Security Awareness Training Blog

Keeping You Informed. Keeping You Aware.
Stay on top of the latest in security including social engineering, ransomware and phishing attacks.

Your KnowBe4 Fresh Content Updates from November 2021

[Heads Up] First Omicron Phishing Attack Spotted In The UK

Morgan Stanley Warns Against “Brushing Scam”

Ingenious New Attack Technique Uses Windows Store to Install Malware

91% of All Baiting Attacks Use Gmail to Collect Intel on Potential Victims

When Cybercriminals Hide in Plain Sight: Hacking Platforms You Know and Trust

Holiday Shopping and Phishing-as-a-Service

Bitcoin Scam Videos on Instagram are Part of an Elaborate Account Takeover Scam

Phishing Attacks Smash All Records in Q3 2021 With the Highest Monthly Number of Attacks Ever

Mobile Phishing Attacks Surge 161% in the Energy Industry

Data Breach Costs Increase by $1 Million When Remote Workers Are Involved

CyberheistNews Vol 11 #47 [Heads Up] New Dangerous and Persistent "Metamorphic" Malware Strain Called Tardigrade

Spear Phishing Campaign Targets North Korean Defectors

[Live Demo] Ridiculously Easy Security Awareness Training and Phishing

Phishing Reported in IKEA’s Internal Email System

John Scimone, SVP and Chief Security Officer at Dell Technologies, says “security is everyone's job.”

FBI: Cyber Attacks Target Organizations Involved in Mergers and Acquisitions

Email Classified as ‘Malicious’ by Employees Has Increased by 35% in the Last Year

Phishing Attacks Impersonating Amazon Continue, Raising Concerns on the Cusp of Black Friday and the Holidays

Planning on Relaxing During the Holiday? Think Again – Ransomware Attacks May Have You Working Over a Holiday Break!

Avoid Donating to Charity Scammers During Giving Tuesday 2021

[Scam of the Week] Black Friday & Cyber Monday Cybersecurity Tips 2021

[FREE Resource Kit] Stay Safe This Holiday Season with KnowBe4

SEC Warns of Spoofed Emails Impersonating Their Employees

New Dangerous and Persistent "Metamorphic" Malware Strain Called Tardigrade

CyberheistNews Vol 11 #46 Phishing Emails Use Small Font Size To Bypass Security Filters

Phishing Campaign Targets TikTok Influencers

Microsoft Exchange Server Flaws Now Exploited for BEC Attacks

'Fake Ransomware' as a Form of Social Engineering

Social Engineering, Persistence, and a Few Phone Calls is All it Takes to Steal $1 Million

Ransomware Gangs Now Have Enough Money to Afford Zero-Day Exploits

Malicious Retail Phishing Sites Spike Ahead of Shopping Holidays

CyberheistNews Vol 11 #45 [HEADS UP] Get Prepared for Sophisticated Black Friday Scams

Trends in Cybercrime Report Phishing, Non-Payment Scams, and Extortion

Rosa Smothers is Featured in the Women Know Cyber Documentary

Phishing Emails Use Small Font Size to Bypass Security Filters

One-Fifth of U.K. Residents Have Experienced a ‘Proof of Vaccination’ Attack

“Customer Complaint” May Get Your Attention

Will Ransomware Extortion Tactics Ever Stop Evolving?

Use of Ransomware Data Leak Sites Begin to Slow Down?

Bait Attacks as Reconnaissance

Phishing Attacks Aimed at Social Accounts Now in the Top Three Targeted Sectors

Business Email Compromise-as-a-Service Emerges as Attempted Fraud Soars to as High as $6 Million

The TodayZoo Phishing Kit Has All the Obfuscation and Impersonation Needed to Fool Your Users

Median Ransomware Payment Jumps 50% as Mid-Market Becomes More Targeted

CyberheistNews Vol 11 #44 [Heads Up] Multi-Stage Vishing Attacks Are Coming to an Inbox Near You

New 'Frankenphishing' Tactic Combines Other Phishing Kits Into One

[HEADS UP] Popular Stock Trading Platform Becomes Next Victim of Data Breach

New Browser Cookie “Smash and Grab” Attack Targets YouTube Creators

Enabling and Securing Remote Workers are Top Concerns as 80% of Organizations Experience Cyberattacks as Often as Once per Hour

Preparing for Black Friday Scams

How Not To Get Phished: It Is the Message Not the Medium

Your KnowBe4 Fresh Content Updates from October 2021

FBI Warns that Financial Events are Occasions for Extortion

CyberheistNews Vol 11 #43 [HEADS UP] Nuclear Ransomware 3.0: It Is About To Get Much Worse

Not that You Would, but Looking for a Sugar Daddy's a Bad Idea

[On-Demand Webinar] Hacking Your Organization: 7 Steps Cybercriminals Use to Take Total Control of Your Network

Misconceptions and Assumptions about Cybersecurity

Multi-Stage Vishing Attacks are Coming to an Inbox Near You

Eight Romance Phishing Scammers with Ties to Nigerian Organized Crime Arrested After Stealing Nearly $7 Million

Over Half of all Impersonation Attacks Target Non-Executive Employees

KnowBe4's Q3 2021 Top-Clicked Phishing Email Report Includes New Global Data [INFOGRAPHIC]

Nuclear Ransomware 3.0: It Is About To Get Much Worse

Cybercriminals are using Craigslist email notifications to send phishing links

CyberheistNews Vol 11 #42 [EYE OPENER] Why Security Awareness Testing Alone Isn't Enough

Russian SolarWinds Hackers Newly Attack Supply Chain With Password-Spraying and Phishing

New Ransomware Variant Brings with it the Dawn of the Era of “Quintuple-Extortion”

Perry Carpenter Interviews with Safety Detectives

Celebrity Hacks and the Frenzy of Renown

Phishing Campaign Targets Organizations in India and Afghanistan

New Impersonation Attack Demonstrates That Threat Actors Don’t Need to Get the Logo Correct

Cybercriminal Group SnapMC Takes a Page from Ransomware Gangs in Data Breach-Turned-Extortion Attacks

Deepfake Technology is Cloning a Voice from the C-Suite

U.S. Government Says To Avoid Phishing-Resistant MFA

Why Security Awareness Testing Alone Isn’t Enough

CyberheistNews Vol 11 #41 [EYE OPENER] Two-Thirds of Organizations Have Been a Target of Ransomware

1 in 3 IT Organizations Have no Cyberattack Incident Response Plan

Ex-Bank of America Employee Charged with Business Email Compromise Money Laundering

We Are Official Guinness World Records Holders!

Iranian Phishing Campaigns Are Running Rampant

Two-Thirds of Organizations Have Been a Target of Ransomware

U.S. Treasury Puts Out New Advisory on Potential Sanctions Risks for Facilitating Ransomware Payments

Hospitals Respond to Influx of Ransomware Attacks by Increasing Budgets

A Novel Form of Homographic Attack

U.K. Residents Experience a 116% Increase in Nuisance Calls, Texts, and Emails in 2021

Warning: Cybercriminals Target Organizations Going Through M&A Activity

NIST on Phishing Awareness

Man Spends Thousands and is Exposed for Typosquatting with Cryptocurrency

CyberheistNews Vol 11 #40 [Heads Up] The New James Bond Movie Is Cybercriminals Shiniest Phishbait

IBM: ”Phishing Is A Popular Cybercrime Attack Vector”

Dutch Government Can Respond to Ransomware Attacks with Armed Forces if Needed

What’s Next for the 3.8 Billion Entries in the Clubhouse-Facebook Database? Plenty of Social Engineering Attacks

When It Comes to Password Hygiene, Users Say One Thing, But Do Another

U.K. Authorized Push Payment Scams Jump 71% in First Half of 2021, Taking in £355 Million

KnowBe4 Celebrates Winning a Tech Cares Award From TrustRadius

Framing the Social Engineering Risk in Business Terms

Your KnowBe4 Fresh Content Updates from September

[On-Demand Webinar] 5 Things You Need To Know About Ransomware Before It's Too Late

