Security Awareness Training Blog

Social Engineering Blog

Latest social engineering news, analysis, tactics the bad guys are using and what you can do to defend your organization.

Coronavirus-Themed Simulated Phishing Templates

The following templates were added to the console this morning:
Continue Reading

Hackers Use Interactive Malicious COVID-19 Map to Spread Malware

Cybercriminals constantly latch on to news items that captivate the public’s attention, but usually they do so by sensationalizing the topic or spreading misinformation about it. ...
Continue Reading

U.S. Homeland Security: "Malicious Actors Expected To Focus Attacks On Teleworkers. Secure Your VPN"

The Department of Homeland Security's cybersecurity agency this week shared tips on how to properly secure enterprise virtual private networks (VPNs) seeing that a lot of organizations ...
Continue Reading

[Heads Up] Your Exfiltrated Ransomware Data Is Now Used To Spearphish Your Business Partners

Ransomware operators are continually improving their tactics to ensure more lucrative payouts, according to Information Security Media Group (ISMG). Over the past several years, attackers ...
Continue Reading

[Heads Up!] A Whopping 21 Percent of Phishing Attack URLs Are Not Detected As Malicious For Days After They Go Live

New data from Akamai provides insight into why phishing attacks are making it all the way to the endpoint… and why they can trick users so easily into becoming a victim.
Continue Reading

Secret Service Warning: Exploiting the Coronavirus for Fraud and Profit.

By Eric Howes,  KnowBe4 Principal Lab Researcher. On Monday of this week we published a review of the coronavirus-themed emails that had been reported to us by customers using the Phish ...
Continue Reading

Exploiting the Coronavirus: The Spammers, the Scammers, and the Bad Guys

By Eric Howes,  KnowBe4 Principal Lab Researcher. If you've been paying attention to the news over the past week or so, you've undoubtedly noticed that the majority of the stories on your ...
Continue Reading

Use Advocates to Spread Your Security Awareness Training Program

I’ve always been a big fan of train-the-trainer programs. Even if you are a great computer security consultant and trainer, there is a limit to what you, one person or one team, can do. ...
Continue Reading

Social Security Administration Warns of Phone Scams On March 5th "Slam The Scam Day"

The Social Security Administration in Association with the Federal Trade Commission's (FTC) National Consumer Protection Week, want to remind everyone that scammers are now targeting ...
Continue Reading

Bogus Singapore Police Site Serves as a Watering Hole

The Singapore Police Force (SPF) released an advisory warning about a phishing site that’s spoofing the Force’s website, Channel News Asia reports. The bogus website informs the user that ...
Continue Reading

Verizon: More Than Half of Users Click on Multiple Phishing Links. Social Engineering, Innovation are Responsible

The latest data from Verizon’s 2020 Mobile Security Index report shows that both consumer and business users make it all too easy for cyberattackers to fool them into becoming a victim.
Continue Reading

An Influence or Wire Fraud?

A 22-year-old Instagram and YouTube influencer named Kayla Massa has been arrested after allegedly convincing her followers to assist her in a fraud scheme, Quartz reports. Prosecutors ...
Continue Reading

39 Percent of Organizations Were Victims of a Mobile Attack Despite Improved Security

Brand new data from Verizon shows businesses sacrificed when it comes to mobile security; a decision that caused compromises with impacts well-beyond just a simple breach.
Continue Reading

Why Minimizing Human Error is the Only Viable Defense Against Spear Phishing

Phishing attacks have become one of the business world's top cybersecurity concerns. These social engineering attacks have been rising over the years, with  the most recent report from ...
Continue Reading

Spamming Tools are a Commodity in the Criminal Underworld

Cheap and easy-to-use phishing kits and other social engineering tools are readily available for purchase on the black market, according to researchers at Digital Shadows. Criminals ...
Continue Reading

WSJ: "Losing $450,000 in Three Days: Hackers Trick Victims Into Big Wire Transfers"

Rachel Louise Ensign wrote a great story for the WSJ about CEO Fraud, also known by the FBI as Business Email Compromise. I'm quoting an extract and I strongly recommend sending a link to ...
Continue Reading

[EYE-OPENER] Dutch Minister Of Justice And Security: "Fighting Phishing Starts With Awareness"

"The fight against phishing starts with raising the awareness of internet users, stated Justice and Security Minister Grapperhaus. He responded to figures from Dutch banks showing that ...
Continue Reading

[Heads-up] Ransomware Criminals Hack An Accounting Company And Cause A Data Breach For Their Customers

Last December, a ransomware infection of Albany, New York-based accounting firm BST & Co. CPAs LLC exposed the confidential data of their customers, causing a data breach for one of their ...
Continue Reading

Here Is A Real-life Bank Phone Scam Blocked By A Security Awareness Trained Employee

Brad Mathis at our partner Keller Schroeder sent me the following real-life story from Matt, a KnowBe4 Security Awareness Training client...
Continue Reading

Phishing URLs Increase 640% as Organizations (Finally!) Embrace Security Awareness Training

The latest data from security vendor Webroot shows how cybercriminals are changing their attack methods and targets – and how Security Awareness Training makes the difference.
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews