Human Risk Management Blog

Keeping you informed. Keeping you aware.
Stay on top of the latest in security including social engineering, ransomware and phishing attacks.

Over Half of all Impersonation Attacks Target Non-Executive Employees

A new report shows how cybercriminals focus on users that are less vigilant and more prone to falling for social engineering and impersonation tactics designed to gain access to finances.

KnowBe4's Q3 2021 Top-Clicked Phishing Email Report Includes New Global Data [INFOGRAPHIC]

KnowBe4's latest quarterly report on top-clicked phishing email subjects is here. We are now looking at the top categories globally, general subjects (in the United States and Europe, ...

Ransomware 3.0: It Is About To Get Much Worse

If you think ransomware is bad, it is about to get much, much worse. What will ransomware gangs do? Just everything.

Cybercriminals are using Craigslist email notifications to send phishing links

Cybercriminals are using Craigslist email notifications to send phishing links, according to Roger Kay at INKY. The emails contain links to download a document with malicious macros.

Russian SolarWinds Hackers Newly Attack Supply Chain With Password-Spraying and Phishing

Researchers at Microsoft have observed an attack phishing campaign by Russia’s SVR that’s targeting resellers and managed service providers. Microsoft tracks this threat actor as ...

New Ransomware Variant Brings with it the Dawn of the Era of “Quintuple-Extortion”

A ransomware gang with a new variant is trailblazing us towards the future of ransomware by making threats that go well beyond the simple ransom transactions of yesterday.

Perry Carpenter Interviews with Safety Detectives

Our very own Perry Carpenter, KnowBe4's Chief Evangelist and Strategy Officer, recently interviewed with Aviva Zacks of Safety Detectives.

Celebrity Hacks and the Frenzy of Renown

Avast offers a look at incidents in which celebrities have been the victim of social engineering attacks. The firm notes that while celebrities are higher profile targets, attackers use ...

Phishing Campaign Targets Organizations in India and Afghanistan

A threat actor based in Pakistan is targeting entities in India and Afghanistan with malware-laden websites, according to researchers at Cisco Talos.

New Impersonation Attack Demonstrates That Threat Actors Don’t Need to Get the Logo Correct

A new trend in social engineering and impersonation emerges as cybercriminals take advantage of a user’s inability to properly identify fake corporate logos in phishing attacks.

Cybercriminal Group SnapMC Takes a Page from Ransomware Gangs in Data Breach-Turned-Extortion Attacks

New analysis of attacks shows threat actors that traditionally focus on stealing data are now utilizing extortion as their monetization strategy, converging tactics with ransomware ...

Deepfake Technology is Cloning a Voice from the C-Suite

Criminals used deepfake technology to steal $35 million from a company in the United Arab Emirates, Forbes reports. The attackers used “deep voice” technology to spoof the voice of a ...

U.S. Government Says To Use Phishing-Resistant MFA

The U.S. government has been pushing people to avoid SMS- and voice call-based multi-factor authentication (MFA) for years, but their most recent warning is to avoid any MFA that is ...

Why Security Awareness Testing Alone Isn’t Enough

Here is a story from one of our customers who wants to help other organizations like you strengthen their cybersecurity practices. Find out about the important lessons they learned when ...

1 in 3 IT Organizations Have no Cyberattack Incident Response Plan

Despite increases in ransomware attacks, ransom amounts and how often payments are made, new data shows organizations aren’t responding in kind and putting incident response plans in ...

Ex-Bank of America Employee Charged with Business Email Compromise Money Laundering

A three-person team – including a personal banker at Bank of America – have been indicted for reportedly being behind a BEC scam that took 5 companies for over $1.1 Million.

We Are Official Guinness World Records Holders!

It gives us great pleasure to announce that Eskenzi PR, KnowBe4 and OneLogin now hold the Guinness World Records® title for the Most views of a cybersecurity lesson video on YouTube in 24 ...

Iranian Phishing Campaigns Are Running Rampant

Researchers at Google’s Threat Analysis Group (TAG) are tracking phishing campaigns by the Iranian threat actor APT35 (also known as Charming Kitten). The attackers used compromised ...


Get the latest insights, trends and security news. Subscribe to CyberheistNews.