Security Awareness Training Blog

Keeping You Informed. Keeping You Aware.

SEC Phishing Emails Target Execs For Inside Info

A sophisticated phishing attack is trying to get confidential corporate information. Bad guys are are sending spoofed emails claiming to be from the Security and Exchange Commission, and target lawyers, compliance managers, and the very company officials who file documents with the SEC.

Bad News: Your Antivirus Detection Rates Have Dramatically Declined In 12 Months

We all had the nagging suspicion that antivirus is not cutting it anymore, but the following numbers confirm your intuition. I have not seen more powerful ammo for IT security budget to transform your employees into an effective "last line of defense": a human firewall.

Russian Breach US Grid? Nah, Someone Fell For Social Engineering And Enabled Macros

Breathlessly, the Washington Post reports that the Russian Grizzly Steppe malware was found within the system of a Vermont power utility. 

Nah, they just dodged a bullet. This time someone fell for a social engineering ruse, opened an email, next opened the attachment and then enabled macros on a laptop that was not connected to the grid. It's a bad security awareness fail, but no real damage done. Yet. Because that's similar to how Natanz was penetrated by Stuxnet.

AI-powered ransomware is coming, and it's going to be terrifying

Business Insider started an article with the following: "Imagine you've got a meeting with a client, and shortly before you leave, they send you over a confirmation and a map with directions to where you're planning to meet. It all looks normal — but the entire message was actually written by a piece of smart malware mimicking the client's email mannerisms, with a virus attached to the map.

Scam Of The Week: Illegal Game of Thrones Download

Illegally downloading television shows and movies from a variety of torrent websites is done all the time. The HBO series, "Game of Thrones" is the #1 downloaded, not surprisingly.

This Scam Of The Week warns against phishing emails that look like a notice from IP-Echelon, which is the company that enforces copyright claims to ISPs for companies such as HBO.

The twist in this case is that the attack is forwarded to them directly from their own current Internet Service Provider.

Wow, the bad guys are moving fast with CEO Fraud!

KnowBe4 is expanding fast, we now have 120 employees and we just hired a new controller late May to help out our very busy CFO. Part of the KnowBe4 onboarding is getting through our internal training line-up and then updating your LinkedIn profile, so that happened in the last few weeks.

So guess what, Camille walks up to me and asks: "Did you need me for anything? Did you send me an email?" I'm looking at her somewhat puzzled and say: "No?" She answers: "In that case I just got spoofed".

[INFOGRAPHIC] Don't Be The Victim Of A Cyberheist

We have created a new infographic for your users, as part of your ongoing security awareness program. It's a few good reminders how to stay safe online, and to keep their awareness levels at the appropriate level... HIGH! 

Prince Death Overdose Caught On Video! Stolen out of a spear phishing attack?

Our CTO was picking up some groceries and saw this at the check-out, stolen straight out of a spear phishing email... or was it?  LOL.

American Chamber Of Commerce Scam Is Spear-phishing Prep

You may be aware of Steven Weisman, Esq. He writes a great daily blog called Scamicide, and is a is a nationally recognized identity theft expert, experienced university lecturer, proven lawyer specializing in elder law, and a seasoned author of nine books pertaining to identity theft, scams and financial planning.  

Half Of Your Users Are Now Spear Phishing Targets

In a presentation at the Intelligence & National Security Summit, Bill Evanina, Director of the National Counterintelligence and Security Center (NCSC) announced "There have been just over 500 breaches so far this year, some of which made the news, and 47 percent of adult Americans have been the victim of a breach in the last three years."

Subscribe To Our Blog

Phish Your Users

Get the latest about social engineering

Subscribe to CyberheistNews