Security Awareness Training Blog

Social Engineering Blog

Latest social engineering news, analysis, tactics the bad guys are using and what you can do to defend your organization.

Bad News from the (Fake) CDC: You've Got Malware

Malicious actors continue to probe organizations' security and defenses with malicious emails explicitly crafted to create and exploit sense of panic in the wake of the COVID-19. Over the ...
Continue Reading

Malicious Actors Release Coronavirus Guidelines for America

You already knew this was going to happen. It was just a matter of waiting. Fast on the heels of the release of President Trump's "Coronavirus Guidelines for America," malicious actors ...
Continue Reading

A new ransomware strain called 'Save the Queen’, distributes itself from your own Domain Controllers

Sophisticated cybercriminals have continuously improved the effectiveness of ransomware attacks,  according to Yaki Faitelson, co-founder and CEO of Varonis. In an article for Forbes, ...
Continue Reading

New Potential Phishing Scam Begins with A Phone Call

A recent suspicious phone call was brought to our attention. It looks to be the beginning of a phishing campaign and demonstrates the lengths cybercriminals will go to in order to ensure ...
Continue Reading

70% to 90% of All Malicious Breaches are Due to Social Engineering and Phishing Attacks

If you’ve heard me speak the last two years, read any of my articles, or watched any of my webinars, you’ve probably heard me say, “Seventy to ninety percent of all malicious breaches are ...
Continue Reading

The Dilemma: Should you phish test during the COVID-19 pandemic?

By Perry Carpenter,  KnowBe4 Chief Evangelist and Strategy Officer. There’s no question, these are challenging times. Employees and organizations around the world are doing their best to ...
Continue Reading

Trends in Phishing, as Seen From a Mountain View

Researchers from Google’s Threat Analysis Group (TAG) released details on recent state-sponsored phishing campaigns from around the world. The researchers said that Google’s phishing ...
Continue Reading

Hospitality Provider the Target of an Old-School BadUSB Social Engineering Attack

In what appears to be a mix of old- and new-school social engineering, an attack spotted in the wild using a USB thumb drive offers us a view into how one company could have become the ...
Continue Reading

Inception: Your Employee's Mind is the Scene of the Crime

I loved the movie Inception when it came out. It had everything, a stellar cast, amazing visuals, a strong plot, and a twisted end that still has me wondering whether or not they were in ...
Continue Reading

[HEADS UP] Cybercriminals Attempt to Exploit Stimulus Package for COVID-19

In several recent blog posts we've showed you the myriad ways in which malicious actors have aggressively -- even ruthlessly -- deployed social engineering tactics to leverage the ...
Continue Reading

New KnowBe4 Benchmarking Report Finds 37.9% of Untrained End Users Will Fail a Phishing Test

The 2020 Phishing By Industry Benchmarking Report compiles results from the third annual study by KnowBe4 and reveals at-risk users across 19 industries that are susceptible to phishing ...
Continue Reading

An Intimate Look at a Nigerian Social Engineer

Researchers at Check Point offer a look at a Nigerian citizen who moonlights as a cybercriminal who uses social engineering techniques.  The man, whom the researchers call “Dton,” ...
Continue Reading

Just How Lucrative is Cybercrime? According to New Charges Against One Gang, $30 Million Lucrative

The recent arrest and charging of a gang of 24 U.S.-based cybercriminals in Atlanta demonstrates how easy it is to become a cybercriminal and use social engineering tactics to fool people ...
Continue Reading

[Heads-Up] Feeding Frenzy: COVID-19 Phishing Attacks Surge as U.S. Reels from Pandemic

By Eric Howes,  KnowBe4 Principal Lab Researcher. Having already published three blog pieces on the epidemic of Coronavirus-themed phishing emails and spam/scam offerings online (see ...
Continue Reading

Organizations Need To Be Wary Of Home Worker Phishing Risks

Security experts warn that phishing attacks against home workers will rise.
Continue Reading

The Effectiveness of Educating End Users With a Test-Out Quiz

Use a “test-out” quiz as a way to get people who are normally resistant to training to proactively take the training. They think they are taking a quiz to avoid the training, but in ...
Continue Reading

Coronavirus-Themed Simulated Phishing Templates

The following templates were added to the console this morning:
Continue Reading

Hackers Use Interactive Malicious COVID-19 Map to Spread Malware

Cybercriminals constantly latch on to news items that captivate the public’s attention, but usually they do so by sensationalizing the topic or spreading misinformation about it. ...
Continue Reading

U.S. Homeland Security: "Malicious Actors Expected To Focus Attacks On Teleworkers. Secure Your VPN"

The Department of Homeland Security's cybersecurity agency this week shared tips on how to properly secure enterprise virtual private networks (VPNs) seeing that a lot of organizations ...
Continue Reading

[Heads Up] Your Exfiltrated Ransomware Data Is Now Used To Spearphish Your Business Partners

Ransomware operators are continually improving their tactics to ensure more lucrative payouts, according to Information Security Media Group (ISMG). Over the past several years, attackers ...
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews