Royal Mail Scam: Sorry, You Haven't in Fact Won that iPhone 11 Pro

An SMS phishing scam is targeting people in the UK with fake notifications that appear to come from the Royal Mail postal service, The Sun reports. The messages are personalized, and they ...
Continue Reading

Best Practices for Creating Order from Phish Reporting Chaos

When Greg Kras, KnowBe4’s Chief Product Officer, first rolled out our Phish Alert Button (your users can use it to report suspicious emails), he thought it would be a great way for you to ...
Continue Reading

Financial Advisor Fined After Falling for BEC Scam

The Financial Industry Regulatory Authority (FINRA) fined and temporarily suspended a financial advisor working for UBS after he was tricked into transferring $511,870 from a client’s ...
Continue Reading

Microsoft Sees Phishing on the Rise

According to Microsoft security research, the percentage of inbound emails associated with phishing on average increased in the past year. For some, this may feel like obvious news, but ...
Continue Reading

MimeCast Warns of New Phishing Attacks in South Africa

With two new alerts regarding elevated risks of phishing attacks against consumers – one from DStv, and another from the New Development Bank – South Africans are warned to take care when ...
Continue Reading

Have Your Users Been Exposed in the 8.5 Billion Breached Records This Year?

Data breaches are getting bigger, the bad guys are getting more cunning, and the amount of compromised data is unfortunately continuing to rise. According to RiskBased Security, breach ...
Continue Reading

Insecure Database Exposes Millions of Private SMS Messages

Researchers discovered an unprotected TrueDialog database hosted by Microsoft Azure with diverse and business-related data from tens of millions of users.
Continue Reading

A Transformational Rant: Why People Question the Value of Security Awareness

In my last post, I spent a bit of time discussing the “technology vs. training” debate; and based on the feedback received, I can tell that this is a debate that many of you have had to ...
Continue Reading

What Reese’s Peanut Butter Cups Can Teach Us About Phishing

One of the greatest inventions in modern history is the Reese’s Peanut Butter Cup. I feel sorry for any human who existed before the “age of the cup” because they never got to know the ...
Continue Reading

A New Strain of Tech Support Scam in the U.K.

The BBC reports a tech support scam that caused a British man, Doug Varey, to lose £4,000. The scam began when Mr. Varey saw an online ad for twelve years’ worth of computer security ...
Continue Reading

It’s Baaaaaaaack! Emotet Trojan Rears Its Ugly Head Once Again After a 3-Month Vacation

One of the most dangerous pieces of malware to-date, this trojan-turned-botnet has come back after a brief hiatus and appears to be a part of a new spear phishing campaign targeting ...
Continue Reading

99 Percent Of All Misconfigurations In The Public Cloud Go Unreported

Charlie Osborne at ZDNet wrote: "Today's data breaches often seem to be caused not just by malware infections or external threat actors, but human error, insiders with an ax to grind, and ...
Continue Reading

[Heads Up] What If The World's Largest Cyber Insurers Recommended Just *One* Security Awareness Training Platform As The Most Effective In Reducing Cyber Risk?

Well, that just happened. Today, September 25th 2019, Marsh, the world’s leading insurance broker and risk adviser, announced the inaugural class of cybersecurity solutions receiving a ...
Continue Reading

KnowBe4 2019 Security Threats and Trends Report – October 2019

Executive Summary The yearly, independent, KnowBe4 2019 Security Threats and Trends Survey polled 600 organizations worldwide mid-2019 on the major security issues they will face in the ...
Continue Reading

Connecting Security Awareness Training Data to your Security Operations

Highlighting the value of connecting user security awareness trainings to the critical resources those users can access
Continue Reading

U.S. May Face Cyberwar with Russia After Purported U.S. Attacks on Russian Power Grid

The hacking of Russia’s power grid by the U.S. has led to a formal warning from the Kremlin that could escalate into an all-out cyberwar with attacks on U.S. businesses, agencies, and ...
Continue Reading

“File Deletion” Alert Becomes the Latest Scam to Compromise Office 365 Credentials

Attackers use simple cause for concern as the basis of a scam intent on tricking victims into offering up their Office 365 credentials.
Continue Reading

Two-Thirds of Organizations See an Increase in Impersonation Attacks

Nothing fools a user like an email seemingly from someone they know. And, according to the latest data from Mimecast, the bad guys are stepping up their impersonation game.
Continue Reading

Tech Support Scam Freezes Browsers

Trend Micro has found a new tech support scam that abuses HTML’s Inline Frame element (iframe) along with authentication pop-ups to freeze victims’ browsers by trapping them in a type of ...
Continue Reading

U.S. Universities are the Target of Chinese Hackers Seeking Undersea Military Secrets

Schools like MIT and the University of Hawaii are the focus of Chinese hackers looking for research hubs or field experts at universities tied to Navy programs.
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews