Security Awareness Training Blog

Phishing Blog

Learn about current phishing techniques, notable campaigns and attacks, what to watch out for 'in the wild', and more.

Espionage Botnets

[caption id="" align="alignleft" width="300" caption="Espionage Botnets"][/caption] Brian Krebs just blogged about something very interesting. "A security researcher who’s spent 18 months ...
Continue Reading

Bank Sues Customer Over ACH/Wire Fraud

[caption id="" align="alignleft" width="180" caption="Bank Sues Customer"][/caption] Tracy Kitten at BankInfo Security reported on this: "In another legal wrangling over liability linked ...
Continue Reading

Scam Of The Week Payroll Phish

The nakedsecurity blog over at Sophos highlighted a new phishing scam that would be good to alert your employees about. The bad guys are pretending to be payroll processing company ADP. ...
Continue Reading

Malware Metastasizes

A few days ago I wrote about a 60 million Euro cyberheist. I have been digging into this a bit more, as it's the most advanced attack yet. Cybercrime is not revolutionary, it clearly ...
Continue Reading

Why pill pushing spam pays off

Brian Krebs is on a roll. Here is why pill pushing spam pays off. "Consumer demand for cheap prescription drugs sold through spam-advertised Web sites shows no sign of abating, according ...
Continue Reading

OMG - I did not know it was THIS horrible.

More from Brian Krebs's astounding blog post today. "As the chart I compiled above indicates, attackers are switching the lure or spoofed brand quite often, but popular choices include ...
Continue Reading

A Closer Look: Email-Based Ransomware Attacks

With the increase of email phishing attacks being the primary attack vector, ransomware payments have risen to 60%, it's important to take a closer look at email-based ransomware attacks.
Continue Reading

F-Secure Cautions about Fresh Olympic-themed Spam

F-Secure the security company based in Finland has recently cautioned that spam mails themed on the Olympics are targeting Internauts while carrying web-links to one malevolent PDF file ...
Continue Reading

Fake LinkedIn Emails To Reset Your Password

Since LinkedIn had their IPO, they have been in the news a lot more, even if only to compare them with the recent Facebook IPO Debacle. But the better known you are, the bigger target you ...
Continue Reading

Malicious PowerPoint File Contains Exploit, Drops Backdoor

TrendLabs discovered a malicious MS PowerPoint document that arrives attached to email messages. The file contains an embedded Flash file, which exploits a software bug found in specific ...
Continue Reading

Chinese hacker brings grief to Calgary’s Catholic school system

Hackers will find any mail server that is not protected and/or configured correctly and use it to send out as much spam as possible. This gets the unsuspecting organization blacklisted ...
Continue Reading

New Cyberweapon 'Flame': CIA and Mossad Coproduction

'Flame', the most sophisticated piece of malware to date, was discovered by the International Telecommunication Union (ITU) and Kaspersky Lab. This code is more complex and has more ...
Continue Reading

Banks warned of sophisticated new online scam

Antone Gonsalves at NetworkWorld got this story first. Here is how the scam works, so do not fall for it. You can recognize it by the grammar and spelling mistakes. "The cyber-criminals ...
Continue Reading

VIDEO The Top 5 Online Security Traps And How To Avoid Them

GFI is one of the few antivirus vendors that understands the importance of prevention and end-user training. They produced this useful video that in two minutes illustrates the top 5 ...
Continue Reading

Gmail Security Hole Allows Hackers To Automate Social Engineering Trick

Christopher Mims over at Technology Review was the first one to report on this. A large Gmail security hole could lead to mass harvesting of accounts, as hackers can automate this social ...
Continue Reading

Hackers Target the Weakest Link: The End User

I was interviewed by Jeremy Quittner yesterday. Here is how he started his article in American Banker today: "It took Stu Sjouwerman, the founder and chief executive of security firm ...
Continue Reading

Guessable Passwords: The Unpatchable Exploit

Monday morning, I found a tweet by @INFOSECSchool with the above title. I admit, it's a catchy phrase and sure enough, IF you allow easy passwords, it's an invitation to get hacked. This ...
Continue Reading

Fake Amex ID Verification

[caption id="" align="alignleft" width="260" caption="Fake Amex ID Verification"][/caption] OK, here is another one to warn everyone about, especially the employees that have a ...
Continue Reading

Russia's most effective cybercriminals

Rod Rasmussen over at SecurityWeek has a really interesting article about a Russian cyber gang driving a massive wave of fraud: "Tucked away in a small town outside Moscow, Russia one of ...
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews