Human Risk Management Blog

[Heads Up] QR Code Phishing is Getting More Stealthy Fast

Attackers are using new tactics in QR code phishing (quishing) attacks, according to researchers at Palo Alto Networks’ Unit 42.

Most Phishing Emails Rely Purely on Social Engineering

99% of phishing emails that reached inboxes last year did not contain malware, according to a new report from Fortra.

CyberheistNews Vol 15 #13 Why Password Security Matters: The Danish and Swedish Password Problem

Report: Phishing Remains the Most Prevalent Cyber Threat

INKY has published its annual report on email security, finding that phishing accounted for 30% of all reported cybercrimes last year.

Amount of Money Requested In BEC Attacks Nearly Doubled in Q4 2024

The average amount of money requested in business email compromise (BEC) attacks spiked to $128,980 in the fourth quarter of 2024, according to the Anti-Phishing Working Group’s (APWG’s) ...

CyberheistNews Vol 15 #12 Key Takeaways from the KnowBe4 2025 Phishing Threat Trends Report

Act Now: Phishing-as-a-Service Attacks are on the Rise

Phishing-as-a-service (PhaaS) platforms drove a surge in phishing attacks in the first two months of 2025, according to researchers at Barracuda.

Hundreds of Malicious Android Apps Received 60 Million Downloads

Bitdefender warns that a major ad fraud campaign in the Google Play Store resulted in more than 60 million downloads of malicious apps.

Phishing Attacks Abuse Microsoft 365 to Bypass Security Filters

Threat actors are abusing Microsoft’s infrastructure to launch phishing attacks that can bypass security measures, according to researchers at Guardz.

Be Vigilant: BEC Attacks Are on the Rise

Business email compromise (BEC) attacks rose 13% last month, with the average requested wire transfer increasing to $39,315, according to a new report from Fortra.

Booking.com Phishing Scam Targets Employees in the Hospitality Sector

A phishing campaign is impersonating travel agency Booking.com to target employees in the hospitality industry, according to researchers at Microsoft.

CyberheistNews Vol 15 #11 [Heads Up] 245% Increase in SVG Files Used to Obfuscate Phishing Payloads

Protect Yourself: Social Engineering Fuels SIM Swapping Attacks

Group-IB has published a report on SIM swapping attacks, finding that attackers continue to use social engineering to bypass technical security measures.

Beware: Malvertising Campaign Hits Nearly a Million Devices

Microsoft warns that a widespread malvertising campaign hit nearly one million devices around the world. The campaign, which began on illegal streaming sites, impacted both consumer and ...

U.S. Justice Department Charges China’s Hackers-for-Hire Working IT Contractor i-Soon

The U.S. Justice Department has charged ten Chinese nationals for acting as hackers-for-hire for the Chinese government.

CyberheistNews Vol 15 #10 [Heads Up] Sophisticated Phishing Attack Uses New JavaScript Obfuscation Trick

Your KnowBe4 Compliance Plus Fresh Content Updates from February 2025

Check out the February updates in Compliance Plus so you can stay on top of featured compliance training content.

Your KnowBe4 Fresh Content Updates from February 2025

Check out the 58 new pieces of training content added in February, alongside the always fresh content update highlights, new features and events.

Warning: Ransomware Threats Increased Fourfold in 2024

Researchers at Barracuda observed a fourfold increase in ransomware threats last year, driven by increasingly sophisticated ransomware-as-a-service (RaaS) operations.

Data at Risk: 96% of Ransomware Attacks Involve Data Theft

A new report from Arctic Wolf has found that 96% of ransomware attacks now involve data theft as criminals seek to force victims to pay up.