Security Awareness Training Blog

Keeping You Informed. Keeping You Aware.
Stay on top of the latest in security including social engineering, ransomware and phishing attacks.

Students Phished with Bogus Job Offers

Your KnowBe4 Fresh Content Updates from January 2023

Yahoo Suddenly Rises in Popularity in Q4 to Become the Most Impersonated Brand in Phishing Attacks

Initial Access Brokers Leverage Legitimate Google Ads to Gain Malicious Access

BEC Group Launches Hundreds of Campaigns

KnowBe4 Wins Winter 2023 "Best of" Awards From TrustRadius in Multiple Categories

Artificial Intelligence, ChatGPT and Cybersecurity: A Match Made in Heaven or a Hack Waiting to Happen?

Scammers Impersonate Financial Advisors Through Social Media Platforms

Travel-Themed Phishing Attacks Lure Victims with Promises of Free Tickets, Points, and Exclusive Deals

OneNote Attachments Used as Phish Hooks

Ransomware Targets are Getting Larger and Paying More as Fewer Victims Are Paying the Ransom

Microsoft OneNote Attachments Become the Latest Method to Spread Malware

CyberheistNews Vol 13 #05 [Eye Opener] Is Cybercrime the World's Third Largest Economy After the U.S. and China?

Russian and Iranian Spear Phishing Campaigns are Running Rampant in the UK

Alert: Refund Scam Targeting Federal Agencies via RMM Software

Hacker's Movie Guide: The Complete List of Hacker and Cybersecurity Movies

Stu's Law: "You get the future you ignore"

What is a Good Completion Percentage for Security and Compliance Training?

How Does Quantum Impact Passwords?

Do Not Get Fooled Twice: Mailchimp's Latest Breach Raises Alarm Bells – Protect Yourself Now!

[Security Masterminds] Breaking It Down to Bits & Bytes: Analyzing Malware To Understand the Cybercriminal

Phishing Campaign Impersonates Japanese Rail Company

2022 Report Confirms Business-Related Phishing Emails Trend [INFOGRAPHIC]

CyberheistNews Vol 13 #04 [Heads Up] Unusual Blank-Image Phishing Attacks Impersonate DocuSign

New QR Code Phishing Campaign is Impersonating the Chinese Ministry of Finance

Cybercrime The World’s Third Largest Economy After the U.S. and China

Ransomware Has SMBs Reprioritizing Their Cybersecurity Spending to Combat Attacks

The Current State of Cybersecurity Should Fear AI Tools Like ChatGPT

Unusual Blank-Image Phishing Attacks Impersonate DocuSign

[Eye Popper] Ransomware Victims Refused To Pay Last Year

How South Africa's Largest Law Firm Was Fined R5.5m for Not Educating Customers

Phishing For Industrial Control Systems

The Amazing Thing Is that DHL Phishing Campaigns STILL Work

CyberheistNews Vol 13 #03 [Eye Opener] Password Managers Can Be Hacked Lots of Ways and Yes, You Should Still Use Them

Spear Phishing Campaign Targets Southeast Asia

Cybercriminals Mimic Victim Website to Publish Exfiltrated Data on the Public Web

Government, Higher Ed, School Districts, and Healthcare Continue to be Victims of Ransomware Attacks

Cyberinsurer Beazley Introduces a $45M Cyber Catastrophe Bond to Offset Risk

KB4-CON 2023 Agenda is Now Available!

Is Your Organization’s Password Complexity Requirement Strong Enough? Probably Not

[INFOGRAPHIC] PhishER by the Numbers

[New Feature] Continuously Monitor for Any Detected Password Vulnerabilities Within Your User Base with PasswordIQ

Check Point Software: "2022 Saw A Huge Rise In Cyberattacks"

[Ache In the Head] The Problems With Your Not-So-Secure Email Gateway

[Heads Up] Phishing Attacks Are Now The Top Vector For Ransomware Delivery

Government Workers as Phishing Targets

21% of federal agency passwords cracked in their security audit

Italian Cybercriminal Pleads Guilty to Phishing for Book Manuscripts

Password Managers Can Be Hacked Lots of Ways and Yes, You Should Still Use Them

CyberheistNews Vol 13 #02 [Bad Taste] There Is a New Trend in Social Engineering With a Disgusting Name; 'Pig-butchering'

