Harvested Credentials Are Put Up for Sale Monthly on the Dark Web at a Rate of 10,000 a Month

Oct 12, 2023 8:01:59 AM By Stu Sjouwerman

Credential harvesting has become a business in and of itself within the cybercrime economy. New insight from Microsoft details the types of attacks your organization should watch out for.

[INFOGRAPHIC] KnowBe4’s SecurityCoach: Top 10 Integrations

Oct 12, 2023 8:00:00 AM By Stu Sjouwerman

Real-time security coaching helps improve your organization’s security culture by enabling real-time coaching of your users in response to risky security behaviors.

Smishing Triad Threat Actor Sets Its Sights on the UAE

Oct 10, 2023 4:05:50 PM By Stu Sjouwerman

Resecurity warns that the Smishing Triad threat actor has “vastly expanded its attack footprint” in the United Arab Emirates (UAE).

One Out of Five Organizations Must Improve Their Security Posture to be Eligible for Cyber Insurance

Oct 9, 2023 8:16:12 AM By Stu Sjouwerman

As insurers become more educated on what a “secure organization” looks like, they are tightening their requirements that puts the onus on organizations to be more secure.

Energy Sector Experiences Three Times More Operational Technology Cybersecurity Incidents Than Any Other Industry

Oct 9, 2023 8:14:04 AM By Stu Sjouwerman

While industries like financial services and healthcare tend to dominate in IT attacks, the tables are turned when looking at Operational Technology (OT) cyber attacks – and the energy ...

Stay a Step Ahead of your #1 Downtime Threat - Business Email Compromise

Oct 9, 2023 5:00:00 AM By Stu Sjouwerman

A new report from Secureworks has found that business email compromise (BEC) remains “one of the most financially damaging online crimes overall for orgs” in 2023. The security firm’s ...

[Risky New Data] More than Half of Phishing Scams Now Use Obfuscation

Oct 5, 2023 3:26:33 PM By Stu Sjouwerman

A new report shows staggering phishing trends using obfuscation techniques that should make any organization feel worried.

Senior Executives Beware: The Rise of EvilProxy Phishing Campaigns

Oct 5, 2023 8:20:01 AM By Stu Sjouwerman

Menlo Security warns that a social engineering campaign is using the EvilProxy phishing kit to target senior executives across a range of industries, including banking and financial ...

Malicious URLs In Phishing Emails: Hover, Click and Inspect Again

Oct 5, 2023 8:19:48 AM By Roger Grimes

The most often recommended piece of anti-phishing advice is for all users to “hover” over a URL link before clicking on it. It is great advice.

Generative AI and the Automation of Social Engineering Increasingly Used By Threat Actors

Oct 3, 2023 10:43:44 AM By Stu Sjouwerman

Threat actors continue to use generative AI tools to craft convincing social engineering attacks, according to Glory Kaburu at Cryptopolitan.

[HEADS UP] Aurora Police Department Warns of Contactless Payment Processors Scams

Oct 3, 2023 10:31:37 AM By Stu Sjouwerman

If you didn't trust contactless payment processors before, you really won't after hearing about this recent scam.

New SMS Phishing Campaign Impersonating The US Postal Service

Oct 2, 2023 10:45:00 AM By Stu Sjouwerman

DomainTools is tracking an increase in SMS phishing (or “smishing”) campaigns impersonating the US Postal Service (USPS). The text messages inform recipients that there’s a problem with ...

[Live Demo] Ridiculously Easy Security Awareness Training and Phishing

Sep 29, 2023 8:00:00 AM By Stu Sjouwerman

Old-school awareness training does not hack it anymore. Your email filters have an average 7-10% failure rate; you need a strong human firewall as your last line of defense.

Ransomware Now Considered a “Crisis” in the Financial Services Sector

Sep 28, 2023 4:20:16 PM By Stu Sjouwerman

A recent panel discussion of banking CISOs and experts at the SIBOS conference focused on the current state of ransomware and what institutions should do to protect themselves.

It’s Official – Generative AI Has Made Phishing Emails Foolproof

Sep 28, 2023 4:20:04 PM By Stu Sjouwerman

The most basic use of tools like ChatGPT to script out professional-looking emails has all but eliminated improperly written content as an indicator of a potential phishing scam.

Threat Group UNC3944 Continues to See Success Using Text-Based Social Engineering

Sep 28, 2023 4:19:51 PM By Stu Sjouwerman

A new update on UNC3944 group's activities shows how they are evolving their focus squarely on SMiShing credential harvesting attacks that result in data theft/extortion attacks.

Pharma Industry Seeing Reduction in Data Breach Costs, But Still Have Much to Do

Sep 28, 2023 4:19:36 PM By Stu Sjouwerman

Insights from IBM’s Cost of a Data Breach Report on the Pharmaceutical Industry shows that while the overall cost has improved, there are clear areas of risk that need to be addressed.

Facebook Messenger Becomes the Delivery Mechanism for Infostealer Malware Attack

Sep 28, 2023 4:19:23 PM By Stu Sjouwerman

Millions of business accounts on Facebook are the target of a new malware attack, which is seeing a success rate of 1 out of 70, causing concern for the security of corporate credentials.

How Zero-Point Fonts in Phishing Emails Make Them Look Safe

Sep 28, 2023 12:56:43 PM By Stu Sjouwerman

Attackers are using zero-point fonts to make phishing emails appear as though they’ve been verified by security scanners, BleepingComputer reports.

[HEADS UP] If You're a LastPass User, You May be the Next Phishing Email Target

Sep 28, 2023 9:17:38 AM By Stu Sjouwerman

Cybercriminals are not holding back on LastPass users as a new phishing campaign has recently launched with the intent to steal your data.

Security Awareness Training Blog

Phishing Blog

View Topics