Security Awareness Training Blog

Social Engineering Blog

Latest social engineering news, analysis, tactics the bad guys are using and what you can do to defend your organization.

POTRAZ Warns of Phishing Scams

The Postal and Telecommunications Regulatory Authority of Zimbabwe (POTRAZ) has issued a warning regarding an increase in email and SMS phishing attacks, the Chronicle reports. Dr. Gift ...
Continue Reading

[HEADS UP] New Dutch Data Breach Report Warns of Explosive Increase in Cyber Attacks and Stolen Personal Data

The Dutch Data Protection Authority (AP) recently measured the number of reports of data theft in 2020 and the number of attacks skyrocketed. The report documented that it increased no ...
Continue Reading

New York State Education Department Warns of Phishing Campaign

The New York State Education Department (NYSED) released an advisory warning that scammers are impersonating its employees in an attempt to steal social security numbers and money. The ...
Continue Reading

Bogus FedEx and DHL Phishbait

Researchers at Armorblox describe an ongoing phishing campaign that’s using phony FedEx and DHL shipping notifications as phishing lures.
Continue Reading

Running Headfirst Into a Breach

The pandemic changed the fortunes of many organisations. Perhaps none so much as Zoom, which has found itself becoming a noun synonymous with any form of video call.
Continue Reading

More NHS-Themed COVID-19 Vaccine Phishing

A phishing campaign spoofing the UK’s National Health Service has surged its output, Infosecurity Magazine reports. Researchers at Mimecast warn that the attackers behind the campaign are ...
Continue Reading

[HEADS UP] Texas Electric Company Warns of Scam Involving Losing Power

With the recent weather crisis in Texas, victims are afraid their power could be cut off. One electric utility company in Texas warns of scams that are threatening customers that their ...
Continue Reading

The First Documented Russian Hack in...1981?

I'm reading "Active Measures: The Secret History of Disinformation and Political Warfare" by Thomas Rid and wanted to share this story with you which was new to me! It's warmly ...
Continue Reading

Be on the Watch for W-2 Phishing Scams!

With tax season just around the corner, this simple, yet effective social engineering theme is perfect to get users to respond to phishing attacks exactly the way the bad guys want.
Continue Reading

The Cybersecurity Book You Should Read

Recently Cyber Defense Magazine released the top 100 cybersecurity books and the top recommended book is one of our Top Faves as well.
Continue Reading

KnowBe4 Adds New Language Localization Options to its Security Awareness Training and Simulated Phishing Platform

We are excited to announce the availability of KnowBe4’s new localization options for the Admin Console and Learner Experience. You can now set your default language for three ...
Continue Reading

Phishing and Impersonated Brands

Microsoft is still the most impersonated brand for phishing campaigns, according to researchers at Vade Secure. The security firm spotted 30,621 unique Microsoft-related phishing URLs in ...
Continue Reading

New Novel Campaign Targeting Security Researchers Uses Really Creative Social Engineering to Fool Victims

Pretending to be security researchers themselves, this group of cybercriminals went to great lengths to make sure legitimate security researchers would fall for the attack.
Continue Reading

[Scary?] AI Can Now Learn To Manipulate Human Behavior

The Conversation just published something I have been worried about for a while now. Scary? Could be getting that way sometime soon.  They said: "Artificial intelligence (AI) is learning ...
Continue Reading

[New E-Book] Comprehensive Anti-Phishing Guide

Spear phishing emails remain a top attack vector for the bad guys, yet most companies still don’t have an effective strategy to stop them.
Continue Reading

It’s Not Only About the URL

You have to look at the totality of an email to determine whether it is a phishing attack or not.
Continue Reading

[HEADS UP] NHS Issues Warning as UK COVID-19 Vaccine Scams Are Still Running Rampant

The National Health Service (NHS) in the UK recently sent a warning that cybercriminals are using social engineering tactics to target people wanting a COVID-19 vaccine email that is ...
Continue Reading

US Gmail Users Are Preferred Phishing Targets

Google has found that most phishing attacks (42%) target Gmail users in the US. Users in the UK were the second most targeted, with 10% of attacks. Japan came in third with 5% of phishing ...
Continue Reading

New Phishing Attack Uses Google Firebase to Trick Microsoft and Achieve a Spam Confidence Level of Just 1

This new phishing scam takes advantage of inherent trust in credible domains to get past the scrutiny of even Microsoft to trick Office 365 users into giving up their online credentials.
Continue Reading

Cannabis Company Loses Millions in BEC Scam

Australian medicinal cannabis company Cann Group has lost $3.6 million in a business email compromise (BEC) attack, Stockhead reports. The company had thought it was paying an unnamed ...
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews