KnowBe4 Blog

Phishing

Learn about current phishing techniques, notable campaigns and attacks, what to watch out for 'in the wild', and more.

5 Essential Cybersecurity Defenses for Cloud Email Security

Cloud email has become the center of modern business. Regardless of your organization's industry or size, email connects employees, customers, vendors, executives, financial systems and ...

Cybercriminals Are Targeting the FIFA World Cup 2026

Lead Analysts: Jeewan Singh Jalal and Louis Tiley KnowBe4 ThreatLabs tracked phishing campaign activity from the first week of April through June 22, 2026 — covering the pre-tournament ...

Phishing Exposes Employee Data at 86% of Fortune 100 Companies

A new report from SpyCloud has found that phishing attacks have exposed employee data at 86% of Fortune 100 companies over the past 12 months, with the technology, airline and automotive ...

Report: Device Code Phishing is Surging

Multiple sophisticated phishing kits are now focusing on harvesting device codes to breach accounts without a password, according to researchers at LevelBlue.

Turn Account Takeover Into Real-Time Security Coaching

Account takeover is one of the most common ways organizations get breached and one of the hardest to train users on. Not because users don't care, but because usually training happens in ...

Social Engineering Attacks Abuse Workplace Collaboration Tools

Threat actors are increasingly abusing workplace collaboration tools like Microsoft Teams to launch social engineering attacks, according to researchers at Palo Alto Networks’s Unit 42. ...

APWG Report: Social Media Phishing is Surging

Phishing scams surged across social media platforms during the first quarter of 2026, according to a new report from the Anti-Phishing Working Group (APWG).

The Role of Agentic AI in Phishing Security Training

Phishing attacks are evolving faster than traditional training programs can keep up. Advances in AI — including generative tools — are making attacks more dynamic, personalized, and ...

Attackers Use Spoofed ChatGPT Site to Deliver Malware

Researchers at Malwarebytes warn that a fake ChatGPT download site is delivering malware. The attackers use sponsored results and SEO manipulation to target users who search for “ChatGPT ...

I Love Device-Bound Session Credentials, But They Are Still Phishable and Hackable

Google recently released Device-Bound Session Credentials (DBSC) for Google Chrome and Google Workspace. It is a long-awaited new security enhancement to fight back against local cookie ...