Don't Overlook Policy When Designing Security

Jul 23, 2020 8:30:53 AM By Stu Sjouwerman

There’s no single defense against phishing and other social engineering attacks, according to Kevin O’Brien, CEO and co-founder of email security company GreatHorn. On the CyberWire’s ...

I Testified Before U.S. Congress About COVID-19 Phishing Scams

Jul 22, 2020 8:51:55 PM By Stu Sjouwerman

Yesterday, July 21, 2020 I testified before U.S. congress about COVID-19 phishing scams. I was invited by the Senate Commerce Committee's subcommittee on manufacturing, trade, and ...

KnowBe4 Releases New Training Module: Face Masks At Work: 8 Essential Tips

Jul 22, 2020 1:58:03 PM By Stu Sjouwerman

Our team has been working on building a whole new course library of new compliance topics that will likely release sometime in 2021.

“Service Desk” Phishes in Enterprise Waters

Jul 22, 2020 9:26:52 AM By Stu Sjouwerman

A phishing campaign is impersonating an IT help desk and abusing legitimate cloud services to fool users, according to Ax Sharma at BleepingComputer. The emails are sent from the ...

Brand-New Tool: Browser Password Inspector Helps Find Risky Passwords Your Users Save in the Browser

Jul 22, 2020 7:00:00 AM By Stu Sjouwerman

Cybercriminals are always looking for easy ways to hack into your network and steal your users’ credentials.

Emotet Returns Using Familiar Phishing Tactics

Jul 21, 2020 8:29:11 AM By Stu Sjouwerman

Emotet, the venerable commodity banking Trojan, is being actively distributed again, according to researchers at Malwarebytes. Emotet’s botnets began sending out phishing emails on July ...

New “servicedesk.com” Phishing Attack Uses Microsoft, IBM Cloud Services to Add Legitimacy

Jul 20, 2020 11:38:15 AM By Stu Sjouwerman

Focused on stealing victim credentials, this new attack uses a number of tactics to establish credibility, avoid raising red flags, and ensure they get the victim’s real credentials.

Phishing Attack in Finland Uncovers Sophisticated Smishing Scheme

Jul 20, 2020 8:51:32 AM By Stu Sjouwerman

The Helinski Police Department is investigating a sophisticated smishing scheme in which attackers were able to steal more than 200,000 euros (US$228,736), Yle reports. The scammers sent ...

Phorpiex Botnet Attacks Spike So High in June, 2% of All Organizations Were Hit

Jul 17, 2020 11:44:33 AM By Stu Sjouwerman

The rise in the use of this dangerous botnet, notorious for distributing malware via phishing campaigns and responsible for fueling Sextortion scams, should put organizations on edge.

Expect to See Data Theft as Part of More Ransomware Attacks in the Future

Jul 17, 2020 11:40:52 AM By Stu Sjouwerman

With data theft currently experienced in 10% of ransomware attacks, experts predict this trend to increase as cyber criminals look for ways to ensure ransom payment.

Impermissible: Be Suspicious of Permission Requests

Jul 17, 2020 8:26:40 AM By Stu Sjouwerman

Users need to be wary of requests for information or permissions, even if they appear to come from legitimate sources, according to Don MacLennan, Senior Vice President of Engineering and ...

Microsoft Warns of Application-based Phishing

Jul 16, 2020 8:38:51 AM By Stu Sjouwerman

Microsoft has issued an advisory warning about “consent phishing,” or application-based phishing attacks that rely on users granting permissions to malicious apps. These attacks aren’t as ...

[Heads Up] Twitter Employees Fall For Social Engineering Attack And The Bad Guys Get "God Mode"

Jul 16, 2020 8:00:27 AM By Stu Sjouwerman

A number of high-profile Twitter accounts were hacked including those of Elon Musk, Bill Gates, Kanye West, Joe Biden and Barack Obama. This is clearly the worst hacking incident in ...

[ALERT] More Than 10% of Ransomware Attacks Now Involve Data Theft / Data Breach

Jul 15, 2020 11:04:52 AM By Stu Sjouwerman

Research into recent ransomware submissions from TripWire revealed that more than a tenth of crypto-malware infections now involve some element of data theft.

Scammers Impersonate Hospital Personnel

Jul 15, 2020 8:24:41 AM By Stu Sjouwerman

Scammers are seeking to obtain personal information by impersonating Canadian hospital staff over the phone, NEWS 1130 reports. Vancouver Coastal Health issued an alert in which the ...

The Bad News: Only 5% of Your Users Can Effectively Spot a Phishing Attack

Jul 14, 2020 5:02:14 PM By Stu Sjouwerman

A recent phishing quiz promoted to U.K. users to see if they could identify the phish revealed dismal results where nearly all users couldn’t tell the difference 100% of the time.

[Heads Up] Scam of The Week: Watch Out For This COVID Class Action Workplace Lawsuit

Jul 14, 2020 12:44:52 PM By Stu Sjouwerman

Major Law Firm Fisher Philips warned that COVID-19 workplace lawsuits are increasing exponentially. Of the 283 recent COVID-19 workplace lawsuits tracked, 122 of them, or 43%, were filed ...

DMs Promise Enhanced Pictures, but Deliver Malicious Links

Jul 14, 2020 8:21:53 AM By Stu Sjouwerman

Scammers are sending phishing messages on Instagram telling users to check out some edited versions of their photos, according to John Finn at Screen Rant. Finn explains that the scammers ...

Ragnar Locker Ransomware Attacks Energy Company, Potentially Stealing 10TB in Data

Jul 13, 2020 7:03:00 AM By Stu Sjouwerman

In a letter to customers, EDP Renewables North America CEO acknowledges the attack occurred back in April of this year, but claims “no evidence” of data theft exists.

Thanos Ransomware Attacks Now Disable Backups, Avoid Detection, and Impersonate the OS

Jul 13, 2020 7:02:00 AM By Stu Sjouwerman

Recent updates to the well-known Ransomware-as-a-Service – including the addition of RIPlace – make Thanos a formidable challenge for even well-secured organizations.

Security Awareness Training Blog