Telecom Company Responsible for Routing Billions of Text Messages Annually Acknowledges Multi-Year Breach

CyberheistNews Vol 11 #39 [New Criminal Tactic]: Shortened LinkedIn URLs Are Now Used as Phish Hooks

Phishing: Low- Middle- and High-Level

New James Bond Movie is Cybercriminals Shiniest Phishbait

Hackers rob thousands of Coinbase customers using phishing attacks and an MFA flaw

Phishing Attacks Maintain “New Normal” Elevated Levels into the Middle of 2021

90% of All Cyber Attacks on Organizations Involve Social Engineering

Phishing Campaign Impersonates Zix Messages

Happy Cybersecurity Awareness Month 2021 from KnowBe4!

Europol: Italian Mafia Tied to Cybercriminals Responsible for €10 Million in Cyberattacks

5th Circuit Court Finds Cyber Insurer Must Pay for $1 Million Social Engineering Attack

Phishing Kits and Phishing-as-a-Service Responsible for Over 300,000 URLs Used in Phishing Attacks

Someone's Impersonating the California DMV in Texts

CyberheistNews Vol 11 #38 [EYE OPENER] Over 100 Million Lost to Romance/Crypto Scams in First Seven Months

Google Ads Abused to Deliver Malware

New Tactic: Shortened LinkedIn URLs Are Now Used As Phish Hooks


Newest iPhone Launch is Now a Scammer's Advantage

KnowBe4 Named a Leader in the Fall 2021 G2 Grid Report for Security Awareness Training

[HEADS UP] Millions of malicious emails will slip past security filters in Q4

Executives: Ransomware is the Greatest Threat Concern, But Few are Actually Prepared

Travel-Related Phishing Scams and Websites Surge More Than 400%

$1 Trillion Infrastructure Bill is the Catalyst for DOT-Impersonated Phishing Attacks Targeting Contractors

Social Media Quizzes May Be Data Scrapers Building Victim Profiles

Kaspersky: Use of New QakBot Banking Trojan that Steals Emails Up 65%

FBI Warns of Continued Ransomware Attacks Targeting the Food and Agriculture Sectors

CyberheistNews Vol 11 #37 [Heads Up] A New Phishing Attack on Microsoft 365 Users Leverages Open Redirects To Avoid Detection

Recent Cryptocurrency Scam Posed as “The Elon Musk Mutual Aid Fund”

[INFOGRAPHIC] How to Run a Successful Security Awareness Training Program

Over $100,000,000 Lost to Romance Scams in Seven Months

[NEW FEATURE] Admins Can Save and Schedule KnowBe4 Reports to Automatically Send on a Recurring Basis

Enterprise Organizations Have as Much as an 85% Chance of Receiving a BEC Attack Every Week

Probability of Experiencing a Vendor Email Compromise Attack Increases 96%

New Phishing Attack on Microsoft 365 Users Leverages Open Redirects to Avoid Detection

That's Not the US Department of Transportation, It's a Phishing Attack

Brute Force Attacks are on the Rise as June sees a 671% increase

Researchers Discover Vulnerability Used for Deception and SSID Stripping

U.S. Cyber Command General Promises 'Surge' To Fight Ransomware Attacks

Register for the Cybersecurity Virtual Summit KB4-CON EMEA Today!

CyberheistNews Vol 11 #36 [EYE OPENER] The Number Of Daily Ransomware Attacks Skyrockets Nearly 1,000% In 2021

Social Media as Artillery Preparation for Spear Phishing

Business Email Compromise Scam takes New Hampshire Town for $2.3 Million

Ransomware Resurrection? REvil Servers Come Back Online

Blame it on the Lizard Brain

[On-Demand Webinar] A Master Class on Cybersecurity: Roger Grimes Teaches Data-Driven Defense

Wanting to Stream the Italian Grand Prix This Weekend? It Might Be a Scam.

