Security Awareness Training Blog

Phishing Blog

Learn about current phishing techniques, notable campaigns and attacks, what to watch out for 'in the wild', and more.

Spear-phishing attacks hit gas pipeline networks

A Homeland Security Department cyber response team focusing on industrial control systems has issued a warning to the natural gas pipeline industry of targeted cyberattacks that have ...
Continue Reading

I am a malware coder and botnet operator

This is a discussion on Reddit, where a (presumably Polish) malware coder and botnet operator very candidly answers questions from people. This is a fascinating but rather technical read, ...
Continue Reading

The Average Cyberespionage Attack Goes On For 416 Days

WIRED Mag has a great article by Kim Zetter. It boils down to the fact that high-level hackers are able to get and stay in your network. And even if you are able to kick them out, they ...
Continue Reading

Symantec Report Says User Behavior is Root of Most Breaches

Tracy Kitten over at BankInfoSecurity spotted something interesting in Symantec's recent Internet Security Threat Report. This is the upshot: "Which Internet security threats pose the ...
Continue Reading

$1,000 Walmart Gift Card Scam Inflates Your Phone Bill

We have seen crooked Walmart gift card offers before, but now and then I run across one that's craftier than earlier versions. And as usual, you do not get the gift card, but a high dose ...
Continue Reading

Proof: Antivirus Only Defends Against Low-skilled Attackers

The SANS Computer Forensics and Incident Response team built a real-life network for their students so they could learn how to hack into the network. They put McAfee enterprise endpoint ...
Continue Reading

Scam Of The Week: Fake Storage Upgrades

Phishers are now offering fake storage upgrades. Symanted reported: "Customers of popular email service providers have been a common target for phishers for identity theft purposes. ...
Continue Reading

Bogus PayPal payment alert causes malware infection

Gary Warner just reported: "A new malicious spam campaign has just launched this morning targeting Paypal users. This malware campaign attempts to "social engineer" users into clicking a ...
Continue Reading

Cybercrime uses hidden file extensions to trick users

Symantec contributor Fred Gutierrez shows clearly in this blog post why it can be deadly to click on a .JPG file: "Cybercriminals have continuously evolved their methods throughout the ...
Continue Reading

Make sure 'challenge questions' aren't a backdoor into your account!

The Lookout Mobile Security Blog pointed out something important. Patty talked about the man who hacked hollywood: "Finding a working e-mail address was a simple process of trial and ...
Continue Reading

Omaha cast net that caught cyberthieves

Matthew Hansen, World-Herald Staff Writer just wrote a great article that illustrates what I have been warning about these last years. It starts out like this: "Imagine for a moment that ...
Continue Reading

2012 Doomsday Scam Continues to Serve up Doom, Giftcards

Chris Boyd over at GFI wrote: "If we survive the Mayan Apocalypse of 2012, does that mean we’re technically immortals? I’ve no idea, but it will probably mean we don’t see quite as many ...
Continue Reading

How to Start an IT Security Awareness Program

Mike Chapple is an IT professional and assistant professor of computer applications at the University of Notre Dame. He wrote at biztechmagazine:"Are your users aware of their ...
Continue Reading

Check Out This NY Traffic Ticket Phish!

Kevin Mitnick sent this phish over. It's a classic attempt to get you to avaid a problem, but the moment you click this link, life will become a lot more painful. So... Stop. Look. Think ...
Continue Reading

The Latest Anti-Phishing Working Group Report

This week, the new APWG Global Phishing Report is being today at the Anti-Phishing Working Group meeting in Prague. This report is published every six months, detailing how phishers are ...
Continue Reading

Bogus Olympics 2012 Email Warning Blindside Users With Malware

The upcoming London Olympics is undoubtedly one of the most highly-anticipated sports event of the year. It is also a favorite social engineering ploy among cybercriminals. Just recently, ...
Continue Reading

Scam Of The Week: 'The Evil Unsub'

An ordinary piece of spam slips through the filters, and you see a gorgeous sandy beach with palm trees. It's an enticing ad for a vacation to a tropical island, basically a big picture ...
Continue Reading

Six Steps To Successful Security Awareness Training

Continue Reading

Video: How a crimepack works

Cybercriminals are as organized and industrious as any legitimate business. Case in point: exploit kits, also known as crimepacks, which bad guys can purchase and which make infecting ...
Continue Reading

SMS-controlled Malware Hijacks Android Phones

Researchers at NQ Mobile, working alongside researchers at North Carolina State University, have discovered new Android malware that is controlled via SMS that can do a number of things ...
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews