reading

WhatsApp data breach sees nearly 500 million user records up for sale

Craig Hale at Techradar reported: "A post on a “well-known hacking community forum” claims almost half a billion WhatsApp records have been breached and are up for sale. 
Continue Reading

[Send This To Your Users] 5 Top Scams To Watch Out For This Holiday Season

Here is a 3-minute article that we suggest you copy/paste and send to all your users as part of your ongoing security culture campaign.  "The holiday season is a time when people are ...
Continue Reading

Cybersecurity incidents cost organizations $1,197 per employee, per year

This statistic is alarming and underscores the importance of having a robust cybersecurity program in place. According to the Ponemon Institute, the average cost of a data breach is $3.8 ...
Continue Reading

A Recent, Complex, Ransomware Campaign

Microsoft has observed a threat actor that’s been running a phishing campaign since August 2022. The threat actor, which Microsoft tracks as “DEV-0569,” is using phishing emails to ...
Continue Reading

New Instagram Support Phishing Attack Fakes “Unusual Logon” Experience Well Enough to Fool Victims

Long gone are the days of tacky landing pages that barely impersonate a brand; threat actors are improving their social engineering game well enough to make anyone believe it’s the real ...
Continue Reading

Image-Based Phishing and Phone Scams Continue to Get Past Security Scanners

Using the simplest tactic of not including a single piece of content that can be considered malicious, these types of scams are making their way to inboxes every single time.
Continue Reading

World Cup Phishing Attacks Doubled And Will Increase

Researchers at Trellix revealed that phishing email attacks targeting users in the Middle East doubled in October 2022 ahead of the World Cup in Qatar, as reported by The Record. The end ...
Continue Reading

MFA Fatigue Attacks

Researchers at Specops Software describe a technique attackers are using to bypass multi-factor authentication (MFA). In an article for BleepingComputer, the researchers explain that ...
Continue Reading

4 out of 10 Emails are Unwanted as nearly 40% of all Attacks Start with Phishing

New data focused on emails sent through Microsoft 365 highlights the methods used to ensure a successful attack beginning with a malicious email.
Continue Reading

10 Million Health Records from Australian Insurer Medibank are Leaked After Refusing to Pay the Ransom

The aftermath of a ransomware attack last month demonstrates just how bad an attack can get when the cybercriminals don’t get what they want.
Continue Reading

2022 Black Friday and Cyber Monday Scams

In years gone by, Black Friday was a 24-hour rush to the shops (you remember those places with actual people and merchandise that you could touch) where there was a set time for you to ...
Continue Reading

Over One-Third of Companies Who Pay the Ransom are Targeted for a Second Time

Despite the somewhat logical notion that once you’ve paid the ransom, the attack is over, new data shows that paying the ransom doesn’t help you anywhere near how much you think it does.
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews