Security Awareness Training Blog

Keeping You Informed. Keeping You Aware.
Stay on top of the latest in security including social engineering, ransomware and phishing attacks.

Retailers: Credential Harvesting Attacks Are the “Big Thing” This Year for the Holiday Season

New data polled from analysts and members of the retail industry about their security focus is this holiday season reveals the kinds of attacks every organization should be preparing for.
Continue Reading

This New Phishing Kit Flies Under the Radar of Antivirus Software

Akamai researchers have discovered a new phishing campaign that targets United States consumers with fake holiday offers, TechRadar reports. Fake landing pages created by threat actors ...
Continue Reading

Phishing Attacks Misuse Microsoft Dynamics 365 Customer Voice Functionality to Hide Malicious Links

Leveraging a legitimate feature of Dynamics 365, threat actors are able to obfuscate the malicious nature of the email within content that naturally requires user interaction.
Continue Reading

Valid Accounts Rank as the Top Initial Access Infection Vector, Putting a Spotlight on Credentials

As ransomware, business email compromise, and phishing attacks continue to escalate, new data sheds light on where organizations need to focus to help put a stop to attack success.
Continue Reading

Ransomware Attacks on UK Organizations are Not Being Reported Enough, Clouding Impact

A new report from the UK’s National Cyber Security Center highlights the current state of threats in the UK, with particular focus on ransomware attacks and their impact.
Continue Reading

Cyber Insurance Rates Begin to Stabilize as Insurers Gain Better Insight into Cyberattacks

The latest data shows that historically massive rate increases seen over the last few years are beginning to come down, primarily due to insurers having a solid understanding of the risk.
Continue Reading

Holiday Package or Scam Message? Clickers Beware

As we enter the holiday season, we start getting bombarded with amazing offers and often take advantage of not only grabbing ourselves a bargain, but also stockpiling gifts for friends ...
Continue Reading

Watch Out For This Tricky New Tactic Called Clone Phishing

Researchers at Vade Secure describe a type of phishing attack dubbed “clone phishing,” in which attackers follow up a legitimate email from a trusted sender with a replica, claiming that ...
Continue Reading

FBI director says he's 'extremely concerned' about China's ability to weaponize TikTok

Suzanne Smalley at Cyberscoop reported: "FBI Director Christopher Wray told Congress on Tuesday he is “extremely concerned” that Beijing could weaponize data collected through TikTok, the ...
Continue Reading

[SCAM OF THE WEEK] Phishing Campaign Targets Crypto Users

Major cryptocurrency company FTX recently filed for bankruptcy, and there's a big phishing campaign on the loose targeting FTX users.
Continue Reading

Fangxiao Domain-Spoofing for Revenue

Researchers at Cyjax describe a large phishing campaign being run by a China-based financially motivated threat actor called “Fangxiao.” The threat actor has been active since at least ...
Continue Reading

[FREE Resource Kit] Stay Safe This Holiday Season with KnowBe4

It's the best time of the year! But also, it's the busiest time for cybercriminals. Since your users will be distracted with seasonal activities, cybercriminals will take advantage of the ...
Continue Reading

“Hired Hand” in the Kingdom of Saudi Arabia Uses Domain Spoofing

Sometimes a social engineering campaign has a clear geographical focus, often shaped by language, holidays, or current events. In this case, the scammers are taking opportunistic ...
Continue Reading

The Rise in Unwanted Emails, Now Found to be Nearly 41%

How many business emails do the recipients actually want? Or, conversely, how many of them are unwanted? A study by Hornetsecurity looked at this question (along with a number of other ...
Continue Reading

[HEADS UP] FBI Warns of Tech Support Scams That Impersonate Payment Portals for Fake Refunds

In the latest FBI warning, cybercriminals are now impersonating financial institutions' refund payment portals. This effort is to contain victims' personal information with legitimacy.
Continue Reading

Phishing Campaign Abuses Microsoft Customer Voice

Researchers at Avanan warn that a phishing campaign is using Microsoft’s Dynamic 365 Customer Voice feature to send malicious links. Customer Voice is designed to collect feedback from ...
Continue Reading

Three-Quarters of Employees Feel It’s the Company’s Job to Ensure Security, Despite Three-Quarters Also Personally Experiencing a Cyberattack

Even with employees seeing cyberattacks first-hand and understanding the seriousness of such attacks, organizations have a culture problem where users just don’t care.
Continue Reading

Ransomware Attacks Targeting Manufacturing are up 52% Over the Course of 12 Months

While every sector is taking strides to improve their security stances against ransomware and other cyberattacks, the latest data shows that for Manufacturing the impacts are huge and the ...
Continue Reading

Cyberattacks Globally Increased by 28% in the Third Quarter of 2022 as the Average Org Experiences Over 1,100 Attacks Weekly

Check Point Research provides highlights that color the third quarter of 2022, painting a picture of increases in attack frequency and intensity in every single sector.
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews