Security Awareness Training Blog

Phishing Blog

Learn about current phishing techniques, notable campaigns and attacks, what to watch out for 'in the wild', and more.

CTO of media company faked-out employees with "phishing" emails

There is a fascinating article in SC Magazine dated July 3, 2013 which tells the story of Atlantic Media Chief Technology Officer Tom Cochran, who blasted out a simulated phishing email ...
Continue Reading

Snowden Exfiltrated NSA Files On Thumb Drive

It appears that Edward Snowden used a thumb drive to exfiltrate the Top Secret files documents from NSA's network. The US DoD banned the use of flash drives in 2008 after Defense systems ...
Continue Reading

New Fun Little Quiz: How Phish-prone Are You?

We created a fun new little quiz you could send to your users!
Continue Reading

The Seven Deadly Social Engineering Vices

(updated June 17, 2015) You may not be aware that there is a scale of seven deadly vices connected to social engineering. The deadliest social engineering attacks are the ones that have ...
Continue Reading

Webroot Spots NATO Job Apps Lead To Malware

This one qualifies as a Scam Of The Week and it's a good one to forward to your employees.
Continue Reading

0-Day Threats and Security Awareness

OK, we all know that there is a lively trade in 0-day threats. Often this is an unknown vulnerability in a popular browser that is not fixed yet. Microsoft recently announced they fixed ...
Continue Reading

Phishing Scam Of The Week: Walmart.com

Wal-Mart took special effort this week and warned customers of an unusually 'high quality' phishing email that tries to get personal and credit information. They stated on their corporate ...
Continue Reading

Facebook 'Fraud-as-a-Service' Promoted Via Google

You may have read CyberheistNews Vol 3, #19, which had 'Fraud-as-a-service Goes Mainstream' as its headline. Here is a follow up on that. You can now download apps that hack Facebook, and ...
Continue Reading

We hired 3 more people, the office is getting full !

We had three more people start this week, two in sales and one to help our channel partners. The office is getting full! Our Kevin Mitnick Security Awareness Training is doing GREAT. We ...
Continue Reading

Do This Phishing IQ Test!

Did you know that SonicWall has an interesting Phishing IQ test on their website?
Continue Reading

Consumer Reports: 9.2 Million Phishing Victims Last Year

Consumer Reports today came out with some numbers that should give you pause. 9.2 Million Americans fell victim to a phishing attack last year, and a whopping 58.2 Million had a malware ...
Continue Reading

$1Million Cyberheist From Leavenworth Hospital

Kevin Mitnick sent me an article that illustrates why it is needed to train all employees not to fall for hacker tricks: "Friday, April 26, 2013 - WENATCHEE — Hackers stole more than $1 ...
Continue Reading

Fraud-as-a-service Goes Mainstream

Continue Reading

10 Tips To Secure Funding For A Security Program

Over at the CSO site, Dominic Nessi, CIO for Los Angeles World Airports, outlines ten essential tips for getting your financial team on board with your security funding requests.
Continue Reading

Phishing Confusion Example

So, yesterday I received this email from my Identity Theft Provider. Been with them since 2008 so I know how their emails look. Normally I get the "all clear" signal once a month, but ...
Continue Reading

Automated Twitter DM Spear Phishing

Automated Twitter DM Spear Phishing. It was to be expected. Cyber criminals now are able to scrape your followers from Twitter, and send you a Direct Message (DM) supposedly coming from ...
Continue Reading

28 Percent of Data Breaches Lead to Fraud

Continue Reading

PDF 0-day Vulnerability Being Exploited In The Wild

Last week, Adobe warned customers that a few new exploits that target Acrobat Reader were being exploited in the wild. Keep an eye out for patches that are expected soon. The exploits are ...
Continue Reading

Security firms slow to react to spear phishing like that used in China hack

Antone Gonsales at the CSO site hits the nail on the head: "Email security vendors have failed to do enough to protect customers against advanced cyberattacks like the one recently linked ...
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews