Security Awareness Training Blog

Keeping You Informed. Keeping You Aware.
Stay on top of the latest in security including social engineering, ransomware and phishing attacks.

A Master Class on Cybersecurity: Roger Grimes Teaches Password Best Practices

[Live Demo] Ridiculously Easy Security Awareness Training and Phishing

American Airlines Traces Breach to Phishing Incident

Top 5 Deepfake Defenses

CyberheistNews Vol 12 #39 [HEADS UP] Bank of America Warns About Recent Scams That Request Zelle Payment Due to 'Suspicious Activity'

87% of Organizations Rank Cyberattacks as the Number One Threat to Their Business

FBI: Cyber Criminals Will Continue Targeting Healthcare Payment Processors Through Phishing Campaigns and Social Engineering

Fake Emails Purporting to be from UK Energy Regulator

Try the New Compliance Audit Readiness Assessment Today for the HIPAA Security Rule

Recent Optus Data Breach Teaches the Importance of Recognizing Social Engineering

Sentence in a Catphishing Case

You Need Aggressive Cyber Training, Not "So, So" Training

Retail is in Trouble: 77% Of Retail Organizations Have Been Hit by Ransomware

“Browser-in-the-Browser” Phishing Technique Spotted in New Steam Account Attack

Phishing Campaign Targets GitHub Users

[New Feature] Managing Your Risk and Compliance Tasks Just Got Easier with KCM’s Jira Integration

Security Practices Are Improving, But Cybercriminals Are Keeping Up

Phishing Attacks Reach an All-Time High, Quadrupling That of Early 2020

Do Not Use Easily Phishable MFA and That Is Most MFA!

CyberheistNews Vol 12 #38 [HEADS UP] New Uber Security Breach 'Looks Bad', Caused by Social Engineering

Social Engineering Targets Healthcare Payment Processors

[HEADS UP] Bank of America Warns About Recent Scams That Request Zelle Payment Due to 'Suspicious Activity'

Uber security breach 'looks bad', caused by social engineering

Phishing from a French Government Career Website

[MSP News] Manage Your Multiple KnowBe4 Accounts Faster with Managed Training and Phishing Rolled Into One

Cisco Attempt Attributed to Lapsus$ Group

Unconventional Security Awareness Advice

[HEADS UP] The Online Scams exploiting Queen Elizabeth's Death are Here

Scammer Continues Phishing From Prison

CyberheistNews Vol 12 #37 [Eye Opener] The New Evil Proxy Phishing-as-a-Service Platform Beats MFA

Ransomware Gangs Improve Attack Speed and Evade Detection with New "Intermittent Encryption" Tactic

Striving for 100% Completion Rates: Getting Compliance on Your Compliance Training

Report: 80% of Phishing Attacks Leverage Legitimate Web Infrastructure and Services

Gaming-Related Phishing Trends

PwC: More Frequent Cyber Attacks Tops the List of Business Risk for Executives

Singapore: Top Ten Scams in the First Half of 2022 Cost Over $227 Million, Scam Frequency Rises by 94%

Request a Demo of KnowBe4's PhishER Platform and Get Your Free Hat!

[New Training] Give Your Employees the Know-How to Have the Tough Conversations with New Compliance Plus Training

New Phishing-as-a-Service Platform

[On-Demand Webinar] Combatting Rogue URL Tricks: Quickly Identify and Investigate the Latest Phishing Attacks

Spear Phishing Campaign Targets Financial Institutions in African Countries

CyberheistNews Vol 12 #36 [Eye Opener] So, Your MFA Is Phishable, What to Do Next?

Building a Security Culture With Behavior Design

Register for KB4-CON EMEA 2022 Now!

