KnowBe4

Security Awareness Training Blog

Keeping You Informed. Keeping You Aware.

When Does a Legitimate Password Reset Email Feel Like a Phishing Attack? Just Ask Citrix Users

A recent password reset email from ShareFile (a Citrix company) put some users on edge, questioning both the emails legitimacy and why the reset.
Continue Reading

CEO Fraud Attacks are Citing the California Wildfires

Criminals are using the California wildfires as a social engineering tactic to manipulate people into buying gift cards supposedly intended for victims of the disaster, according to James ...
Continue Reading

Google Maps’ Bank Listings Updated by Scammers

Scammers are taking advantage of Google Maps by modifying the contact information of the service’s bank listings. After replacing banks’ legitimate phone numbers with numbers of their ...
Continue Reading

GreyEnergy Malware Spreads Through Phishing Emails

The GreyEnergy APT primarily uses phishing emails as its initial infection method, according to analysis by Nozomi Networks. The malware has been targeting industrial control systems in ...
Continue Reading

Phishing Emails are Targeting Spotify Users

A phishing campaign is attempting to steal login credentials from Spotify users, according to researchers at AppRiver. The emails ask users to click a hyperlink to confirm their accounts, ...
Continue Reading

Hackers reportedly breached Republican campaign committee emails during 2018 elections

The National Republican Congressional Committee (NRCC) was hacked during the 2018 midterm elections, according to a report from Politico. Republican officials said that hackers had access ...
Continue Reading

61% of Organizations Believe Negligent Users Will be the Primary Cause of a Data Breach in the Next 12 Months

Dark Readings annual Strategic Security Survey provides several details highlighting that organizations aren’t ready, and users aren’t helping.
Continue Reading

Why You Need To Make Security Awareness Training Mandatory. Read This Horror Story.

OK, so here is a horror story that you can prevent from happening in your own organization. Now and then we hear that KnowBe4 customers do not make the security awareness training ...
Continue Reading

Data Breach at Q&A Site Quora Affects 100 Million

It's all over the news, it even made the Wall Street Journal. I'm a quora participant myself and received the news directly in an email.
Continue Reading

That was fast! Bad Guys Are Using The Marriott Breach For Phishing Attacks

As predicted, the Marriott breach is heaven for bad guys. KnowBe4 customers are using the (free) Phish Alert Button to report in the wild phishing attacks using the recent news.
Continue Reading

From the “Shaking My Head” File: New Phishing Scam Seeks to Help Wildfire Victims… With Google Play Cards???

Cybercriminals will take advantage of any major news story if there’s a way to make money from it. But sometimes, the scam just gets a little too odd to believe.
Continue Reading

The Massive Marriott Data Breach: Some Practical Advice For Business Travelers

If you have stayed in one or the following hotels in the last 4 years, it's very likely that your personal data—and even potentially your passport number—has been stolen and is available ...
Continue Reading

Learning a 120K Lesson the Hard Way

The bank isn’t always responsible for making you whole after a business email compromise. Indiana’s Lake Ridge Schools lost more than $120,000 from a seven-million-dollar construction ...
Continue Reading

Attackers Impersonate CEOs to Scam Employees into Sending Gift Cards for the Holidays

A crafty mix of social engineering, great timing, and context act as the perfect ingredients to trick unwitting users into buying gift cards and placing them into the hands of the ...
Continue Reading

[Heads-up] Bad Guys Love Marriott: 500 Million Data Breach Is Phishing Heaven

So I guess we have just reached the tipping point, it's "privacy game over" for business travelers.
Continue Reading

KnowBe4 Fresh Content Update & New Features November 2018

We've got a few content updates in the KnowBe4 Modstore to share with you for the month of November!
Continue Reading

Employers Are Liable If They Don't Protect Employees' Sensitive Personal Information from Attack

A recent ruling from the Pennsylvania Supreme Court on an employee lawsuit against the University of Pittsburgh Medical Center stemming from a data breach should put all employers on ...
Continue Reading

DNSpionage Malware Targets Domains in Lebanon and United Arab Emirates

A new threat actor is targeting Lebanon and United Arab Emirates (UAE) government domains, as well as a Lebanese airline company, according to Warren Mercer and Paul Rascagneres at Cisco ...
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews