The most often recommended piece of anti-phishing advice is for all users to “hover” over a URL link before clicking on it. It is great advice.
Like a ghost, most business email compromise (BEC) scams are able to sneak through most technical defenses and end up in end-user inboxes.
I frequently write about authentication, including PKI, multi-factor authentication (MFA), password managers, FIDO, Open Authentication, and biometrics. I have written dozens of articles ...
The number one way that hackers and malware compromise people, devices, and networks is social engineering. No one argues that anymore, but it was not always known or discussed that way. ...
Most social engineering scams search out their potential victims, often sending emails to known email addresses, sending chat messages to them or calling known phone numbers. The ...
This blog was co-written by KnowBe4's Data-Driven Defense Evangelist Roger A. Grimes and Chief Learning Officer John Just. Social engineering is involved in 70% to 90% of successful ...
There are many ways to be socially engineered and phished, including email, websites, social media, SMS texts, chat services, phone calls and in-person. These days, it is hard to sell ...
For years, KnowBe4 has been a long-time proponent of everyone using PHISHING-RESISTANT multi-factor authentication (MFA) whenever possible.
Fighting spear phishing attacks is the single best thing you can do to prevent breaches.
The evidence is clear – there is nothing most people and organizations can do to vastly lower cybersecurity risk than to mitigate social engineering attacks. Social engineering is ...
Since the beginning, two types of computer attacks (known as initial root cause exploits) have composed the vast majority of successful attacks: social engineering and exploiting ...
With all the overwrought hype with ChatGPT and AI…much of it earned…you could be forgiven for thinking that only the bad actors are going to be using these advanced technologies and the ...
There is no doubt that ransomware is one of the top cybersecurity challenges of our lifetime. Survey after survey has revealed senior management and IT employees from the top on down, ...
I get asked all the time to “predict” the future of cybercrime. What will be the next big cyber attack? What will be the next paradigm platform shift that attackers will target? And so on.
Mea Culpa. When you make a mistake, admit you made a mistake.
I talk and present often about DMARC (and SPF and DKIM), including here. A lot of people who think they understand how DMARC works, do not really understand it as well as they think they ...
I’ve been doing computer security for over 34 years and in that time, I haven’t seen a lot of game-changing products. What I have seen is a lot of new products that claimed to be ...
Most computer security practitioners have understood for many years the importance of having an aggressive security awareness training program. As social engineering is involved in 70% to ...
Some common questions we get are “Should I click on an unwanted email’s ’Unsubscribe’ link? Will that lead to more or less unwanted email?”
You should use phishing-resistant multi-factor authentication (MFA) when you can to protect valuable data and systems. But most biometrics and MFA are not as strong as touted and much of ...
