Business Email Compromise Gang Gets Jail Time for Stealing Millions

Feb 28, 2023 11:52:14 AM By Stu Sjouwerman

An international cybercriminal operation responsible for millions of dollars in business email compromise (BEC) scams has finally been dismantled.

Blind Eagle Goes Phishing

Feb 28, 2023 11:52:11 AM By Stu Sjouwerman

BlackBerry has published a report on a threat actor, Blind Eagle, also known as APT-C-36, which has been operating against targets in Ecuador and Colombia since at least 2019. Its most ...

CyberheistNews Vol 13 #09 [Eye Opener] Should You Click on Unsubscribe?

Feb 28, 2023 9:00:00 AM By Stu Sjouwerman

CyberheistNews Vol 13 #09 | February 28th, 2023 [Eye Opener] Should You Click on Unsubscribe? By Roger A. Grimes. Some common questions we get are "Should I click on an unwanted email's ...

GLBA and Other Regulations Wake Up to the Importance of Security Awareness Training With June 9, 2023 Deadline

Feb 27, 2023 4:15:26 PM By Roger Grimes

Most computer security practitioners have understood for many years the importance of having an aggressive security awareness training program. As social engineering is involved in 70% to ...

Thousands of NPM Packages Used to Spread Phishing Links

Feb 27, 2023 8:39:49 AM By Stu Sjouwerman

Researchers at Checkmarx warn that attackers uploaded more than 15,000 packages to NPM, the open-source repository for JavaScript packages, to distribute phishing links. The packages ...

Malware Report: The Number of Unique Phishing Emails in Q4 Rose by 36%

Feb 23, 2023 11:28:45 AM By Stu Sjouwerman

With nearly 280 million phishing emails detected by just one vendor, and the increase in the number of unique emails, organizations have a lot to be worried about in 2023.

W-2s Are Just the Beginning of Tax-Related Scams This Year

Feb 23, 2023 11:28:23 AM By Stu Sjouwerman

Email scammers can’t pass up a tried and true theme that is almost guaranteed to produce results. And with W-2 forms being sent out, it marks the start of this year’s expected campaigns.

Ransomware Attacks Using Extortion Tactics Reaches Critical Mass at 96% of all Attacks

Feb 23, 2023 11:28:04 AM By Stu Sjouwerman

New cyber attack data from 2022 is providing insight into what to expect in 2023, including ransomware campaigns.

28% of Users Open BEC Emails as BEC Attack Volume Skyrockets by 178%

Feb 23, 2023 11:27:44 AM By Stu Sjouwerman

New data shows users aren’t scrutinizing emails used in business email compromise (BEC) attacks, allowing critical changes in banking details that would impact the victim's organization ...

What Is a Good Survey Rating for Security and Compliance Training?

Feb 22, 2023 2:53:32 PM By John Just

We received great feedback from many of you after sharing data about completion percentages last month so much that we thought, “What other things can we share from our vast amount of ...

Coinbase Attack Used Social Engineering

Feb 22, 2023 8:48:30 AM By Stu Sjouwerman

Coinbase describes a targeted social engineering attack that led to the theft of some employee data. The attacker first sent smishing messages to several Coinbase employees, urging them ...

Should You Click on Unsubscribe?

Feb 21, 2023 4:36:29 PM By Roger Grimes

Some common questions we get are “Should I click on an unwanted email’s ’Unsubscribe’ link? Will that lead to more or less unwanted email?”

Do Not Let Ransomware Steal the Show – Business Email Compromise Is the Biggest Threat You Must Prepare For!

Feb 21, 2023 10:12:12 AM By Javvad Malik

When it comes to cybersecurity, ransomware is the rockstar of threats. But taking a peek behind the curtain, business email compromise (BEC) causes huge financial losses.

A Special Case of Business Email Compromise

Feb 21, 2023 9:12:41 AM By Stu Sjouwerman

Cloudflare warns that business email compromise (BEC) phishing has assumed a new form: vendor email compromise (VEC). The classic BEC case involves the impersonation of someone within an ...

CyberheistNews Vol 13 #08 [Heads Up] Reddit Is the Latest Victim of a Spear Phishing Attack Resulting in a Data Breach

Feb 21, 2023 9:00:00 AM By Stu Sjouwerman

CyberheistNews Vol 13 #08 | February 21st, 2023 [Heads Up] Reddit Is the Latest Victim of a Spear Phishing Attack Resulting in a Data Breach There is a lot to learn from Reddit's recent ...

Corporate Transitions Represent Times of Heightened Danger

Feb 20, 2023 10:05:40 AM By Stu Sjouwerman

When should organizations be on guard against social engineering? Always, of course, but there are certain times when they should be especially alert. A study of cyberattacks has found ...

The Curse of Cybersecurity Knowledge

Feb 17, 2023 10:54:25 AM By Javvad Malik

The curse of knowledge is a cognitive bias that occurs when someone is trying to communicate information to another person, but falsely assumes that the other person has the same level of ...

Will AI and Deepfakes Weaken Biometric MFA

Feb 17, 2023 9:31:39 AM By Roger Grimes

You should use phishing-resistant multi-factor authentication (MFA) when you can to protect valuable data and systems. But most biometrics and MFA are not as strong as touted and much of ...

[HEADS UP] Russian Hacker Group Launches New Spear Phishing Campaign with Targets in US and Europe

Feb 16, 2023 9:17:56 AM By Stu Sjouwerman

The Russian-based hacking group Seaborgium is at it again with increased spear phishing attacks targeting US and European countries in the last year.

Security Awareness: The Top Trend of 2023

Feb 15, 2023 4:31:58 PM By Jelle Wieringa

The Dutch organization Supply Value (a specialist in network optimalisation) together with the website Computable, published an article on their annual research into the top trends in IT ...

Security Awareness Training Blog

View Topics