Security Awareness Training Blog

Keeping You Informed. Keeping You Aware.
Stay on top of the latest in security including social engineering, ransomware and phishing attacks.

Spear Phishing a Diplomat

Researchers at Fortinet observed a spear phishing attack that targeted a Jordanian diplomat late last month. The researchers attribute this attack to the Iranian state-sponsored threat ...
Continue Reading

Why People Fall for Scams

Scammers use a variety of tried-and-true tactics to trick people, according to André Lameiras at ESET. For example, they can easily find open-source information about people on the ...
Continue Reading

Think BEC Won’t Cost You Much? How Does $130 Million Sound?

A new lawsuit brings to light the all-too common occurrence of an attack, with this occurring during a business acquisition and costing the buyer more than they bargained for.
Continue Reading

Homeland Security: U.S. Ransomware Attacks Have Doubled in the Last Year

A March 2022 report from the Senate Committee on Homeland Security and Governmental Affairs zeros in on the growing problem of ransomware and lessons learned so far.
Continue Reading

Trezor Crypto Wallet Attacks Results in Class Action Lawsuit Against MailChimp Owner Intuit

Months after the MailChimp data breach targeting 102 companies in the crypto sector, a new lawsuit has been filed seeking millions of dollars in damages.
Continue Reading

Happy Credit Union Customers Become the Target of Spoofing Scams Due to a Lack of Email Security

Taking advantage of heightened levels of customer trust and satisfaction, along with lowered levels of properly implemented security, credit unions are seeing a rise in email-based scams.
Continue Reading

European Wind-Energy Sector Is the Latest Target of Russian State-Sponsored Attacks

While Russia consistently denies any launching of cyberattacks, attack details point to reasonable intent by and cybercriminal ties to the Russian government.
Continue Reading

Beware of Spoofed Vanity URLs

Researchers at Varonis warn that attackers are using customizable URLs (also known as vanity URLS) on SaaS services to craft more convincing phishing links. The attackers have used this ...
Continue Reading

KnowBe4 Earns 2022 Top Rated Award from TrustRadius

We are proud to announce that TrustRadius has recognized KnowBe4 with a 2022 Top Rated Award.
Continue Reading

Another Report of SEO in Phishing

Researchers at Netskope have observed a 450% increase in phishing downloads over the past twelve months, largely driven by attackers using SEO (search engine optimization) to improve the ...
Continue Reading

Mustang Panda Uses Spear Phishing to Conduct Cyberespionage

The China-based threat actor Mustang Panda is conducting spear phishing campaigns against organizations in NATO countries and Russia, as well as entities in the US and Asia, according to ...
Continue Reading

CyberheistNews Vol 12 #19 [Heads Up] There is a New Type of Phishing Campaign Using Simple Email Templates

Tricky SMTP Relay Email Spoofing. Man Convicted For 23M Phishing Scam. Email not displaying? | View Knowbe4 Blog CyberheistNews Vol 12 #19  |  May 10th, 2022 [Heads Up] There is a New ...
Continue Reading

Wave of Crypto Muggings Hits London's Financial District

Criminals in London are targeting digital currency investors on the street in a wave of “crypto muggings”, with victims reporting that thousands of pounds were stolen from their crypto ...
Continue Reading

Business Email Compromise Shouldn’t Be the Cost of Doing Business

The FBI last week published a public service announcement updating its warnings about the continuing threat of business email compromise (BEC, also called CEO fraud). The problem has ...
Continue Reading

10 of the Craziest Cyberattacks Seen In the Wild and How You Can Avoid Them

It feels like we hear about a new devastating cyberattack in the news every day. And attack methods seem to be proliferating at an exponential rate. So, which tactics should you be aware ...
Continue Reading

Your KnowBe4 Fresh Content Updates from April 2022

Check out the 67 new pieces of training content added in April, alongside the always fresh content update highlights and new features.
Continue Reading

Cozy Bear Goes Typosquatting

Researchers at Recorded Future’s Insikt Group warn that the Russian threat actor NOBELIUM (also known as APT29 or Cozy Bear) is using typosquatting domains to target the news and media ...
Continue Reading

Microsoft is Leading the Way to a Password-Less Future

As we observe World Password Day to create awareness around the need for password security, Microsoft is looking for frictionless ways to eliminate passwords entirely.
Continue Reading

SMTP Relay Email Spoofing Technique

Researchers at Avanan have observed a surge in phishing emails that abuse a flaw in SMTP relay services to bypass email security filters.
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews