Security Awareness Training Blog

Keeping You Informed. Keeping You Aware.
Stay on top of the latest in security including social engineering, ransomware and phishing attacks.

[Wake-Up Call] It's Time to Focus More on Preventing Spear Phishing

Fighting spear phishing attacks is the single best thing you can do to prevent breaches.
Continue Reading

CyberheistNews Vol 13 #22 [Eye on Fraud] A Closer Look at the Massive 72% Spike in Financial Phishing Attacks

CyberheistNews Vol 13 #22  |   May 31st, 2023 [Eye on Fraud] A Closer Look at the Massive 72% Spike in Financial Phishing Attacks With attackers knowing financial fraud-based phishing ...
Continue Reading

Spear Phishing Trends in 2023

50% of organizations surveyed were victims of spear phishing attacks in the last twelve months, according to a new report from Barracuda. The report also found that, on average, ...
Continue Reading

Russian Ransomware Cybercriminal Behind $200 Million in Damages is Sanctioned by the U.S. Government

The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has identified and designated Mikhail Matveev for his role in ransomware attacks back 2021.
Continue Reading

AI Voice-Based Scams Rise as One-Third of Victims Can’t Tell if the Voice is Real or Not

As audio deepfake technology continues to go mainstream as part of the evolution in AI-based tools, new data shows there are plenty of victims and they aren’t prepared for such an attack.
Continue Reading

[Live Demo] Ridiculously Easy Security Awareness Training and Phishing

Old-school awareness training does not hack it anymore. Your email filters have an average 7-10% failure rate; you need a strong human firewall as your last line of defense.
Continue Reading

The Bookmark Trap: How Discord Admins Fell Prey to Social Engineering

Brian Krebs wrote: "A number of Discord communities focused on cryptocurrency have been hacked this past month after their administrators were tricked into running malicious Javascript ...
Continue Reading

[EPIC AI FAIL] Lawyer cites fake cases invented by ChatGPT

Found this highly amusing article: Legal Twitter is having tremendous fun right now reviewing the latest documents from the case Mata v. Avianca, Inc. (1:22-cv-01461). Here’s a neat ...
Continue Reading

Tips from Customer Panel on Combining Security Awareness and Compliance Culture Training

At KB4-CON 2023, we had a customer panel that I hosted discussing the connection between security and compliance training content when trying to change organizational security culture.
Continue Reading

“Magic Link” Phishing Attacks Scamming Users With Fake McAfee Renewals

Threat actors are using encoded phishing links to evade security filters, according to Jeremy Fuchs at Avanan. The phishing emails purport to be notifications from McAfee informing the ...
Continue Reading

[Mastering Minds]  China's Cognitive Warfare Ambitions Are Social Engineering At Scale

As the world continues to evolve, so does the nature of warfare. China's People's Liberation Army (PLA) is increasingly focused on "Cognitive Warfare," a term referring to artificial ...
Continue Reading

Your KnowBe4 Fresh Content Updates from May 2023

Check out the 20 new pieces of training content added in May, alongside the always fresh content update highlights, events and new features.
Continue Reading

Verizon Sends New Smishing Warning

Verizon has renewed its warnings to customers about the threat of smishing, a social engineering approach that relies upon texts as opposed to other communication channels like the email ...
Continue Reading

[SEG Headache] More Than Half of Cybersecurity Leaders Say That Too Many Phishing Attacks Get Through

Egress, a cybersecurity company that provides intelligent email security, recently released their Email Security Risk Report 2023.
Continue Reading

Financial Fraud Phishing Attacks Increase 72% In One Year; Financial Industry Takes the Brunt

With attackers knowing financial fraud-based phishing attacks are best suited for the one industry where the money is, this massive spike in attacks should both surprise you and not ...
Continue Reading

BatLoader Malware is Now Distributed in Drive-By Attacks

Malign persuasion can take many forms. We tend to hear the most about phishing (malicious emails) or smishing (malicious texts). Other threats are also worth some attention, like the risk ...
Continue Reading

More Than Half of all Email-Based Cyberattacks Bypass Legacy Security Filters

New data shows that changes in cybercriminals’ phishing techniques are improving their game, making it easier to make their way into a potential victim user’s inbox.
Continue Reading

[Hands-On Defense] Unpatched Software Causes 33% of Successful Attacks

As you all know, KnowBe4 frequently promotes security awareness training and we also mention that unpatched software is a distant number two issue after social engineering.
Continue Reading

CyberheistNews Vol 13 #21 [Double Trouble] 78% of Ransomware Victims Face Multiple Extortions in Scary Trend

CyberheistNews Vol 13 #21  |   May 23rd, 2023 [Double Trouble] 78% of Ransomware Victims Face Multiple Extortions in Scary Trend New data sheds light on how likely your organization will ...
Continue Reading

[Microsoft Warning] A 38% Spike In Business Email Compromise with new Cybercrime-as-a-Service

Microsoft has observed a thirty-eight percent increase in cybercrime-as-a-service (CaaS) offerings for launching business email compromise (BEC) attacks between 2019 and 2022.
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews