Human Risk Management Blog

Report: Cybercriminals are Hiring Social Engineering Talent

ReliaQuest has published a report on the cybercriminal recruitment ecosystem, finding that fluent English speakers with social engineering skills are highly sought-after.

CyberheistNews Vol 15 #34 [Watch Out] That Urgent Payroll Update Alert? It's a Phishing Attack

The Technical Sophistication Behind the "Free" Gift Scam: Evading Detection

Below is an example of a sophisticated survey scam phishing email that KnowBe4’s Threat Lab team has been monitoring as discussed in “The Hidden Cost of "Free" Gifts: How Survey Scams Are ...

Phishing Attacks Target Brokerage Accounts to Manipulate Stock Prices

Professional phishing groups are targeting customers of brokerage firms in order to manipulate stock prices, KrebsOnSecurity reports. The attackers use a technique called “ramp and dump” ...

The Attacker’s Playbook: A Technical Analysis of Quishing and Encrypted SVG Payloads Used in HR Impersonation Phishing Attacks

In this series, we first explored the psychology that makes HR phishing so effective, then showcased the real-world lures attackers use to trick your employees. Now, we’re going under the ...

That ‘Urgent Payroll Update’ Email is a Trap: A Look at the Latest HR Phishing Tactics

Phishing attacks impersonating HR are on the rise. Between January 1 – March 31, 2025, our Threat Lab team observed a 120%surge in these attacks reported via our PhishER product versus ...

From Human Resources to Human Risk: Why HR is the Perfect Department for Cybercriminals to Impersonate

We all trust HR - or at least we do when we think they’re emailing us! Data from KnowBe4’s HRM+ platform reveals that phishing simulations with internal subject lines dominate the list of ...

North Korean Threat Actor Delivers Ransomware Via Phishing Emails

The North Korean threat actor ScarCruft has incorporated ransomware into its arsenal, according to researchers at South Korean security firm S2W.

CyberheistNews Vol 15 #33 [Beware] When Your AI Helper Becomes a Hacker's Dream Tool

Alert: Tech Support Scammers Send Phony Podcast Invites

The Better Business Bureau (BBB) has warned that scammers are targeting high-profile employees and influencers with fake invitations to appear as a guest on popular celebrity podcasts.

CyberheistNews Vol 15 #32 How Hackers Exploit Microsoft Teams in Social Engineering Attacks

Social Engineering Attacks Surged in the First Half of 2025

Cybersecurity incidents nearly tripled in the first half of 2025, jumping from 6% in the second half of 2024 to 17% in 2025, according to a new report from LevelBlue.

ClickFix Social Engineering is Becoming More Popular

ClickFix attacks have been around for decades; only the name is new.

CyberheistNews Vol 15 #31 [Heads Up] Malicious M365 Connectors Put 300M Accounts at Risk

FBI Issues Guidance on Thwarting North Korea’s Fraudulent IT Schemes

The FBI has issued an advisory warning that North Korean IT workers continue to seek fraudulent employment at Western companies.

CyberheistNews Vol 15 #30 [Heads Up] Ransomware is Back—and Smarter Than Ever in 2025: Trends

Warning: Ransomware Attacks Surged by 63% Last Quarter

Ransomware attacks increased by 63% year-over-year in the second quarter of 2025, with a total of 276 publicly disclosed incidents, according to a new report from BlackFog.

Ransomware Trends in 2025

I’ve been following ransomware since the first one, the AIDS Cop Trojan, was released in December 1989.

CyberheistNews Vol 15 #29 [Jawdropper] AI Is Luring Travelers to Places That Don't Even Exist!

Thousands of Spoofed News Sites Are Pushing Investment Fraud Scams

Scammers are using over 17,000 phony news sites to push investment fraud, according to a new report from CTM360.