CyberHoot’s HootPhish Challenge
Learn how CyberHoot’s HootPhish Challenge gamifies phishing detection, helping users quickly and accurately identify phishing threats!
Advanced Phishing Tactics: A Hacker’s Playbook
Discover the latest phishing tactics targeting unsuspecting victims, including Cloudflare Workers, HTML smuggling, and AI-generated emails. Learn how cybercriminals bypass security measures and how you can protect yourself from these sophisticated attacks. Stay informed and stay safe in the ever-evolving world of cybersecurity.
HowTo: Add Automatic Clients in CyberHoot (or Convert Power Clients)
This video provides MSPs with instructions on how to add a new “Automatic” client to CyberHoot. Automatic Clients automate the delivery a single monthly security awareness training video and a quarterly phishing test by assignment with no intervention by the MSP at all. The only requirement for the MSP is that they manage user adds and deletes.
HowTo: Complete an Assignment-based Phishing Test
This video provides end users with an overview of the Phish Testing by assignment service in CyberHoot. It should be shared with anyone who is struggling to complete their phishing test by assignment.
HowTo: The Benefits and Setup of CyberHoot’s Assignment-Based Phish Testing
Phish testing has been punitive to employees and difficult for SMBs and MSPs to set up. It requires you to configure allow-lists, X-Headers, and PowerShell scripts. This video and how explains how to avoid all that hassle with automated assignment-based phish testing that is a positive learning experience for employees with zero administration and setup for SMBs or MSPs.
Refund Vishing Scams
Secure your business with CyberHoot Today!!! Sign Up Now We’re constantly receiving emails, text messages, and phone calls from scammers claiming to be reputable brands we use. What you may …
Text Message Scams: A Growing Trend
Secure your business with CyberHoot Today!!! Sign Up Now Anyone who owns a cellphone has likely received an unexpected text message from a number they don’t recognize containing a link …
CyberHoot April Press Release – Assignment-Based Phishing Module
Click the image below to view a larger version Overview of the New Assignment-Based Phishing Module HowTo: Set Up Assignment-Based Phishing Module https://youtu.be/fsCntDKJgVshttps://youtu.be/3qaNDq274nY To go to the HowTo page for …
Google Docs’ Comment Phishing Exploit
A wave of phishing attacks has been generated within Google’s cloud-based word processing solution (Google Docs) and its “Comments” feature. Attackers use the commenting feature to send malicious links to …
Spear-Phishing & Whaling – Day 9 of Cybersecurity Awareness Month
Today is Day Nine of Cybersecurity Awareness Month, each day, we will be publishing a video outlining necessary topics to help improve people’s cybersecurity hygiene. Keep checking CyberHoot’s VLOG and …
BazarCaller – Vishing Gang
BazarCaller is a new cybercrime gang that uses Vishing to trick its victims into handing over information or access to a device. Vishing is the malicious practice of making phone …
Stalkerware
Stalkerware refers to tools, apps, software programs, and devices that let another person (a stalker) secretly watch and record information on another person’s device. Parents use this type of tool …
FBI Recovers Colonial Bitcoin Payment
In May of 2021, the United States’ largest pipeline, Colonial Pipeline, halted operations due to a ransomware attack. At the time, Colonial Pipeline carried 45% of the fuel used on the …
Quick Response (QR) Code
A Quick Response (QR) Code is a type of barcode that contains a pattern of dots and lines. It can be scanned using a QR scanner or on a smartphone camera. …
Clickjacking
Clickjacking, also known as a “UI Redress Attack”, is when an attacker uses multiple transparent or vague layers to trick a user into clicking on a button or link on …
Instagram Scams: How To Avoid Them
Since Instagram’s official launch in 2010, it’s seen more than 1 billion accounts opened with users sharing close to 100 million photos every day. Instagram’s popularity skyrocketed since its launch …
Domain Name System (DNS)
A Domain Name System (DNS) is essentially the ‘phonebook’ of the Internet. DNS is an elaborate, fault-tolerant way of connecting people to resources online. While it is quite complex, this …
PayPal Smishing Attack
A PayPal text message phishing campaign was discovered that attempts to steal your account credentials and other sensitive information. This form of phishing attack, through text messages, is called Smishing. Hackers …
Sender Policy Framework (SPF)
Sender Policy Framework (SPF) is an anti-spam tool where email domains of the senders can be authenticated. SPF works hand-in-hand with DKIM and DMARC to help authenticate email messages to …
DKIM
DKIM (DomainKeys Identified Mail) is an email authentication tool that verifies messages are sent from a legitimate user’s email address. It’s designed to prevent email forgery and spoofing; essentially phishing. …
DMARC
DMARC which stands for Domain-based Message Authentication, Reporting, and Conformance is an email security protocol. When enabled, your email domain is protected from spoofing by hackers. DMARC sets up an …
Shark Tank Host Phished For Nearly $400K
Barbara Corcoran, a world famous Shark Tank host, was scammed out of nearly $400,000 in late February. Barbara Corcoran, a renowned real-estate broker and business expert, admitted last month that …
Melissa Virus
The Melissa Virus is malware that was was deployed in late March of 1999. A programmer by the name of David Lee Smith took over an America Online (AOL) account …
Vishing
Vishing is the fraudulent practice of making phone calls or leaving voice messages pretending to be from reputable companies in order to have individuals give out personal information, up to …
Smishing
Smishing is another form of phishing, where a hacker sends a malicious text or SMS message trying to trick someone into giving them sensitive information. Smishing can be more dangerous …
Spear-Phishing
Spear-Phishing is a form of phishing attack that targets a specific person or organization, seeking access to sensitive information. Similar to phishing, this is done through spoofing emails that appear …
Whaling
Whaling refers to malicious hacking that targets high-ranking executives. Similar to phishing, whaling is where the hacker hunts for data that they can use, but they focus on high-ranking bankers, …
Social Engineering
Social Engineering in the context of cyber security, is when one uses psychological manipulation to have people perform specific actions or to give out confidential information. This differs from the …
Spoofing
Related Terms: Social Engineering, Phishing Source: CNSSI 4009 If you would like more information on spoofing, watch this short video: Watch this video on YouTube
CyberHoot: Phishing Attacks
Spotting and Avoiding Phishing Attacks This CyberHoot core curriculum and BootCamp video outlines the common attack patterns found in phishing attacks and provides the viewer with a clear set of …
You’ve Been Phished!
Overview of Phish testing.
Phishing Training
This 3 minute video by the Government of Canada outlines how phishing occurs online. Problems online occur when you are phished and turn over account numbers, passwords, or other critical …
New Orleans State of Emergency Following Cyber Attack
It was only about a week ago that the government facility in Pensacola, Florida was shut down due to a cyber attack. Now the city of New Orleans is shut …
Ransomware
Ransomware is a type of malicious software designed to block access to a computer system, and more importantly the critical data it contains, until a sum of money or ransom …
Phishing
Phishing is a digital form of social engineering to deceive individuals into providing sensitive information. This is typically done via email, having people click on links that allow hackers to …
RYUK Ransomware infects 110 Healthcare Facilities
This past Thanksgiving weekend, 110 healthcare facilities were infected by a ransomware attack on their IT provider. Virtual Care Provider Inc. (VCPI), provides security, data hosting and access management services …
Watch out for Cyber Monday Phishing Scams
Who is most likely to fall victim to Cyber Monday phishing scams? People who don’t know about phishing scams, typosquatting, and fake look-alike websites. Did you know there are 4 …
BlueKeep is MS Blaster
Good backups will let you go back in time to recover compromised systems. Don’t let this happen by not patching for BlueKeep now.