Security Awareness Training Blog

Keeping You Informed. Keeping You Aware.
Stay on top of the latest in security including social engineering, ransomware and phishing attacks.

Holding a Great Employee Education Meeting

I recently attended a customer’s annual security awareness training employee event. I have attended a bunch of these over the years and I have loved them all. But this particular customer ...
Continue Reading

Phishing Campaign Uses Simple Email Templates

A phishing campaign is using short, terse emails to trick people into visiting a credential-harvesting site, according to Paul Ducklin at Naked Security. The email informs recipients that ...
Continue Reading

75% of SMBs Would Only Survive Seven Days or less from a Ransomware Attack

With ransomware attacks on the increase, new data shows a material portion of small and medium business organizations are completely ill-equipped to address an attack.
Continue Reading

Half of IT Leaders Say their Non-Technical Staff are Unprepared for a Cyber Attack

New data shows IT leadership believes users outside of IT create a “continued significant risk to organizations” despite having a layered security strategy to prevent attacks.
Continue Reading

[EYE OPENER] The Ransom Payment is Only 15% of The Total Cost of Ransomware Attacks

As the number of ransomware attacks has increased 24% over the previous year, security researchers estimate the total associated attack costs to be just over 7 times higher.
Continue Reading

Criminal Gang Impersonates Russian Government in Phishing Campaign

Researchers at IBM Security X-Force are tracking a financially motivated cybercriminal group called “Hive0117” that’s impersonating a Russian government agency to target users in Eastern ...
Continue Reading

How Hackers Steal Passwords & Protection Tips

Despite the world’s best efforts to get everyone off passwords and onto something else (e.g., MFA, passwordless authentication, biometrics, zero trust, etc.) for decades, passwords have ...
Continue Reading

Hacking the Hacker: An Inside Look at the Karakurt Cyber Extortion Group

By breaking into an attack server, security researchers have uncovered new details that show the connection between the Karakurt group and Conti ransomware.
Continue Reading

Nearly all Data Breaches in Q1 2022 Were the Result of a Cyber Attack

New data from the Identity Theft Resource Center shows rises in the number of data compromises following 2021’s record-setting year, all stemming from cyber attacks.
Continue Reading

Cyber Attacks on the Global Supply Chain Have Increased by 51%

As supply chain vendors become a greater target, the businesses reliant upon them don’t seem to be responding with the appropriate urgency, according to new data.
Continue Reading

More_eggs Malware Distributed Via Spear Phishing

Threat actors are sending out the stealthy “more_eggs” malware in spear phishing emails that target hiring managers, according to researchers at eSentire’s Threat Response Unit (TRU).
Continue Reading

Community Associations Confront Social Engineering

It’s not just deep-pocketed corporations that prove attractive targets for social engineering. Any organization that holds information that can fetch a good price in the criminal ...
Continue Reading

If You Got a “Your Bill Is Paid For” Text, You’re Part of a Massive T-Mobile Texting Scam

The latest scam targeting T-Mobile customers impersonating T-Mobile and focused on collecting your personal data by tempting you with free “gifts”.
Continue Reading

LinkedIn is the Most Impersonated Brand in Phishing Attacks

Social media companies, particularly LinkedIn, are now the most impersonated brands in phishing campaigns, researchers at Check Point have found.
Continue Reading

New Phishing Attack Targets MetaMask Users for their Crypto Wallet Private Keys

A new phishing campaign impersonates MetaMask, informs victims their cryptocurrency wallets aren’t “verified” and threatens suspension.
Continue Reading

UK Information Commissioner: Many Cybersecurity Incidents are “Preventable”

In a recent article about the largest cyberthreats currently facing the UK, John Edwards – the UK’s newly-appointed information commissioner- talks about the need for a security culture ...
Continue Reading

Critical: CISA Warns of Potential Attacks on Infrastructure by Russian State-Sponsored and Criminal Cyber Gangs

In a joint multi-country cybersecurity advisory (CSA), governments are warning their respective critical infrastructure organizations to be vigilant against increased malicious cyber ...
Continue Reading

TraderTraitor: When States do Social Engineering

North Korea’s Lazarus Group is using social engineering attacks to target users of cryptocurrency, according to a joint advisory from the US FBI, the Cybersecurity and Infrastructure ...
Continue Reading

Ransomware Attacks Show Temporary Slowing but are Expected to Increase in 2022 [Graphs]

New data from Recorded Future shows how the war in Ukraine is causing a brief slowdown of ransomware attacks on healthcare, governments and schools that is predicted to return to growing ...
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews