Security Awareness Training Blog

Keeping You Informed. Keeping You Aware.

2016 Exceeds All Records in Numbers of Phishing Attacks

Year over year sustained growth in phishing campaigns produces yet another record number of attacks

The Anti-Phishing Working Group (APWG) observed that 2016 ended as the worst year for phishing in history. According to the APWG’s new Phishing Activity Trends Report, the total number of phishing attacks in 2016 was 1,220,523. This number represents the highest ever recorded, and fully a 65 percent increase over 2015.

Which User Will Infect Your Network With Ransomware?

We've got something really cool for you: the new Phishing Security Test v2.0!

It's got several great new features, and sending simulated phishing emails to train your employees is a fun and an effective best practice to patch your last line of defense... your users.

The phish-prone percentage is usually higher than you expect and is great ammo to get budget. You can now find out the current Phish-prone percentage of your organization and who might infect your network with ransomware.

Phishing Attack Uses Stuxnet Technology And Makes PCs Into Roombugs

Researchers have uncovered an advanced malware-based operation that siphoned more than 600 gigabytes from about 70 targets in a broad range of industries, including news media, and scientific research.

The operation uses malware to capture audio recordings of conversations, screen shots, documents, and passwords, according to a blog post published last week by security firm CyberX. Targets are initially infected using malicious Microsoft Word documents sent in phishing e-mails.

Survey: Most Hackers Break In Within Six Hours

A recent survey of 70 professional hackers and penetration testers found that 60% of them take a maximum of just six hours to compromise a target. The research titled The Black Report, was done at the 2016 Black Hat USA and Defcon by Australian technology company Nuix.

Google: "Office Inbox Receives 6.2X More Phishing And 4.3X More Malware Than Your Inbox At Home".

Google Research analyzed over a billion emails passing through Gmail, and the results were presented yesterday at the RSA security conference in San Francisco.  

Extremely interesting stats: corporate email addresses are 6.2 times more likely to receive phishing attacks, 4.3X likely to receive malware compared to personal accounts, but 0.4X less likely to receive spam.

Scam Of The Week: Valentine’s Day Phishing Attacks

It is time to remind your users that heartless con artists use social engineering tactics to trick people looking for love. 

The FBI's Internet Crime Complaint Center warns every year that scammers use poetry, flowers, and other gifts to reel in victims, the entire time declaring their "undying love."  

These callous criminals -- who also troll social media sites and chat rooms in search of romantic victims -- usually claim to be Americans traveling or working abroad. In reality, they often live overseas and it's a whole industry with planned criminal campaigns focused on days like this. 

Careless Licking Gets A Nasty Ransomware Phishing Infection: 1,000+ Machines Down

More than 1,000 government computer systems shut down. A county in Ohio, US, has had to shut down its entire IT infrastructure due to a ransomware infection. County Auditor Mike Smith found a bright side on an otherwise gloomy day.  "Apparently, our clock still works."

300+ New Ways to Stop Your Users from Clicking on Everything!

You now really have 300+ new ways to make sure your users Think Before They Click!

Scam Of The Week: Locked PDF Phishing Attack

Wednesday Jan 4th, the SANS Internet Storm Center warned about an active phishing campaign that has malicious PDF attachments in a new scam to steal email credentials.

The SANS bulletin said that the email has the subject line “Assessment document” and the body contains a single PDF attachment that claims to be locked. A message reads: “PDF Secure File UNLOCK to Access File Content.”

John Bambenek, handler at SANS Internet Storm Center said: “This is an untargeted phishing campaign. They are not going after the most sophisticated users. They are going after Joe Cubicle that may not think twice about entering credentials to unlock a PDF,”

This is a large spray-and-pray campaign that hopes to get a small foothold into your org via an email account and then compromise, tunnel in or send spear-phishing attacks. Here is how it looks:

Adobe's New VoCo Is PhotoShop For Audio - The Potential For Voice Phishing Is Horrendous

Our friends at sent me some interesting news in their January newsletter: "Adobe recently announced Project VoCo at the November Adobe Max conference.

It’s purported to have the ability to take recordings of someone’s voice, then create audio that sounds like it is from that person.  In a nutshell, it’s Photoshop for audio." 

And they continued with: "According to Adobe, the software needs about twenty minutes of someone’s voice, and then it can recreate that voice exactly

Subscribe To Our Blog

Phish Your Users

Get the latest about social engineering

Subscribe to CyberheistNews