The Good, the Bad and the Truth About Password Managers

Phishing in the Service of Espionage

A Look Back at Mobile Government Cyberattacks Shows Increased Attacks and Weaker Security

Ransomware and Fraudulent Funds Transfer are the Two Main Drivers of Cyber Loss

New Crypto Scam Targets Flipper Zero Buyers Impersonating Legitimate Shops

Phishing Campaigns Impersonate the UK Government

These grim figures show that the ransomware problem isn't going away

[Live Demo] Ridiculously Easy Security Awareness Training and Phishing

CyberheistNews Vol 13 #01 [Heads Up] Giant LastPass Breach Can Supercharge Spear Phishing Attacks

Using AI Large Language Models to Craft Phishing Campaigns

There is a New Trend in Social Engineering with a Disgusting Name; "Pig-butchering"

Finance and Insurance Is the Sector Most Impacted by Data Breaches In 2022

One Out of 10 Threats Still Make It All the Way to the Endpoint

Your KnowBe4 Fresh Content Updates from December 2022

Phishing Activity Rose 130% in the Second Half of 2022, Representing Three-Quarters of All Email-Based Attacks

[Heads Up] Giant LastPass Breach Can Supercharge Spear Phishing Attacks

CyberheistNews Vol 12 #52 [Heads Up] Top 10 Cyber Security Predictions for Next Year. Read It, This Is a Good One

[Eye Opener] Insurance policy doesn’t cover ransomware attack, Ohio Supreme Court says

Attackers Pose as Facebook Support Using Legitimate Facebook Posts to Bypass Security Solutions

QBot Malware Attacks Use SVG files to Perform HTML Smuggling

Microsoft Warns of Signed Drivers Being Used to Terminate AV and EDR Processes

The Number of Phishing Attacks Grows 15% in One Quarter, Reaching an All-Time High

New Polymorphic Wiper Malware Leaves Attacked Environments “Unrecoverable”

Spear Phishing Campaign Targets Japanese Political Organizations

"How I lost my dog and almost my Google credentials..."

KnowBe4 Named a Leader in the Winter 2023 G2 Grid Report for Security Orchestration, Automation, and Response (SOAR)

KnowBe4 Named a Leader in the Winter 2023 G2 Grid Report for Security Awareness Training

Ivanti Report Shows Cybersecurity Practitioners Concentrating on Right Threats

’Tis the season for Scam-Folly Fa La La La La

XLL Files Used to Deliver Malware

CyberheistNews Vol 12 #51 [Ughh] The FBI's Trusted Threat Sharing 'InfraGard' Network Was Hacked

Now BEC Attacks Steal Physical Goods

Social Engineering, Money Mules, and Job Seekers

Hospitals Warned of Royal Ransomware Attacks by U.S. Department of Health

Less Than One-Third of Organizations Leverage Multiple Authentication Factors to Secure Their Environment

Ten Charged with BEC Healthcare Scheme That Took More than $11 Million

Cybersecurity Experts Weigh in on Modern Email Attacks

Interest in Infostealer Malware Within Cyberattacks Spikes as MFA Fatigue Attacks Increase

October and November Have Been the Two Busiest Months for Ransomware

Utility Bill is the New Phishbait for Cybercriminals

Look Out For Scammers This Holiday Season on Social Media

Ughh. FBI’s Vetted Threat Sharing Network ‘InfraGard’ Hacked

CyberheistNews Vol 12 #50 [EYE OPENER] How ChatGPT Can Be Used for Social Engineering

CISA Phishing Infographic Contains a Lot of Good Information

[CASE STUDY] New-school Approach to Training and Simulated Phishing Shines Over Traditional LMS

[EYE OPENER] How ChatGPT Can Be Used For Social Engineering

Incident Response Actions are Systematically Reversed by Hackers to Maintain Persistence

New Modular Attack Chain Found That Allows Attackers to Change Payloads Mid-Breach

Scammer Group Uses Business Email Compromise to Impersonate European Investment Portals

[Eye Opener] Cybersecurity Resilience Emerges as Top Priority as 62% of Companies Say Security Incidents Impacted Business Operations

Cyber Insurers Focus on Catastrophic Attacks and Required Minimum Defenses as Premiums Double

Archives Overtake Office Documents as the Most Popular File Type to Deliver Malware

[On-Demand] Ransomware, Ransom-war and Ran-some-where: What We Can Learn When the Hackers Get Hacked

Russian Threat Actor Impersonates Aerospace and Defense Companies

Holiday Shopping Scams Online Are Too Good to be True

CyberheistNews Vol 12 #49 [Keep An Eye Out] Beware of New Holiday Gift Card Scams

Credential Phishing with Apple Gift Card Lures

Inside NATO’s Efforts To Plan For A Future Cyberwar

New Threat Group Already Evolves Delivery Tactics to Include Google Ads

Latest Netflix-Impersonated Phishing Attacks Surge in Frequency by 78% Since October

It’s Official: COVID-related Phishing is Dead as Scammers Return to Impersonating Famous Brands

Ransomware Attacks on Holidays and Weekends Increase and Take a Greater Toll on Organizations

Your KnowBe4 Fresh Content Updates from November 2022

Spoofing-as-a-Service Site Taken Down

[Keep An Eye Out] Beware of New Holiday Gift Card Scams

CyberheistNews Vol 12 #48 [Eye Opener] Microsoft Warns Against Recent, Complex, Ransomware Campaign

Quiet Quitting Can Potentially Lead to Insider Security Risks

Merriam-Webster has announced "gaslighting" as the 2022 word of the year

[New App] Empower Your Users to Engage with Security Awareness and Compliance Training Anytime, Anywhere with the KnowBe4 Learner App

There’s No Such Thing as a Free Yeti, Only Social Engineering Tactics

WhatsApp data breach sees nearly 500 million user records up for sale

[Send This To Your Users] 5 Top Scams To Watch Out For This Holiday Season

Cybersecurity incidents cost organizations $1,197 per employee, per year

A Recent, Complex, Ransomware Campaign

New Instagram Support Phishing Attack Fakes “Unusual Logon” Experience Well Enough to Fool Victims

Image-Based Phishing and Phone Scams Continue to Get Past Security Scanners

CyberheistNews Vol 12 #47 [Heads Up] Watch Out for This Tricky New Tactic Called Clone Phishing

World Cup Phishing Attacks Doubled And Will Increase

MFA Fatigue Attacks

4 out of 10 Emails are Unwanted as nearly 40% of all Attacks Start with Phishing

10 Million Health Records from Australian Insurer Medibank are Leaked After Refusing to Pay the Ransom

2022 Black Friday and Cyber Monday Scams

Over One-Third of Companies Who Pay the Ransom are Targeted for a Second Time

Retailers: Credential Harvesting Attacks Are the “Big Thing” This Year for the Holiday Season

This New Phishing Kit Flies Under the Radar of Antivirus Software

Phishing Attacks Misuse Microsoft Dynamics 365 Customer Voice Functionality to Hide Malicious Links

Valid Accounts Rank as the Top Initial Access Infection Vector, Putting a Spotlight on Credentials

Ransomware Attacks on UK Organizations are Not Being Reported Enough, Clouding Impact

Cyber Insurance Rates Begin to Stabilize as Insurers Gain Better Insight into Cyberattacks

Holiday Package or Scam Message? Clickers Beware

Watch Out For This Tricky New Tactic Called Clone Phishing

FBI director says he's 'extremely concerned' about China's ability to weaponize TikTok

[SCAM OF THE WEEK] Phishing Campaign Targets Crypto Users

Fangxiao Domain-Spoofing for Revenue

[FREE Resource Kit] Stay Safe This Holiday Season with KnowBe4

CyberheistNews Vol 12 #46 [EYE OPENER] Here Is What You Can Do to Inspect SMS URL Links Before Clicking

“Hired Hand” in the Kingdom of Saudi Arabia Uses Domain Spoofing

The Rise in Unwanted Emails, Now Found to be Nearly 41%

[HEADS UP] FBI Warns of Tech Support Scams That Impersonate Payment Portals for Fake Refunds

Phishing Campaign Abuses Microsoft Customer Voice

Three-Quarters of Employees Feel It’s the Company’s Job to Ensure Security, Despite Three-Quarters Also Personally Experiencing a Cyberattack

Ransomware Attacks Targeting Manufacturing are up 52% Over the Course of 12 Months

