Human Risk Management Blog

The 3 Biggest Email Security Challenges Facing Legal Organizations

Law firms really are under constant pressure to meet tight deadlines, maintain client confidentiality and protect privileged communications.

The Behavioral Science Behind the Click

Welcome back. In our last blog post, we talked about the great divide between tech-focused and people-focused security.

New AI-Driven Phishing Platform Automates Attack Campaigns

Researchers at Varonis warn of a new phishing automation platform called “SpamGPT” that “combines the power of generative AI with a full suite of email campaign tools.”

Attackers Use AI Development Tools to Craft Phony CAPTCHA Pages

Attackers are abusing AI-powered development platforms like Lovable, Netlify and Vercel to create and host captcha challenge websites as part of phishing campaigns, according to ...

Attackers Abuse Google’s AppSheet to Send Phishing Emails

Hackread reports that attackers are abusing Google’s AppSheet platform to send phishing emails.

CyberheistNews Vol 15 #38 Why Does Protecting AI Agents Need To Be Status Quo?

Why Your Security Strategy Needs a Human Upgrade

Let’s be brutally honest. For years, our industry has been locked in a civil war. In one camp, the technologists have been building higher walls and smarter traps, arguing that the right ...

North Korean Hackers Target Job Seekers With ClickFix Attacks

North Korean hackers behind the “Contagious Interview” campaign are using the ClickFix social engineering tactic to target job seekers with phony employment offers, according to ...

AI-Assisted Phishing Attacks Are an Increasingly Serious Threat

AI-assisted phishing attacks pose a significant and increasing threat to organizations, according to Matt Weidman, partner and vice president of Commercial Property & Casualty at ...

CyberheistNews Vol 15 #37 [New Report] Shadow AI Threats Are Increasing. Here's How to Spot Them

Training AI Agents Will Be Status Quo

Protecting humans means protecting the tools humans use.

Report: AI-Powered Phishing Fuels Ransomware Losses

AI-powered social engineering attacks are significantly more successful than traditional attacks, according to a new report from cyber risk management firm Resilience.

Phishing Campaign Abuses iCloud Calendar Invites

Attackers are abusing iCloud Calendar invites to send phishing messages that pose as PayPal notifications, BleepingComputer reports. Since the messages are sent from Apple’s ...

FBI Issues Guidance for Avoiding Deepfake Scams

The FBI and the American Bankers Association (ABA) have issued a joint advisory warning of the growing threat posed by AI-generated deepfake scams.

PayPal Scam From PayPal

One of the most common human risk management recommendations is for users to hover over URL links of unexpected messages to see if the involved DNS domain is legitimate or not for the ...

Report: Shadow AI Poses an Increasing Risk to Organizations

The use of “shadow AI” is an increasing security risk within organizations, according to a new report from Netskope.

"Yep, I got pwned. Sorry everyone, very embarrassing."

In essence, that is the disclosure and notification message that the open-source developer "qix" sent to the world when he was social engineered to give up access credentials to his ...

CyberheistNews Vol 15 #36 One of the Biggest Mysteries in Cybersecurity: Why Don't We Demand This?

Smishing Campaign Targets California Taxpayers With Phony Refund Offers

The State of California’s Franchise Tax Board (FTB) has warned of an ongoing SMS phishing (smishing) campaign targeting residents, Malwarebytes reports.

Advanced Educational Competition – Ask Your Employees To Submit Their Best Phishing

I occasionally get human risk management (HRM) administrators asking me to help them with ideas of “contests” to better educate their end-users.