KnowBe4

Security Awareness Training Blog

Keeping You Informed. Keeping You Aware.

Microsoft Office Macros Remain Top Choice for Malware Delivery

Microsoft Office documents containing malicious macros accounted for 45 percent of malware loaders in August 2018, according to a blog post by Cofense. These macros were used to deliver a ...
Continue Reading

Social Engineering, Just a Call Away

An email arrives, and you think it’s from your boss. Because it has your boss’s name on it, there's a huge psychological response, and you tend do what is requested. After a cordial ...
Continue Reading

WSJ: "Forget Passwords. It’s Time for Passphrases."

Mr. Henry Williams is a deputy editor for The Wall Street Journal in New York, and he reported on something we just also recommended. Here is an excerpt with a link to the full article at ...
Continue Reading

Cryptojacking 101: A First Look at Cryptomining Attacks

Your organization might just be making someone else money by allowing them to mine for cryptocurrency on your computers… and not even know it.
Continue Reading

When Does Effective Persuasion Become Manipulation and Social Engineering?

There’s a fine but clear line between ethical and unethical persuasion, says Joe Gray, a security consultant from the “Advanced Persistent Security” blog and podcast. Gray recently ...
Continue Reading

Brand-New Ransomware Simulator Tool Now with Cryptomining Scenario

Bad guys are constantly coming out with new malware versions to evade detection. That’s why we’ve updated our Ransomware Simulated tool “RanSim” to include a new cryptomining scenario! ...
Continue Reading

The Evolution Of "Friendly Name" Spoofing During Phishing Attacks

Our friends at Bleepingcomputer had a great article written by Ionut Ilascu I think you will like: "While phishing continues to be the prevalent threat in malware-less email-based ...
Continue Reading

WATCH IT - Current Events Will Be Misused for Phishing...AGAIN

Here are the latest Current Events phishes from the KnowBe4 team over the past few days, some prompted by warnings from US-CERT.
Continue Reading

Sixth Circuit Says Policyholder's Social Engineering Loss Covered By Computer Fraud Policy

Note: We blogged about a very similar 2nd  Circuit case earlier this year in CyberheistNews, the first paragraph below refers to that case.
Continue Reading

Colleges Become Phishing Targets with Student Loans as the Payoff

Anytime there’s a transaction involving money, cybercriminals look for ways to hack in and intercept funds. Student Loans are the latest target.
Continue Reading

Your Users May Be Too Embarrassed to Report Email Scams

New research shows 25% of users falling victim to impersonation fraud were so ashamed they chose not to report it. Even worse, many don’t know how to spot the scam.
Continue Reading

[ALERT] CEO Fraud Escalates. Bad Guys Now Go After Employee Personal Address And Phone Number

KnowBe4 is observing a serious escalation of CEO Fraud. They are now requesting street addresses and personal phone numbers of employees—an attempt to contact and manipulate employees ...
Continue Reading

Cyber Attacks Cost German Industry Almost $50 Billion: Study

BERLIN (Reuters) – Two thirds of Germany’s manufacturers have been hit by cyber-crime attacks, costing industry in Europe’s largest economy some 43 billion euros ($50 billion), according ...
Continue Reading

Phishing from Beyond the Grave...

By Eric Howes,  KnowBe4 Principal Lab Researcher. It's no secret that the threat of phishing emails has been growing at an alarming rate for a number of years. Indeed, ZDNet recently ...
Continue Reading

KnowBe4 Wins Channelnomics Security Award for Best Security Training

World’s largest library of security awareness training recognized for excellence
Continue Reading

[VIDEO] Password Sharing Means Not Caring

How Fast Can Your Domain Admin Password Be Cracked? 19% of employees of small and medium-sized businesses (SMBs) share their passwords with coworkers, according to a study by Switchfast. ...
Continue Reading

Want to Know How to Break into a Henhouse? Hire a Fox

Red teaming starts with research. So does social engineering. Red teaming is the practice of thinking and acting like an attacker to test an organization’s defenses, according to security ...
Continue Reading

Details of North Korea Attacks Highlight Email’s Role in Attacks

When you think of cyber-espionage, you might be surprised it’s far less “Mission: Impossible” and a lot more basic phishing tactics.
Continue Reading

Phishing Scammers are Planning Well into 2020

Cybercriminals are already looking to take advantage of the 2020 Tokyo Olympics. Are you thinking years out? The bad guys are.
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews