Security Awareness Training Blog

Keeping You Informed. Keeping You Aware.

Northrop Grumman can make a stealth bomber – but falls for W-2 phishing attack

US military contractor Northrop Grumman notified their employees that hackers managed to gain access to their W-2 tax records. 

As The Register just reported, the makers of America’s stealth bomber acknowledged in a letter sent to employees and the California Attorney General’s office that hackers infiltrated its online portal at various times over the course of almost a year, gaining access to workers’ W-2 paperwork for the 2016 tax year.

Newark City Hall Computers Infected With Ransomware

NEWARK, N.J. (CBSNewYork) — . The City of Newark’s computer system has been disabled by hackers demanding thousands in ransom money, according to a published report.

Hackers are demanding payment of 24 Bitcoins, which at the moment equals around $30,000, TAPintoNewark reported, citing a document they obtained.

Cyber Insurer Beazley Sees New Phishing Threats Emerge

New York, April 25, 2017 - Beazley, a pioneer in cyber and data breach response insurance, today released its Beazley Breach Insights – April 2017 findings based on its response to client data breaches in the first three months of 2017. The specialized Beazley Breach Response (BBR) Services unit observed phishing scams aimed at accessing direct deposit funds emerge as a growing danger in the first quarter of 2017, particularly in the higher education sector.

French Presidential Candidate Target Of Russian Hacker Phishing Attack

The French presidential election has been hit with a case of déjà vu. Emmanuel Macron's campaign said its staff received phishing emails meant to steal their passwords.

Trend Micro said in a report set to be published today that they have found evidence of a phishing attack targeting French presidential candidate Emmanuel Macron. The emails and fake sites sites could have tricked campaign staff into entering their credentials and allow malware to infect their computers, their researchers stated. 

This Week's Top "In The Wild" Phishing Attacks

And here are this week's Top 10 "In The Wild" phishing attacks that we received from our customers by employees clicking the Phish Alert Button and sending the email to us for analysis.

We "defang" these attacks and have them updated real-time in a campaign that customers can run regularly to test employees against the "real thing".

And Just When You Thought Locky Ransomware Had Disappeared...

Locky ransomware reappeared with a vengeance Friday, this time not using Office documents combined with social engineering to have the user enable macros, but with a PDF that has a Word file hidden within, which executes a macro script when opened by the user.  This scenario allows the phishing email to bypass sandboxes.

[ALERT] Aaron Hernandez Death Phishing Scams

Low-life scum is exploiting the deaths of famous people, such as the suicide yesterday of former N.E. Patriots player and convicted murderer Aaron Hernandez.

First Quarter Top-Clicked Phishing Tests

KnowBe4 customers run millions of phishing tests per year, and we report frequently on the top-clicked phishing topics so that our customers know what the highest-risk phishing templates are. That way they can inoculate their employees against the most prevalent social engineering attacks. 

Fresh information from Osterman Research shows that over a 10-year timespan, since mid-2014, phishing has taken over from Web and still remains the No.1 network infection vector. The graph you see was updated this week. Protecting your network by stepping employees through new-school security awareness training is a must these days.

Scammers Phishing for financial credentials on Twitter

Steve Ragan at CSO wrote: "Scammers are using Twitter as a vehicle to target people looking for customer support or asking general questions. They interject themselves into legitimate discussions, offering friendly chatter and a link that directs the target to a Phishing page designed to harvest credentials.

Cybersecurity IQ: Americans Have Trouble Recognizing Phishing Attacks

A new Pew Research Center survey titled "What the Public Knows about Cybersecurity." tallied responses from 1,055 adults last year about their understanding of concepts important to online safety and privacy. The results are troublesome.

Subscribe To Our Blog

Phish Your Users

Get the latest about social engineering

Subscribe to CyberheistNews