Cyberattacks Globally Increased by 28% in the Third Quarter of 2022 as the Average Org Experiences Over 1,100 Attacks Weekly

Here Is What You Can Do To Inspect SMS URL Links Before Clicking

Cookie-stealing Feature Added by Phishing-as-a-Service Provider To Bypass MFA

[EYES OUT] This Scary Strain of Sleeper Ransomware Is Really a Data Wiper in Disguise

PhishER Turns Golden Hour Into Golden Minute

CyberheistNews Vol 12 #45 [EYE OPENER] Phishing Attacks Up 61% Over 2021. A Whopping 255 Million Attacks This Year So Far...

New Business Email Compromise Gang Impersonates Lawyers

[HEADS UP] Australia Continues to be Vulnerable to Cybercrimes as Half a Billion Has Been Lost to Scammers

[New Product] Users Making Security Mistakes? Coach Them in Real-Time with SecurityCoach

Russian trolls and bots are back, targeting Tuesday’s U.S. midterms.

DHL Tops the List of Most Impersonated Brand in Phishing Attacks

New LinkedIn-Impersonated Phishing Attack Uses Bad Sign-In Attempts to Harvest Credentials

Number Matching Push-Based MFA Is Only Half the Solution

KnowBe4 Wins 2022 "Best Software" Awards From TrustRadius in Multiple Categories

Phishing for Feds: Credential-Harvesting Attacks Found in New Study

FBI: Watch Out for Student Loan Forgiveness Scams!

CheckPoint Warns of Black Basta Ransomware as the Number of Victim Organizations Increases by 59%

CISA Warns of Daxin Team Ransomware Group Targeting the Healthcare and Public Health Sector via VPNs

[On-Demand Webinar] Hacking Biometrics: If You Thought Your Fingerprints Were Safe, Think Again!

Phishing Resistant MFA Does Not Mean Un-Phishable

[Scam of The Week] New Phishing Email Exploits Twitter’s Plan to Charge for Blue Checkmark

CyberheistNews Vol 12 #44 [INFOGRAPHIC] KnowBe4 Top-Clicked Phishing Email Subjects for Q3 2022

What Happens to an Organisation When It Has No Security Culture?

Australia's Lacking Cybersecurity Workforce Results to a Influx in Attacks

[WARNING] Micro Transactions Lead to a Drained Bank Account

LinkedIn Phishing Attack Bypassed Email Filters Because it Passed Both SPF and DMARC Auth

[EYE OPENER] Phishing Attacks 61% Up Over 2021. A Whopping 255 Million Attacks This Year So Far

The Number of Vulnerabilities Associated with Ransomware Grows 426% Over Three Years

Ransomware Attacks Via RDP Drop Significantly as Phishing Continues to Dominate

Over Two-Thirds of Organizations Have No Ransomware-Specific Incident Response Playbook

Your KnowBe4 Fresh Content Updates from October 2022

Stolen Devices and Phishing

[APPLY TODAY] Security Awareness Training Eligible for $185 Million DHS Cybersecurity Grant Opportunity

KnowBe4 Top-Clicked Phishing Email Subjects for Q3 2022 [INFOGRAPHIC]

Passkeys Are Being Pushed in a Big Way

Don’t Let High-Tech Distract You from Low-Tech

CyberheistNews Vol 12 #43 [Heads Up] This New Strain of Fake Ransomware Is Sloppy but Dangerous

[Eye Opener] Work In IT? You Get Attacked Much More Than Other Employees

Major UK Outsourcer Hit With Multi-Million Dollar Fine Due to a Phishing Attack

Phishing for Student Email Accounts

BazarCall Expands Callback Phishing Campaigns to Include More Support Sites and Malicious Tactics

New Credential Harvesting Scam Impersonates Google Translate to Trick Victims

[INFOGRAPHIC] 10 Tips for Running a Successful Compliance Training Program

New Phishing Attack Attempts to Steal Social Security Numbers

Phishing Targets US Election Workers

Scary Metaverse - Cybersecurity Risk Implications

New COVID-19 Phishing Wave Misuses Google Forms to Steal Victim Information

91% of Organizations are Concerned About Ransomware Attacks in 2022

Get the latest about social engineering

Subscribe to CyberheistNews