Five Signs of Social Engineering

A Look at Phishing Keywords

The Number of Daily Ransomware Attacks Increase Nearly 1000% in 2021

The Amount of Weekly New Phishing URLs Has Grown Nearly 2.5x Since 2020

BEC, Fraud, and Ransomware Attacks Are All on the Rise and Costing More Than Ever

Phishing for the German Bundestag

[FREE COURSES] Two New Training Modules are Now Available to Support Cybersecurity Awareness Month

CyberheistNews Vol 11 #35 [Heads Up] When the URL Domain Is Not Enough To Avoid That Phish

Windows 11 Phishbait by Active Threat Group Now Delivers Malware

Conti's Ransomware Playbook Includes Recon for Users with Privileged Access

Be Wary of Unrequested Disc Images

Email-Based Cyberattacks Double Between January and June

CISA: Ransomware Attacks Favor Holidays and Weekends

Ransomware Attacks in 2021 Have Increased Nearly Three-fold in the First Half of the Year

Your KnowBe4 Fresh Content Updates from August

BEC and the Underworld's Resources

Large Phishing Campaign Abuses Open Redirects

When the URL Domain Is Not Enough To Avoid a Phish

[Live Demo] Ridiculously Easy Security Awareness Training and Phishing

CyberheistNews Vol 11 #34 [Heads Up] A Tricky New COVID-19 Phishing Caper

[FREE Resource Kit] Cybersecurity Awareness Month 2021 Now Available

U.K. Organizations See Double the Number of Ransomware Attacks in the First Half of 2021

Cryptominers are Tricked out of Cryptocurrency Using Phishing Scams Involving the Purchase of Mining Equipment

Cybercriminals Can Post Jobs on LinkedIn Posing as Any Employer They Want

A COVID-19 Phishing Caper

A Look at a Ransomware Affiliate

Nigerian Threat Actors Solicit Victim Organization Employees to Deploy Demon Ransomware

Arrests in International Fraud Scheme Due to Social Engineering

Hospitals Continue to be Ransomware Targets as Half Experience Shutdowns in the Last 6 Months

Microsoft Warns of New Phishing-Turned-Vishing-Turned-Phishing Attack Aimed at Installing Ransomware

CyberheistNews Vol 11 #33 [EYE OPENER] The Anatomy Of New Smishing Attacks And How To Avoid Them

“Compromise” is the “C” in “MICE”

CISA shares guidance on how to prevent ransomware data breaches

Phishing Attacks Have Increased by 22% This Year

Defending Against Ransomware Attacks Should Start (and Can End) With Security Awareness Training

Can the Microsoft 365 Platform Be Trusted to Stop Security Breaches?

Deepfakes Continue to be a Concern as the Technology Improves and Becomes More Convincing

Trend Micro: Most Organizations in the World Will Likely Be Compromised in the Next 12 Months

Cyber Attacks Grow 125% as Ransomware Tops the List Plaguing Enterprise Organizations

The Average Ransom Demand of $5.3M in 2021 is Up 518% From Last Year

Copyright Scammers Now Making Phone Calls

Attackers Use Morse Code to Encode Phishing Attachments

KnowBe4’s Automated Security Awareness Program Builder Now Available in Nine Languages

CyberheistNews Vol 11 #32 [Heads Up] The Cyber Insurance Industry Is Wrongly Hedging Its Bets On MFA

The Anatomy of Smishing Attacks and How to Avoid Them

Military Personnel Vulnerable to Fraud

Words of Advice for Organizations on Cybersecurity Best Practices

What’s in a (Ransomware Gang) Name? (A Gang by Any Other Name is Just as Dangerous)

Is Being a Ransomware Affiliate Profitable? The Math Says it is!

Android Trojan Goes After Facebook Accounts

Spear Phishing Becomes a Bigger Problem as the Average Organization is Targeted 700 Times a Year

DarkSide Ransomware Returns as BlackMatter After Sudden Shutdown of Operations

Cyber Insurance Rates Climb 30% as Ransomware Attacks, Costs, and Payments are All on the Rise

CyberheistNews Vol 11 #31 [HEADS UP] Microsoft Warns of Sneaky Phishing Campaign

Cyber Insurance Industry Wrongly Hedging Its Bets on MFA

FTC Warns of Unemployment Insurance Phishing Scheme

Get the latest about social engineering

Subscribe to CyberheistNews