As the manager of a security awareness team, whose primary goal is to educate users on how to spot phishing attacks, I often get asked, “can you make the phishing simulations look like real-world phish?" This is when I show people what real-world phishing attacks look like. Because our SOC analyzes millions of phishing emails each year, we have a great data set to choose from. Outside of...

Although computer-based training has been on the scene for over two decades, it is only recently that learning professionals have begun to optimize it. Often these courses present hours of content in a single learning experience. While the flexibility of computer-based training offers convenience, learners are often overloaded and overwhelmed by the amount of information presented to them. ...

In the cyber security world, few research reports are more widely respected than Verizon's annual Data Breach Investigations Report (DBIR). The DBIR—which is based on data from publicly disclosed security incidents, Verizon's Threat Research Advisory Center, and dozens of industry contributors—is one of the most detailed and comprehensive reports available to the security community. So when...

The risk of a user receiving a phishing attack is higher than ever, and technological solutions often miss the most devastating of them. Though technology is both an important and required component in protecting the enterprise, security teams need to remain vigilant and educated on quickly identifying threats which make it past technology. This includes the latest social engineering...

Each year new phishing techniques result in more attacks successfully landing in user inboxes. In most cases, threat actors are no different than anyone else, and follow the hottest trends in an effort to be more relevant. During tax season they may push out tax scams, during elections they may push bogus political-inspired healthcare emails, and there are even Game of Thrones inspired...

There are all sorts of things that end up in your inbox, but among those that are reported to a SOC or security team, malicious content only makes up a small percent. Among the analysis provided in this year's annual Phishing Trends and Intelligence (PTI) report, we added a new section based on data from our Phishing Incident Response team. The data analysis resulted in a detailed breakdown of...

Phishing attacks are supposed to be visible. If you can't see them, how could anyone possibly fall for them? Since the dawning of time for phishing attacks there has been a constant struggle between the threat actors creating phishing sites and the individuals and organizations combating them. This has caused phishing attacks to evolve in to more complicated and stealthy traps over time....

Healthcare data breaches are among the most costly of any industry, and phishing attacks are the number one cause. Security technologies, while essential, are not enough to mitigate the threat posed by phishing. Over 90 percent of data breaches contain a phishing component, and the average cost to remediate a data breach is $3.86 million. However, the silver lining is that with an effective...

This month the largest recorded data dump in history, 87GB filled with passwords and user credentials, was made available. Dubbed Collection #1 consists of 1,160,253,228 unique combinations of email addresses and passwords. Though historic, there are two positive notes regarding this information: The first is that this data set was circulated on hacking forums back in December of 2018 and is...

Phishing simulations come with a range of emotions for the users who interact with them. Some will simply ignore them, others may fail by clicking on a link or attachment, and for the well-trained, they may even report them. Even if there is a negative outcome, training leads and organizations should not be worried, yet. Just like in school, these simulations are just that, simulations or...

The most likely way that you will be compromised online is through a simple phish or a socially engineered attack. Today, these two techniques are often combined to create an even more threatening attack, an intelligently targeted phish. Thanks to the wealth of information that we all leave behind us as we use the Internet, it is easier than ever for a social engineer to learn our name,...

As a marketer I am all too familiar with how social media can benefit or damage a brand. On the one hand, social media offers an easy and (sometimes) free way to communicate with customers, prospects, and partners that many brands have used to great advantage. But on the other hand, it's yet another source of potential threats to an organization's infrastructure and reputation. And for the...

Let's be honest, employees make mistakes. And sometimes those mistakes have catastrophic consequences. Everybody has heard stories about people accidentally leaving an unencrypted work laptop on the train, or on the seat of their car. Heck, on a busy day we could even imagine ourselves doing it. But with industry regulators finally starting to find their teeth — and the GDPR is now in full...

So here it is… the first one you've received. Everything has been building up to this. You spent days preparing the business case, weeks designing the training program… and it's finally paid off. The first user-reported phishing email has hit your inbox. Now… what should you do with it? Time is of the Essence Reported phishing emails are good for a lot of reasons. For starters, they can...