Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

Fake MFA Reset Warning Message

Jun 6, 2025 8:37:54 AM By Roger Grimes
A KnowBe4 co-worker of mine recently got this SMS phishing message (i.e., smish).
Continue Reading

Impersonating Meta, Powered by AppSheet: A Rising Phishing Campaign Exploits Trusted Platforms to Evade Detection

May 23, 2025 8:00:00 AM By KnowBe4 Threat Lab
Since March 2025, the KnowBe4 Threat Labs team has observed a surge in phishing attacks that exploit Google’s AppSheet platform to launch a highly targeted, sophisticated campaign ...
Continue Reading

Warning: Phishing Kits Can Auto-Generate Tailored Login Pages

May 19, 2025 4:43:03 PM By KnowBe4 Team
Commodity phishing kits are increasingly serving dynamically generated phishing pages, according to researchers at ESET.
Continue Reading

How to Protect Your Business from Scattered Spider's Latest Attack Methods

May 13, 2025 3:32:36 PM By KnowBe4 Team
Mandiant warns that the Scattered Spider cybercriminal group is using “brazen” social engineering attacks to target large enterprise organizations in a wide range of sectors.
Continue Reading

You Are Still Vulnerable to Password Attacks When Using Passkeys

May 9, 2025 2:26:01 PM By Roger Grimes
Just because you’re using a passkey doesn’t mean your password is gone.
Continue Reading

Phishing Kits Are Growing More Sophisticated; Focused on Bypassing MFA

May 8, 2025 5:12:21 PM By KnowBe4 Team
Researchers at Cisco Talos warn that major phishing kits continue to incorporate features that allow them to bypass multi-factor authentication (MFA).
Continue Reading

A Sneaky T-Mobile Scam and Lessons That Were Learned

Apr 30, 2025 4:41:50 PM By Roger Grimes
A friend of mine got a call on his phone and he regrettably picked it up. The number was 267-332-3644. The area code is from Bucks County, PA, where he used to live many years ago.
Continue Reading

What Is Device Code Phishing?

Apr 29, 2025 10:46:50 AM By Roger Grimes
Ever since Microsoft’s initial announcement on February 13, 2025, about a Russian nation-state phishing campaign using "device code phishing," many people have been wondering what it is. ...
Continue Reading

Warning: Ransomware Remains a Top Threat for SMBs

Apr 23, 2025 3:26:08 PM By Stu Sjouwerman
A new report from Sophos found that ransomware attacks accounted for over 90% of incident response cases involving medium-sized businesses in 2024, as well as 70% of cases involving small ...
Continue Reading

Securing Employee Identities: Expert Tips for Identity Management Day 2025

Apr 10, 2025 10:13:28 AM By Stu Sjouwerman
With this week being Identity Management Day on April 8th, it's the perfect reminder for organizations to focus on protecting their employees' digital identities.
Continue Reading

Act Now: Phishing-as-a-Service Attacks are on the Rise

Mar 24, 2025 3:05:34 PM By Stu Sjouwerman
Phishing-as-a-service (PhaaS) platforms drove a surge in phishing attacks in the first two months of 2025, according to researchers at Barracuda.
Continue Reading

Why Password Security Matters: The Danish and Swedish Password Problem

Mar 21, 2025 10:46:44 AM By Martin Kraemer
In today’s world, cybersecurity is more critical than ever. Organizations and individuals alike face a constant barrage of cyber threats, and often, the weakest link in our defenses is ...
Continue Reading

Beware: Malvertising Campaign Hits Nearly a Million Devices

Mar 12, 2025 9:09:33 AM By Stu Sjouwerman
Microsoft warns that a widespread malvertising campaign hit nearly one million devices around the world. The campaign, which began on illegal streaming sites, impacted both consumer and ...
Continue Reading

Warning: Ransomware Threats Increased Fourfold in 2024

Mar 7, 2025 9:14:54 AM By Stu Sjouwerman
Researchers at Barracuda observed a fourfold increase in ransomware threats last year, driven by increasingly sophisticated ransomware-as-a-service (RaaS) operations.
Continue Reading

Primary Refresh Tokens Aren’t Your Parent’s Browser Token

Mar 4, 2025 9:40:59 AM By Roger Grimes
If you haven’t been paying attention closely enough, a new type of access control token, like a super browser token on steroids, is becoming hackers' theft target of choice.
Continue Reading

Protect Your Devices: Mobile Phishing Attacks Bypass Desktop Security Measures

Feb 28, 2025 9:13:19 AM By Stu Sjouwerman
Zimperium warns of a surge in phishing attacks specifically tailored for mobile devices. These attacks are designed to evade desktop security measures in order to breach organizations ...
Continue Reading

Microsoft is Still the Most Commonly Impersonated Brand in Phishing Attacks

Jan 28, 2025 4:05:32 PM By Stu Sjouwerman
Microsoft, Apple, and Google were the most commonly impersonated brands in phishing attacks last quarter, according to researchers at Check Point.
Continue Reading

Beware of Toll Scam Texts: How Cybercriminals are Targeting U.S. Drivers

Jan 27, 2025 3:59:53 PM By Stu Sjouwerman
Drivers across the U.S. are being bombarded with fraudulent text messages claiming to come from toll operators like E-ZPass.
Continue Reading

"Get Beyond Security Awareness Training" Does Not Mean Forgetting About It

Dec 23, 2024 5:13:52 PM By Roger Grimes
KnowBe4 is a big believer in focusing on decreasing human risk as the best way to decrease cybersecurity risk in most environments.
Continue Reading

Mobile Phishing Attacks Use New Tactic to Bypass Security Measures

Dec 20, 2024 3:49:33 PM By Stu Sjouwerman
ESET has published its threat report for the second half of 2024, outlining a new social engineering tactic targeting mobile banking users.
Continue Reading
Subscribe

Search Our Blog


New call-to-action

Subscribe To Our Blog

Posts By Topic

View all

Get the latest about social engineering

Subscribe to CyberheistNews