Security Awareness Training Blog

Phishing Blog

Learn about current phishing techniques, notable campaigns and attacks, what to watch out for 'in the wild', and more.

F-Secure Cautions about Fresh Olympic-themed Spam

F-Secure the security company based in Finland has recently cautioned that spam mails themed on the Olympics are targeting Internauts while carrying web-links to one malevolent PDF file ...
Continue Reading

Fake LinkedIn Emails To Reset Your Password

Since LinkedIn had their IPO, they have been in the news a lot more, even if only to compare them with the recent Facebook IPO Debacle. But the better known you are, the bigger target you ...
Continue Reading

Malicious PowerPoint File Contains Exploit, Drops Backdoor

TrendLabs discovered a malicious MS PowerPoint document that arrives attached to email messages. The file contains an embedded Flash file, which exploits a software bug found in specific ...
Continue Reading

Chinese hacker brings grief to Calgary’s Catholic school system

Hackers will find any mail server that is not protected and/or configured correctly and use it to send out as much spam as possible. This gets the unsuspecting organization blacklisted ...
Continue Reading

New Cyberweapon 'Flame': CIA and Mossad Coproduction

'Flame', the most sophisticated piece of malware to date, was discovered by the International Telecommunication Union (ITU) and Kaspersky Lab. This code is more complex and has more ...
Continue Reading

Banks warned of sophisticated new online scam

Antone Gonsalves at NetworkWorld got this story first. Here is how the scam works, so do not fall for it. You can recognize it by the grammar and spelling mistakes. "The cyber-criminals ...
Continue Reading

VIDEO The Top 5 Online Security Traps And How To Avoid Them

GFI is one of the few antivirus vendors that understands the importance of prevention and end-user training. They produced this useful video that in two minutes illustrates the top 5 ...
Continue Reading

Gmail Security Hole Allows Hackers To Automate Social Engineering Trick

Christopher Mims over at Technology Review was the first one to report on this. A large Gmail security hole could lead to mass harvesting of accounts, as hackers can automate this social ...
Continue Reading

Hackers Target the Weakest Link: The End User

I was interviewed by Jeremy Quittner yesterday. Here is how he started his article in American Banker today: "It took Stu Sjouwerman, the founder and chief executive of security firm ...
Continue Reading

Guessable Passwords: The Unpatchable Exploit

Monday morning, I found a tweet by @INFOSECSchool with the above title. I admit, it's a catchy phrase and sure enough, IF you allow easy passwords, it's an invitation to get hacked. This ...
Continue Reading

Fake Amex ID Verification

[caption id="" align="alignleft" width="260" caption="Fake Amex ID Verification"][/caption] OK, here is another one to warn everyone about, especially the employees that have a ...
Continue Reading

Russia's most effective cybercriminals

Rod Rasmussen over at SecurityWeek has a really interesting article about a Russian cyber gang driving a massive wave of fraud: "Tucked away in a small town outside Moscow, Russia one of ...
Continue Reading

Spear-phishing attacks hit gas pipeline networks

A Homeland Security Department cyber response team focusing on industrial control systems has issued a warning to the natural gas pipeline industry of targeted cyberattacks that have ...
Continue Reading

I am a malware coder and botnet operator

This is a discussion on Reddit, where a (presumably Polish) malware coder and botnet operator very candidly answers questions from people. This is a fascinating but rather technical read, ...
Continue Reading

The Average Cyberespionage Attack Goes On For 416 Days

WIRED Mag has a great article by Kim Zetter. It boils down to the fact that high-level hackers are able to get and stay in your network. And even if you are able to kick them out, they ...
Continue Reading

Symantec Report Says User Behavior is Root of Most Breaches

Tracy Kitten over at BankInfoSecurity spotted something interesting in Symantec's recent Internet Security Threat Report. This is the upshot: "Which Internet security threats pose the ...
Continue Reading

$1,000 Walmart Gift Card Scam Inflates Your Phone Bill

We have seen crooked Walmart gift card offers before, but now and then I run across one that's craftier than earlier versions. And as usual, you do not get the gift card, but a high dose ...
Continue Reading

Proof: Antivirus Only Defends Against Low-skilled Attackers

The SANS Computer Forensics and Incident Response team built a real-life network for their students so they could learn how to hack into the network. They put McAfee enterprise endpoint ...
Continue Reading

Scam Of The Week: Fake Storage Upgrades

Phishers are now offering fake storage upgrades. Symanted reported: "Customers of popular email service providers have been a common target for phishers for identity theft purposes. ...
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews