Human Risk Management Blog

Warning: Job Scams Surge by More than 1000%

Job-related scams surged by more than one thousand percent between May and July 2025, according to new research from McAfee.

Report: North Korea Expands Its Remote Employment Schemes

North Korea’s fraudulent IT worker schemes have expanded to target nearly every industry that hires remote employees, according to researchers at Okta.

If You Have Not Realized It, Vishing Is Really Taking Off

Fighting voice-based phishing needs to be a big part of your human risk management (HRM) plan.

CyberheistNews Vol 15 #40 The Behavioral Science When Your Best People Are Click Magnets

North Korean Hackers Target Job Seekers With Social Engineering Tricks

A North Korean threat actor dubbed “DeceptiveDevelopment” is using various social engineering techniques to target job seekers, according to researchers at ESET.

CyberheistNews Vol 15 #39 [Watch Your Back] Why Your Security Strategy Needs a Human Upgrade Now

CyberheistNews Vol 15 #38 Why Does Protecting AI Agents Need To Be Status Quo?

CyberheistNews Vol 15 #37 [New Report] Shadow AI Threats Are Increasing. Here's How to Spot Them

CyberheistNews Vol 15 #36 One of the Biggest Mysteries in Cybersecurity: Why Don't We Demand This?

CyberheistNews Vol 15 #35 [Watch Out] Hackers Now Use AI to Write Better Phish

Report: Cybercriminals are Hiring Social Engineering Talent

ReliaQuest has published a report on the cybercriminal recruitment ecosystem, finding that fluent English speakers with social engineering skills are highly sought-after.

CyberheistNews Vol 15 #34 [Watch Out] That Urgent Payroll Update Alert? It's a Phishing Attack

The Technical Sophistication Behind the "Free" Gift Scam: Evading Detection

Below is an example of a sophisticated survey scam phishing email that KnowBe4’s Threat Lab team has been monitoring as discussed in “The Hidden Cost of "Free" Gifts: How Survey Scams Are ...

Phishing Attacks Target Brokerage Accounts to Manipulate Stock Prices

Professional phishing groups are targeting customers of brokerage firms in order to manipulate stock prices, KrebsOnSecurity reports. The attackers use a technique called “ramp and dump” ...

The Attacker’s Playbook: A Technical Analysis of Quishing and Encrypted SVG Payloads Used in HR Impersonation Phishing Attacks

In this series, we first explored the psychology that makes HR phishing so effective, then showcased the real-world lures attackers use to trick your employees. Now, we’re going under the ...

That ‘Urgent Payroll Update’ Email is a Trap: A Look at the Latest HR Phishing Tactics

Phishing attacks impersonating HR are on the rise. Between January 1 – March 31, 2025, our Threat Lab team observed a 120%surge in these attacks reported via our PhishER product versus ...

From Human Resources to Human Risk: Why HR is the Perfect Department for Cybercriminals to Impersonate

We all trust HR - or at least we do when we think they’re emailing us! Data from KnowBe4’s HRM+ platform reveals that phishing simulations with internal subject lines dominate the list of ...

North Korean Threat Actor Delivers Ransomware Via Phishing Emails

The North Korean threat actor ScarCruft has incorporated ransomware into its arsenal, according to researchers at South Korean security firm S2W.

CyberheistNews Vol 15 #33 [Beware] When Your AI Helper Becomes a Hacker's Dream Tool

Alert: Tech Support Scammers Send Phony Podcast Invites

The Better Business Bureau (BBB) has warned that scammers are targeting high-profile employees and influencers with fake invitations to appear as a guest on popular celebrity podcasts.