Security Awareness Training Blog

Phishing Blog

Learn about current phishing techniques, notable campaigns and attacks, what to watch out for 'in the wild', and more.

What our customers are saying about our security awareness training

One of our customers sent us this today: "I wanted to give you an update on our security awareness training. When we did the baseline phishing campaign for 85 employees and we had a click ...
Continue Reading

Your Antivirus Enduser Is Exposed To Phishing Attacks For 17.5 Hours

The 2015 Websense threat report is abundantly clear about it. "Websense detected 28 percent of malicious email messages before an antivirus signature became available, presenting AV users ...
Continue Reading

10 Lessons Learned From Painful Ryanair $5M Cyberheist

Low-cost airline Ryanair shamefacedly came clean last week that they fell victim to a cyberheist which stole almost 5 million dollars out of its fuel bank account. The money was siphoned ...
Continue Reading

Social Engineering Exploit Fools HR with Infected IT Resumes

Proofpoint threat researchers recently detected a clever email-based attack that combines phishing and social engineering techniques in order to trick users into opening a malicious ...
Continue Reading

Scam Of The Week: Nepal Earthquake

More than 5,000 people dead and counting. And you can also count on cyber-criminals exploiting the disaster. What else is new. Disgusting. Scammers are now using the Nepal disaster to ...
Continue Reading

How Criminals Exploit Gaps In Your Security Awareness Training

I was at RSA in San Francisco last week. Great show, with ~30,000 attendees and packed exhibit halls at the Moscone Center. We invited KnowBe4 customers who were attending RSA for a ...
Continue Reading

90% of phishing incidents trace back to PEBKAC and ID10T errors

Don't have time to read through the massive Verizon's 2015 Data Breach Investigations Report? Here is a great summary; 90% of Security incidents are still caused by PEBKAC and ID10T ...
Continue Reading

If You Think Security Awareness Training is Expensive, Try Ignorance

Facts surrounding spear phishing all point to employees as the most cited culprits and security awareness training as the most effective remedy. Yet all training programs are not equal. ...
Continue Reading

KnowBe4 Offers White House Free Security Awareness Training

April 7, 2015 - CNN reported that The White House said it noticed suspicious activity in the unclassified network that serves the executive office of the president. The KnowBe4 Blog ...
Continue Reading

Facebook sends simulated phishing attacks to their employees

Fortune reported: "Each fall, Facebook hosts an event called Hacktober in which its security experts attempt to trick employees into falling for common hacking tricks such as phishing ...
Continue Reading

SHOCKER: Data Breaches Cost Big Companies Very Little

Two articles today in Fortune Magazine and Harvard Business Review each lifted a piece of the veil about a dirty little secret about data breaches. From Home Depot to Target to Sony, big ...
Continue Reading

Police Pay Ransom After Ransomware Phishing Attack

TEWKSBURY – Last December Tewksbury Police confronted a new, and growing, frontier in cyberterrorism when the CryptoLocker ransomware virus infected the department’s network, encrypting ...
Continue Reading

35 percent of Kansas City Employees Turn Out Phish-prone

From the Kansas City Star: Would-be hackers duped 35% of Kansas City employees into opening the door to municipal computer systems sometime in the last six months, a city audit report ...
Continue Reading

How to get your Phish-prone percentage up. Up? Yes, Up.

Something surprising happened last week. A few of our customers reported that their phish-prone percentage was going up. Up? Yes, up. Not something you normally would expect or ...
Continue Reading

China Finally Admits It Has A Hacker Army

China finally admits it has special cyber warfare units — and a lot of them. This is the "advanced persistent threat" cyber security experts have been pointing to.
Continue Reading

Banking Regulator Issues New Phishing Alert

The National Credit Union Administration, (NCUA) warns netizens about phishing emails containing links to a fraudulent website that resembles the NCUA are being pushed to consumers.
Continue Reading

CyberheistNews Vol 5 #11 Ransomware: Pay Up Or Fight. What Would You Do?

Ransomware: Pay Up Or Fight. What Would You Do? Ask security experts what to do when hit with ransomware -- the sophisticated malware that infects a device or network, uses military-grade ...
Continue Reading

Spear Phishing Attack Nearly Costs FL City $500K

A spear-phishing last month at Orange Park City Hall almost got away with $500,000 from the city's bank account. Fortunately it was caught in time so that a wire transfer that already had ...
Continue Reading

Scam Of The Week: Phishing For Apple Watch

This week, Apple had their big Apple Watch release event, and the press is full of news about the models and pricing. Pundits are sprinkling their predictions about features and future ...
Continue Reading

New CryptoWall Attack Uses Malicious Help File Attachments

A new CryptoWall attack wave has hit end-users with phishing emails containing malicious .chm attachments that infect networks with the latest and most sophisticated file-encrypting ...
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews