Holding a Great Employee Education Meeting

KnowBe4

Social Engineering Phishing Security Awareness TrainingI recently attended a customer’s annual security awareness training employee event. I have attended a bunch of these over the years and I have loved them all. But this particular customer threw a great one!

FBI: COVID-19-Themed Phishing Spreads Netwalker Ransomware

Data Breach Today

Attacks Target Government Agencies and a Variety of Others The FBI is warning that attacks using a ransomware variant called Netwalker have increased since June, targeting government organizations, educational entities, healthcare firms and private companies in the U.S.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

GUEST ESSAY: Advanced tools, tactics required to defend latest attack variant — ‘DeepSea phishing’

The Last Watchdog

Phishing itself is not a new or a particularly complicated threat. But the emergence of advanced phishing techniques – “DeepSea Phishing” – poses an entirely new challenge for enterprises. Phishing comes with a simple premise – lure someone to interact with a malicious link, file, or credentials-input, disguised as a legitimate email or website. The financial impact of phishing attacks quadrupled over the past six years, with the average cost for U.S.

NCSC warns of a surge in ransomware attacks on education institutions

Security Affairs

National Cyber Security Centre (NCSC) has issued an alert about a surge in ransomware attacks targeting education institutions. National Cyber Security Centre (NCSC), has issued an alert about a surge in ransomware attacks against education institutions. The U.K.

Fighting Against Phishing

Data Breach Today

Richard Conti of Children's Hospital of Philadelphia on Risk Mitigation Steps Because phishing attacks are so pervasive, aggressive staff educational efforts are essential, says Richard Conti of The Children's Hospital of Philadelphia, who also discusses other risk mitigation steps

GUEST ESSAY: The rise of ‘PhaaS’ — and a roadmap to mitigate ‘Phishing-as-a-Service’

The Last Watchdog

Phishing is one of the most common social engineering tactics cybercriminals use to target their victims. Cybersecurity experts are discussing a new trend in the cybercrime community called phishing-as-a-service. Phishing-as-a-Service (PhaaS). Phishing-as-a-service, also called PhaaS, is the same as the SaaS business model, except the product for sale is designed to help users launch a phishing attack.

Microsoft disrupts SEABORGIUM ’s ongoing phishing operations

Security Affairs

Microsoft has disrupted activity by SEABORGIUM, a Russia-based actor launching persistent phishing, credential and data theft, intrusions, and hack-and-leak campaigns tied to espionage. The post Microsoft disrupts SEABORGIUM ’s ongoing phishing operations appeared first on Security Affairs.

Salesforce Email Service Used for Phishing Campaign

eSecurity Planet

Cybercriminals are using Salesforce’s mass email service to dupe people into handing over credit card numbers, credentials and other personal information in a novel phishing campaign that highlights the threats to corporate networks that can come from whitelisted email addresses.

Catches of the Month: Phishing Scams for August 2022

IT Governance

Welcome to our August 2022 review of phishing attacks, in which we explore the latest email scams and the tactics that cyber criminals use to trick people into handing over their personal data. However, the success of these scams is also a down to a lack of awareness of how phishing works.

Phish of GoDaddy Employee Jeopardized Escrow.com, Among Others

Krebs on Security

A spear-phishing attack this week hooked a customer service employee at GoDaddy.com , the world’s largest domain name registrar, KrebsOnSecurity has learned. 49 (that domain is hobbled here because it is currently flagged as hosting a phishing site).

Online education site EduCBA discloses data breach and reset customers? pwds

Security Affairs

The online education portal EduCBA discloses a data breach and is resetting customers’ passwords in response to the incident. Online education website EduCBA discloses a data breach, it has started notifying customers that in response to the incident it is resetting their passwords.

U.S. Universities Hit With ‘Adult Dating’ Spear-Phishing Attack

Threatpost

Malware Vulnerabilities Web Security adult dating lure advanced persistent threat apt education cyberattack Hupigon RAT remote access Trojan Spear Phishing university phishing

Microsoft blocked tens of billions of brute-force and phishing attacks in 2021

Security Affairs

Office 365 and Azure Active Directory (Azure AD) customers were the targets of billions of brute-force and phishing attacks last year. billion phishing emails with Microsoft Defender for Office 365 in 2021. billion phishing emails with Microsoft Defender for Office 365.”

Catches of the Month: Phishing Scams for September 2022

IT Governance

Welcome to our September 2022 review of phishing attacks, in which we explore the latest email scams and the tactics that cyber criminals use to trick people into handing over their personal data. You can help educate your staff with IT Governance’s Phishing Staff Awareness Training Programme.

