Phishing Campaign Exploits Nespresso Domain

Apr 23, 2024 11:37:04 AM By Stu Sjouwerman

Attackers are launching phishing campaigns using an open-redirect vulnerability affecting a website belonging to coffee machine company Nespresso, according to researchers at Perception ...

AI Voice Cloning and Bank Voice Authentication: A Recipe for Disaster?

Apr 18, 2024 8:39:02 AM By Stu Sjouwerman

New advancements in generative AI voice cloning come at a time when banks are looking for additional ways to authenticate their customers – and they’re choosing your voice.

Critical Improvements To The Seven Most Common Pieces of Cybersecurity Advice

Apr 9, 2024 2:05:26 PM By Roger Grimes

I have been in the cybersecurity industry for over 35 years and I am the author of 14 books and over 1,400 articles on cybersecurity.

New Phishing-as-a-Service (PhaaS) platform, 'Tycoon 2FA', Targets Microsoft 365 and Gmail Accounts

Apr 9, 2024 2:05:22 PM By Stu Sjouwerman

A new PhaaS service brings the power of bypassing multi-factor authentication (MFA) to the world’s most-used email platforms.

Apple Users Become the Latest Targets of MFA Attacks

Apr 4, 2024 1:28:45 PM By Stu Sjouwerman

A new string of multi-factor authentication (MFA) attacks targeting the reset of Apple IDs seem to be popping up in a likely attempt to steal the victim’s digital identity and more.

New Phishing-as-a-Service Kit Attempts to Bypass MFA

Mar 26, 2024 11:38:48 AM By Stu Sjouwerman

A Phishing-as-a-Service (PhaaS) platform called “Tycoon 2FA” has surged in popularity over the past several months, according to researchers at Sekoia. The phishing kit is notable for its ...

AI-Driven Voice Cloning Tech Used in Vishing Campaigns

Mar 13, 2024 9:30:10 AM By Stu Sjouwerman

Scammers are using AI technology to assist in voice phishing (vishing) campaigns, the Better Business Bureau (BBB) warns. Generative AI tools can now be used to create convincing ...

Three Essential Truths Every CISO Should Know To Guide Their Career

Mar 11, 2024 9:11:56 AM By Roger Grimes

According to my research, it became clear that if CISO's focused on these three items, it would take care of 99% of the vulnerabilities.

Game-Changer: Biometric-Stealing Malware

Feb 28, 2024 2:25:55 PM By Roger Grimes

I have been working in cybersecurity for a long time, since 1987, over 35 years. And, surprisingly to many readers/observers, I often say I have not seen anything new in the ...

When Threat Actors Don’t Have a Viable Email Platform to Phish From, They Just Steal Yours

Feb 28, 2024 12:21:15 PM By Stu Sjouwerman

New analysis of a phishing campaign shows how cybercriminals use brand impersonation of the platforms they need to compromise accounts and takeover legitimate services.

Credential Theft Is Mostly Due To Phishing

Feb 28, 2024 12:21:10 PM By Roger Grimes

According to IBM X-Force’s latest Threat Intelligence Index, 30% of all cyber incidents in 2023 involved abuse of valid credentials. X-Force’s report stated that abuse of valid ...

Anyone Can Be Scammed and Phished, With Examples

Feb 21, 2024 3:23:29 PM By Roger Grimes

I recently read an article about a bright, sophisticated woman who fell victim to an unbelievable scam. By unbelievable, I mean most people reading or hearing about it could not believe ...

IBM Tests Audio-Based Large Language Model to Hijack Live Conversations

Feb 20, 2024 1:03:01 PM By Stu Sjouwerman

With the idea in mind to “audio-jack” a live call-based banking transaction, security researchers were successful in inserting cybercriminal-controlled account details.

Cybersecurity Resiliency and Your Board of Directors

Feb 8, 2024 2:41:03 PM By Roger Grimes

Growing cybersecurity threats, especially ransomware attacks, and the Securities and Exchange Commission’s (SEC) recent rules have made having a cybersecurity-aware Board of Directors ...

Fake “I Can’t Believe He’s Gone” Posts Seek to Steal Facebook Credentials

Feb 5, 2024 4:58:17 PM By Stu Sjouwerman

A new scam relies on a victim's sense of curiosity, brand impersonation, and the hopes of a new login to compromise Facebook credentials.

New Phishing-As-A-Service Kit with Ability to Bypass MFA Targets Microsoft 365 Accounts

Feb 5, 2024 4:57:58 PM By Stu Sjouwerman

A phishing-as-a-service platform called “Greatness” is facilitating phishing attacks against Microsoft 365 accounts, according to researchers at Sucuri.

Facebook Phishing Scams Target Concerned Friends and Family

Jan 22, 2024 2:06:13 PM By Stu Sjouwerman

BleepingComputer describes a phishing scam that’s been running rampant on Facebook for the past several months, in which threat actors use hacked accounts to post links to phony articles ...

Beware of "Get to Know Me" Surveys

Jan 11, 2024 1:46:46 PM By Roger Grimes

Trained security awareness professionals are aware that whatever someone says about themselves and personal experiences can be used against them in a social engineering scam. It is always ...

Beware of Fraudulent Charge Messages

Jan 5, 2024 1:19:09 PM By Roger Grimes

Be careful of emails, SMS messages, or calls claiming to be from your bank about your card being used fraudulently. If this ever happens, call the phone number on the back of your card.

Phishing Reigns as the Most Likely and Most Feared Cyber Attack

Jan 5, 2024 9:00:05 AM By Stu Sjouwerman

With over half of organizations being the victim of password-based attacks in the last year, new data sheds light on the risk of phishing attacks and the use of password-based credentials.

Security Awareness Training Blog

View Topics