REvil Springs Back to Life and Hits a Fortune 500 Company

The Number of Phishing Attack Cases in Japan Hit an All-Time High

Instagram Phishing: Scammers Exploit Instagram Verification Program

Fraud Warning from DHS OIG

Your KnowBe4 Fresh Content Updates from August 2022

So, Your MFA is Phishable, What To Do Next

Phishing Attacks Leveraging Legitimate SaaS Platforms Soars 1100%

Phishing and Malicious Emails Are Still the Primary Initial Attack Vector

LockBit Ransomware Group Steps Up Their Game with Triple Extortion as the Next Evolution

Lost in Translation? New Cryptomining Malware Attacks Based in Turkey Cause Suspicion

[KREBS ON SECURITY] How 1-Time Passcodes Became a Corporate Liability

The Extent of Social Engineering

CyberheistNews Vol 12 #35 [Heads Up] Check This Highly Sophisticated LinkedIn Job Offer Scam

Researchers warn of darkverse emerging from the metaverse

State-Based Cyberattacks to be Excluded from Lloyd’s of London Cyber Insurance Policies

The Crypto Collapse Will Only Add Fuel to the Cyberattack Fire

BlackByte Ransomware Gang Comes Back to Life with a New Extortion Strategy

Phishing Remains the Initial Infection Vector in 78% of Attacks Against OT-Heavy Industries

Report: Deepfakes Used in Scams

[HEADS UP] Highly Sophisticated Job Offer Scam

Dueling Clauses, or, not all Fraud is the Same

[BUDGET AMMO] Companies Are Ditching Cybersecurity Insurance as Premiums Rise, Coverage Shrinks

Teach Two Things to Decrease Phishing Attack Success

Vishing is a Rising Threat to the Enterprise

CyberheistNews Vol 12 #34 [Eye Opener] The Cisco Hack Was Caused by Initial Access Broker Phishing

On this Carousell Ride, the Crooks Take the Brass Ring.

[FREE RESOURCE KIT] Cybersecurity Awareness Month 2022 Now Available

[Whoa] Ransomware Strains Almost Double in Six Months from 5,400 to 10,666

Piggybacking: Social Engineering for Physical Access

One-Third of Organizations Experience Ransomware Attacks At Least Weekly

Impersonation Phishing Attacks Increase as Credentials Take the Lead as the Primary Target

Hybrid Vishing Attacks Increase 625% in Q2

Organizations Holding Cyber Insurance Policies May Get Stuck with the Bill in a Phishing Loss

Social Engineering for Espionage and Influence

More Super Targeted Spear Phishing Ahead

Children of Conti go Phishing

CyberheistNews Vol 12 #33 [Eye Opener] Recent Cisco Hack by Ransomware Group Started Because of a Phishing Attack

Initial Access Broker Phishing

U.S. Government Warns of Increased Texting Scams as Mobile Attacks are Up 100%

Massive Network of Over 10,000 Fake Investment Sites Targets Europe

Phishing-as-a-Service Platform “Robin Banks” Helps Cybercriminals Target Customers of Financial Institutions

92% of Organizations Have Experienced a Security Incident as a Result of an Email-Borne Threat

New Paypal Phishing Scam Uses “Legitimate” Invoices to Reach Victim Inboxes

SolidBit Ransomware Targets League of Legends Players

Recent Cisco Hack by Ransomware Group Started Because of a Phishing Attack

The Top 8 Most Common Types of DNS Records

DPRK Operators Impersonate CoinBase

New Phishing Campaign is Now Targeting Coinbase Users

Hacking the Hacker: Assessing and Addressing Your Organization’s Cyber Defense Weaknesses

Cash App Scams Strikes Again With New Types of Attacks

CyberheistNews Vol 12 #32 [Heads Up] Watch Out For This Widespread, Multistage Investment Scam

New Research Shows Social Engineering and Phishing are the Top Threats

Twilio hacked by phishing campaign targeting internet companies

WSJ: "Cyber Insurance Prices Soar"

Cybercriminals Go to College with New Phishing Attacks

LinkedIn Continues its Reign as the Most-Impersonated Brand in Phishing Attacks

Ransomware Attack Downtime Costs in the U.S. Rise to Nearly $160 Billion

Open Redirects Exploited for Phishing

KnowBe4 Wins Multiple Summer 2022 "Best of" Awards From TrustRadius

On-Demand Webinar: New 2022 Phishing By Industry Benchmarking Report: How Does Your Organization Measure Up

Labor Market Social Engineering: Supply-Side and Demand-Side

New Data Breach Extortion Attack Begins with a Fake Duolingo or MasterClass Subscription Scam

Security and Gender: The Gaps Are Not Where You Expect

CyberheistNews Vol 12 #31 [Heads Up] Crafty Microsoft USB Scam Shows the Importance of Security Awareness Training

Cyber Insurance Expected to Continue to Rise as Sophistication and Cost of Ransomware Attacks Increase

Experian Customer “Impersonation” Account Takeover Uncovered by KrebsOnSecurity

A Widespread, Multistage Investment Scam

Happy 23rd Annual SysAdmin Day from KnowBe4!