FBI warns of PYSA Ransomware attacks against Education Institutions in US and UK

Security Affairs

The FBI has issued an alert to warn about an increase in PYSA ransomware attacks on education institutions in the US and UK. The FBI has issued Tuesday an alert to warn about an increase in PYSA ransomware attacks against education institutions in the United States and the United Kingdom.

Should Failing Phish Tests Be a Fireable Offense?

Krebs on Security

Would your average Internet user be any more vigilant against phishing scams if he or she faced the real possibility of losing their job after falling for one too many of these emails? As this was the first time I’d ever heard of an organization actually doing this, I asked some phishing experts what they thought (spoiler alert: they’re not fans of this particular teaching approach). Does your employer do phishing awareness training and testing?

Catches of the Month: Phishing Scams for July 2022

IT Governance

Welcome to our July 2022 review of phishing attacks, in which we explore the latest email scams and the tactics that cyber criminals use to trick people into handing over their personal data. NFT marketplace warns users of phishing scams.

iNSYNQ Ransom Attack Began With Phishing Email

Krebs on Security

A ransomware outbreak that hit QuickBooks cloud hosting firm iNSYNQ in mid-July appears to have started with an email phishing attack that snared an employee working in sales for the company, KrebsOnSecurity has learned. Luchansky did not mention in the town hall meeting exactly when the initial phishing attack was thought to have occurred, noting that iNSYNQ is still working with California-based CrowdStrike to gain a more complete picture of the attack.

Catches of the Month: Phishing Scams for March 2022

IT Governance

Welcome to our March 2022 review of phishing attacks, in which we explore the latest email scams and the tactics that cyber criminals use to trick people into handing over their personal information. Ukrainian citizens targeted by phishing attacks.

Catches of the Month: Phishing Scams for February 2022

IT Governance

Welcome to our February 2022 review of phishing attacks, in which we explore the latest scams and the tactics that cyber criminals use to trick people into handing over their personal information. billion phishing emails.

IT 96

Catches of the Month: Phishing Scams for April 2022

IT Governance

Welcome to our March 2022 review of phishing attacks, in which we explore the latest email scams and the tactics that cyber criminals use to trick people into handing over their personal data. Browser-in-the-browser attack defies phishing guidance.

Beyond Phishing: The New Face of Cybersecurity Awareness

Data Breach Today

Terranova's Lise Lapointe on How Cybersecurity Awareness Must Evolve As CEO of Terranova Security, an awareness training provider, Lise Lapointe sees an evolution of education programs that used to be merely phishing simulation tests. What are the most effective forms of training

Catches of the Month: Phishing Scams for June 2022

IT Governance

Welcome to our June 2022 review of phishing attacks, in which we explore the latest email scams and the tactics that cyber criminals use to trick people into handing over their personal data. NFT artist’s Twitter account phished. QuickBooks users warned of phishing scam.

Catches of the Month: Phishing Scams for May 2022

IT Governance

Welcome to our May 2022 review of phishing attacks, in which we explore the latest email scams and the tactics that cyber criminals use to trick people into handing over their personal data. Perhaps this is a moment to introduce the idea that phish can be like a leak in the boat.

SHARED INTEL: Microsoft discloses how the Nobelium hacking ring engages in routine phishing

The Last Watchdog

And yet, for all of its sophistication, Nobelium also engages in routine phishing campaigns to get a foothold in targeted organizations. To help protect against these types of attacks, organizations should enable multi-factor authentication (MFA) on login accounts when available, monitor for brute force attempts and educate users on the importance of password hygiene, such as using unique and strong passwords, in the battle against cyber crime.”.

Phishing attacks: 6 reasons why we keep taking the bait

IT Governance

Phishing attacks are a persistent threat to businesses. A staggering 90% of breaches involve phishing, according to Verizon’s Data Breach Digest. And these attacks are on the rise – Proofpoint’s 2019 State of the Phish Report reveals that 83% of survey respondents experienced phishing attacks in 2018. But what makes phishing attacks so successful? Phishing tools are low-cost and widespread . Protect your organisation against phishing.

The effects of phishing awareness training wear off over time

IT Governance

Employees forget the guidance given on phishing training courses within six months, new research has revealed. The researchers studied hundreds of employees , splitting them into groups and providing them with phishing awareness training at various intervals. Phishing

Protecting End Users from Phishing Attacks

Adapture

Protecting End Users from Phishing Attacks. Last time, we introduced you to phishing attacks and explained why it’s something you need to be concerned about, especially in light of its recent resurgence. Educate your end users. Be up-to-date with the latest phishing campaigns.

