Black Basta Ransomware Uses Phishing Flood to Compromise Orgs

May 16, 2024 12:54:01 PM By Roger Grimes

Rapid7 reports an interesting social engineering scheme that easily bypasses content filtering defenses and creatively uses a fake help desk to supposedly “help” users put down the attack.

Phishing and Pretexting Dominate Social Engineering-Related Data Breaches

May 15, 2024 11:15:31 AM By Stu Sjouwerman

New data shows that despite the massive evolution of the cybercrime economy, threat actors are sticking with the basics in social engineering attacks, with a goal at stealing data.

FBI Warns of AI-Assisted Phishing Campaigns

May 15, 2024 11:15:28 AM By Stu Sjouwerman

The US Federal Bureau of Investigation’s (FBI’s) San Francisco division warns that threat actors are increasingly using AI tools to improve their social engineering attacks.

How Come Unknown Attack Vectors are Surging in Ransomware Infections?

May 14, 2024 2:30:08 PM By Stu Sjouwerman

Trend analysis of ransomware attacks in the first quarter of this year reveals a continual increase in the number of "unknown" initial attack vectors, and I think I understand why.

Attackers Leveraging XSS To Make Phishing Emails Increasingly Evasive

May 14, 2024 2:30:02 PM By Stu Sjouwerman

Attackers are exploiting Reflected Cross-Site Scripting (XSS) flaws to bypass security filters, according to a new report from Vipre. This technique allows attackers to send benign links ...

Ransomware Detection Time Shortens by 44% as Organizations Attempt to Keep Up with Attackers

May 10, 2024 1:49:17 PM By Stu Sjouwerman

New data shows organizations are improving their ability to detect and respond to ransomware attacks, but is it fast enough to make a difference and stop attacks?

Phishing-as-a-Service Platform LabHost Disrupted by Law Enforcement Crackdown

May 10, 2024 8:43:26 AM By Stu Sjouwerman

One of the largest phishing-as-a-service platforms, LabHost, was severely disrupted by law enforcement in 19 countries during a year-long operation that resulted in 37 arrests.

Phishing Reports in Switzerland More Than Doubled Last Year

May 8, 2024 2:14:41 PM By Stu Sjouwerman

Switzerland’s National Cyber Security Centre (NCSC) received more than 30,000 reports of cyber incidents in the second half of 2023, more than double the amount received in the second ...

Verizon: Nearly 80% of Data Breaches Involve Phishing and the Misuse of Credentials

May 7, 2024 2:33:11 PM By Stu Sjouwerman

Innovative analysis of data breaches shows which attack vectors are being used and how they’re enabled, highlighting the roles phishing and credentials play.

Credential-Harvesting Campaign Impersonates Fashion Retailer Shein

May 7, 2024 2:33:08 PM By Stu Sjouwerman

A phishing campaign is impersonating fashion retailer Shein in an attempt to steal users’ credentials, according to researchers at Check Point.

The Education Sector Experienced the Highest Number of Data Breaches in 2023

May 7, 2024 8:00:00 AM By Stu Sjouwerman

New data from Verizon makes it clear that the Education sector is under attack, but also breaks down which threat actions and patterns are used most.

Introducing The New KnowBe4.com

May 6, 2024 3:52:27 PM By Cindy Zhou

I'm excited to unveil our newly redesigned website at knowbe4.com! The team has worked hard to create a sleek, modern design with improved navigation and new features to better serve you ...

Verizon: The Percentage of Users Clicking Phishing Emails is Still Rising

May 3, 2024 2:01:32 PM By Stu Sjouwerman

The long-awaited annual Verizon Data Breach Investigations Report is out, and it’s made very clear that users continue to be a problem in phishing attacks.

Analysis Shows 2023 to be “Worst Year for Phishing on Record”

May 2, 2024 3:45:57 PM By Stu Sjouwerman

Newly-released data highlights our worst fears about the prevalence of phishing, and some glimmer of hope that the good guys may be winning the fight.

[CASE STUDY] Healthcare Organization Hardens Employee Defenses Against Insidious Callback Phishing Attacks

May 1, 2024 1:57:28 PM By Stu Sjouwerman

A major U.S. healthcare provider significantly reduced their employees' susceptibility to callback phishing attacks after using KnowBe4's callback phishing simulation and training ...

Phishing Failures: How Not to Phish Your Users

Apr 30, 2024 1:42:21 PM By Javvad Malik

This blog was co-written by Javvad Malik and Erich Kron. Let’s dive into the cautionary world of phishing simulations gone wrong. You know, those attempts to train users not to fall for ...

How New College Graduates Can Avoid Increasingly Personalized Job Scams

Apr 30, 2024 1:42:05 PM By Stu Sjouwerman

For many fresh out of college, the drive to land that first professional role is a top priority. Yet, new graduates can be exposed to sophisticated scams that can jeopardize not just ...

Targeted Smishing Attacks by Threat Group “The Com” On The Rise

Apr 29, 2024 2:03:09 PM By Stu Sjouwerman

Cyber activity by the group "The Com," which leverages (SIM) swapping, cryptocurrency theft, swatting, and corporate intrusions, is increasing.

The Art of Huh?

Apr 29, 2024 2:03:05 PM By Roger Grimes

One of the best things you can teach yourself, your family, and your organization is how to recognize the common signs of phishing and how to mitigate and appropriately report it.

Phishing Campaigns Spoof the U.S. Postal Service

Apr 29, 2024 2:03:02 PM By Stu Sjouwerman

Researchers at Akamai have found that phishing sites impersonating the U.S. Postal Service get as much traffic as the real USPS website.

Security Awareness Training Blog

Phishing Blog

View Topics