Your KnowBe4 Fresh Content Updates from July 2022

Phishing-Based Data Breaches Take 295 Days to Contain and Breach Costs Soar to $4.91 Million

Beware of Sophisticated Malicious USB Keys

Microsoft 365 Users are Once Again the Target of Phishing Scams using Fake Voice Mail Messages

Hackers Use Free Email Accounts from QuickBooks to Launch Spoofed Phishing Attacks

Spear Phishing Campaign Targets Facebook Business Accounts

IBM: Phishing is the Most Common Way to Gain Access to Victim Networks

KnowBe4 Top-Clicked Phishing Email Subjects for Q2 2022 [INFOGRAPHIC]

Nearly Half of Organizations Have Experienced Vishing

New Report Reveals that Ransomware and Business Email Compromise Attacks Cause Nearly 70% of Cyber Incidents

[BEWARE] Microsoft and Facebook are the Most Abused Brands for Phishing Attempts

Malvertising With Google Ads

CyberheistNews Vol 12 #30 [Heads Up] New MFA 'Prompt Bombing' Attacks Give Access to Laptops, VPNs, and More

Microsoft USB Scam Shows the Importance of Security Awareness Training

Ransomware Groups Get Smaller and More Social

Striving for 100% Completion: Getting Compliance on Your Compliance Training

[Heads Up] Huge Losses Caused By Epidemic of ‘Pig Butchering’ Scams

[Eye Opener] Both Job Seekers and Employers Should Be Aware Of New Sophisticated Scams

FBI Warns of Phony Cryptocurrency Investment Apps

Cybersecurity Should be an Issue for Every Board of Directors

CyberheistNews Vol 12 #29 [Heads Up] New Phishing Attacks Shame, Scare Victims into Surrendering Twitter, Discord Credentials

New Multi-Factor Authentication Prompt “Bombing” Attacks Give Access to Laptops, VPNs, and More

Copyright Claim Email is a LockBit Ransomware Phishing Attack in Disguise

Phishing Kit Imitates PayPal

New Phishing Attacks Shame, Scare Victims into Surrendering Twitter, Discord Credentials

Ransomware Group Conti Reaches 40 Successful Attacks in a Single Month

Phishing Attacks are the Most Prevalent Source of Identity-Related Breaches

Facebook-Themed Scam Aims to Steal Your Credentials

Hovering Over Links Will Protect You More Than MFA

Watchdog Uncovers 12% of Google Ads for Student Loan Relief Could be Malicious

QuickBooks Phishing Scam is Back

[On-Demand Webinar] Hacks That Bypass Multi-Factor Authentication and How to Make Your MFA Solution Phishing Resistant

Phishing Attack Steals $8 Million Worth of Cryptocurrency

KnowBe4’s 2022 Phishing By Industry Benchmarking Report Reveals that 32.4% of Untrained End Users Will Fail a Phishing Test

CyberheistNews Vol 12 #28 [Eye Opener] Lessons Learned From a Big Hotel's Recent Data Breach Caused by Social Engineering

Callback Malware Campaigns Impersonate CrowdStrike and Other Cybersecurity Companies

All it Takes is “Free” Beer to Steal Your Personal Data

Multi-Medium Phishing Tactics Increase Attack Effectiveness by 300%

Amazon Prime Day Phishing

KnowBe4 Named a Leader in the Summer 2022 G2 Grid Report for Security Orchestration, Automation, and Response (SOAR)

KnowBe4 Named a Leader in the Summer 2022 G2 Grid Report for Security Awareness Training