Why has there been increase in cyber risks for the education sector?

IT Governance

The coronavirus pandemic has arguably affected the education sector more than any other, with schools, colleges and universities around the globe having been forced to close their doors and deliver classes remotely. The post Why has there been increase in cyber risks for the education sector?

Feds: K-12 Cyberattacks Dramatically on the Rise

Threatpost

Attackers are targeting students and faculty alike with malware, phishing, DDoS, Zoom bombs and more, the FBI and CISA said.

Helping defend against increases in phishing attacks related to COVID-19 scams

CGI

Helping defend against increases in phishing attacks related to COVID-19 scams. In the new normal, education is key to helping people understand emerging cyber threats. While they juggle work and life at home, we need to support individuals by providing the best possible environment.

Combat the increasing ransomware threat by educating employees

IT Governance

Although this creates an opportunity for cybercriminals, it can be addressed through education.”. The survey recommends educating end users, as this will enable them to identify attacks. Our Phishing and Ransomware – Human patch e-learning course explains the threats that ransomware presents to organisations, and gives details of the resources available to help you understand and combat those threats. This ten-minute course provides an introduction to phishing and ransomware.

Think you’re not susceptible to phishing? Think again

IT Governance

Phishing is big business for cyber criminals. According to PhishMe’s Enterprise Phishing Resiliency and Defense Report 2017 , phishing attacks rose by 65% last year, with the average attack costing mid-sized companies $1.6 Experts say that phishing attacks are most successful when they create a sense of urgency, fear or curiosity, but these were near the bottom of a list of self-reported motivations: Entertainment: 19.5%. Help your staff avoid phishing attacks.

IT 58

Ransomware And Zoom-Bombing: Cyberattacks Disrupt Back-to-School Plans

Threatpost

Critical Infrastructure Featured Government Hacks Malware Vulnerabilities Web Security back to school clark county coronavirus COVID-19 cyberattack delay education first day of school hartford hrtford Las Vegas Phishing Public Schools ransomware remote learning school system zoom Zoom-bombing

Watch out for phishing scams this Christmas

IT Governance

Some phishing scams contain links to websites that replicate a real site with the intention of nabbing your login details, whereas others contain attachments loaded with malware. See also: Phishing scams for December 2019. Phishing scams for November 2019. Lack of education.

GUEST ESSAY: 5 anti-phishing training tools that can reduce employees’ susceptibility to scams

The Last Watchdog

This tool, from Cofense, proactively engages employees via simulated attacks based on real-time threats for various phishing tactics. PhishMe’s online forum provides a series of scenarios, landing pages, attachments and educational pages. This methodology is distributed over a period of a year giving employees time to understand various phishing strategies. Its cloud-based service helps its’ clients to schedule automated training campaigns and simulated phishing attacks.

How regular phishing drills keep providers’ data safe

Information Management Resources

Healthcare organizations should look for incremental reduction of risks by making use of phishing education campaigns, says Kate Borten. Data security Cyber security Phishing HIPAA regulations Risk Risk management Risk tolerance

BEST PRACTICES: Mock phishing attacks prep employees to avoid being socially engineered

The Last Watchdog

Social engineering, especially phishing, continues to trigger the vast majority of breach attempts. In 2015, penetration tester Oliver Münchow was asked by a Swiss bank to come up with a better way to test and educate bank employees so that passwords never left the network perimeter. Lucy’s’s software allows companies to easily set-up customizable mock attacks to test employees’ readiness to avoid phishing, ransomware and other attacks with a social engineering component.

Focus on Phishing: Diving Deep into A Persistent Threat

KnowBe4

As part of this research, we asked a variety of questions to test respondents’ knowledge of phishing emails. To call further attention to this threat, and to recognize National Cybersecurity Awareness Month (NCSAM), we’re presenting the phishing-awareness-specific findings from the report. The dangers of phishing attacks are difficult to overstate. Our Phishing Findings. 14% of employees failed to identify true phishing emails. Phishing Knowledge Check.

75% of organisations have been hit by spear phishing

IT Governance

Phishing scams aren’t as compelling as some of the more sophisticated attacks that you read about. After all, every unusual email you receive could be a phishing scam, whether it’s an account reset message from Amazon or a work request from your boss. For example, Proofpoint’s Understanding Email Fraud Survey has found that 75% of organisations had been hit by at least one spear phishing email in 2018. Sustained threat of spear phishing. Phishing is a top concern.