[Scam of the Week] Amazon Prime Day or Amazon Crime Day? Don’t Fall Victim to Phishing

[Eye Opener] Lessons Learned from a Big Hotel's Recent Data Breach Caused By Social Engineering

One Employee’s Desire for a New Job Cost His Employer $540 million

Your KnowBe4 Fresh Content Updates from June 2022

Breaches & Cyberwar Driving Security Culture

FBI Issues Warning on China for Attempting to 'Ransack' Western Companies

Phishing Campaign Impersonates the UAE

Expect More Travel-Themed Phishing Scams as 80% of Americans Plan to Travel

New WhatsApp Scam Uses Call Forwarding Social Engineering to Hijack Accounts

New Phishing Campaign is Targeting TrustWallet With Impersonation Emails

CyberheistNews Vol 12 #27 [New FBI and CISA Alert] This Ransomware Strain Uses RDP Flaws to Hack Into Your Network

Ransomware Gang Creates “User-Friendly” Stolen Data Search Site for Employee Victims

Phishing Emails Top the List as the Initial Attack Vector for Ransomware Attacks

Email-Based Threats Double as Malware, Credential Phishing, and BEC Detections Increase

[FREE Resource Kit] July Is Ransomware Awareness Month

New Phishing Campaign Impersonates Canada Revenue Agency

[New FBI and CISA Alert] This ransomware strain uses RDP flaws to hack into your network

Celebrity Crypto Scams Just Keep on Getting Worse

[Heads Up] Online Fraud Now Sky-high With 'Tinder Swindler' Romance Scams Costing Hundreds of Millions

Wars and Lechery, Nothing Else Holds Fashion for Phishing Attacks

Bad News to Ransom Payers: 80% of You Will Face a Second Attack Within 30 Days

80% of Organizations Await “Inevitable” Negative Consequences From Email-Born Cyberattacks

New Evasive Phishing Techniques Help Cybercriminals Launch “Untraceable” Campaigns

Innovative Way to Bypass MFA Using Microsoft WebView2 Is Familiar Nevertheless

FBI Warns of Deepfakes Used to Apply for Remote Jobs

CyberheistNews Vol 12 #26 [Heads Up] The FBI Warns That LinkedIn Fraudsters Are Now a Significant Threat

Try the new Compliance Audit Readiness Assessment today for the NIST Cybersecurity Framework

MetaMask Crypto Wallet Phishing

Amazon Prime Day 2022 is Coming: Here are Quick Cybersecurity Tips to Help You Stay Safe

Technology, Microlearning, and its Impact on Users and Cybersecurity

Pre-Hijacking of Online Accounts are the Latest Method for Attackers to Impersonate and Target

“Failure to Authenticate” Wire Transaction at the Heart of a Cyber Insurance Appeal Case

Phishing Scammers Leverage Telegraph’s Loose Governance to Host Crypto and Credential Scams

Vendor Impersonation Competing with CEO Fraud

[Heads Up]  Russia has increased the cyber attacks against countries that help Ukraine

Spear Phishing Campaign Targets the US Military

FBI Warns of Fraudsters on LinkedIn

CyberheistNews Vol 12 #25 [Heads Up] Facebook Phishing Scam Steals Millions of Credentials

KnowBe4 June 2022 Perspective

Smishing Text Scams Have Doubled in the Last Three Years

New PDF-Based Phishing Attack Demonstrates that Office Docs Aren’t Passé – They are Just Obfuscated!

Over 2000 Social Engineering Scammers Arrested in Multi-Country Crackdown on Fraud, BEC, and Money Laundering

Vishing Attacks Increase 550% Over Last Year as the Financial Sector Continues to be a Primary Target

142 Million Customer Records From MGM Resorts Leaked for Free Download

New Phishing Campaign Uses ChatBot Functionality to Build Trust and Steal Credit Card Details

The Next Evolution in Cyberattacks You Need to Worry About: AI

Less Than 40% of Asia-Pacific Organizations Are Confident to Stop Cyber Threats as 83% Experience At Least One Ransomware Attack a Year

Get the latest about social engineering

Subscribe to CyberheistNews