Security Awareness Training Blog

Phishing Blog

Learn about current phishing techniques, notable campaigns and attacks, what to watch out for 'in the wild', and more.

Comcast: 9 out of 10 Attempts to Breach Customer Networks Start with a Phish

The latest data from Comcast Business’ analysis of over 23.5 billion cyber attacks on their business customers shows the importance and role of phishing in attacks.
Continue Reading

Australians Reporting Alarming Number of Losses to Vishing and Smishing Scams

We know that scam calls (aka vishing) and scam SMSs (aka smishing) are out of control, and for most unaware Australians, they continue to cause pain and suffering. According to the ...
Continue Reading

Record ¥3 bil stolen via phishing in Japan in 1st half of 2023

A record 2,322 scams in Japan to steal internet banking IDs and passwords have resulted in unauthorized money transfers totaling a record of around 3 billion yen ($21 million) in the ...
Continue Reading

Wordfence Becomes the Latest Brand to be Impersonated Putting 800 Million Sites at Risk

With its wide use and trusted state among Wordpress developers and website admins, a new campaign impersonating the website security brand could put hundreds of millions of websites at ...
Continue Reading

Scammers Exploit Twitter’s Transition to “X”

Scammers are taking advantage of Twitter’s rebranding to “X,” according to Stephanie Adlam at Gridinsoft. A phishing campaign is targeting Twitter Blue users by telling them they need to ...
Continue Reading

KnowBe4’s Interactive Phishing Analysis Center: Keep Your Finger On The Pulse

As a security awareness practitioner, keeping your pulse on industry - and geographical - benchmarking data and best practices is always a good way to measure your organization’s security ...
Continue Reading

Most Organizations Using Weak Multifactor Authentication

Most organizations are still using weak forms of multi-factor authentication (MFA), a survey by Nok Nok has found. These forms of MFA can be bypassed if an employee falls for a social ...
Continue Reading

5 Intriguing Ways AI Is Changing the Landscape of Cyber Attacks

In today's world, cybercriminals are learning to harness the power of AI. Cybersecurity professionals must be prepared for the current threats of zero days, insider threats, and supply ...
Continue Reading

[INFOGRAPHIC] Q2 2023 Top-Clicked Phishing Test Results Favor HR-Related Subjects

KnowBe4's latest reports on top-clicked phishing email subjects have been released for Q2 2023. We analyze 'in the wild' attacks reported via our Phish Alert Button, top subjects globally ...
Continue Reading

Phishing Attacks Continue to Use Attachments as HTML Files Containing Java Dominate

As traditional phishing attack attachment types like Office documents dwindle in use, threat actors look for new effective ways to use email as a delivery medium to launch an attack.
Continue Reading

[New Product] Supercharge Your Anti-Phishing Defense with KnowBe4’s PhishER Plus!

Staying one step ahead of cybercriminals is absolutely vital in today’s threat landscape. That's why we're thrilled to introduce PhishER Plus, a revolutionary product from KnowBe4 that ...
Continue Reading

New AI Bot FraudGPT Hits the Dark Web to Aid Advanced Cybercriminals

Assisting with the creation of spear phishing emails, cracking tools and verifying stolen credit cards, the existence of FraudGPT will only accelerate the frequency and efficiency of ...
Continue Reading

Advanced Phishing Campaign Exploits 3rd Parties

Researchers at BlueVoyant warn that attackers are increasingly adding an extra step to their phishing campaigns, impersonating third-parties to lend credibility to the scams.
Continue Reading

A Long-Running Credential Phishing Expedition

Researchers at Akamai describe a credential phishing campaign that’s been running since at least March 2022. Due to the volume of traffic to the phishing sites, the researchers estimate ...
Continue Reading

CISA Discovers Spear Phishing and Valid Account Compromise Are the Most Common Attack Vectors

The US Cybersecurity and Infrastructure Security Agency (CISA) has found that compromise of valid accounts and spear phishing attacks were the two most common vectors of initial access in ...
Continue Reading

Heads Up: Google Inactive Account Deletion Notifications

Google announced an update to their inactive account policies in May. Accounts that have been inactive for a period of two years or more will start being deleted in December 2023, at the ...
Continue Reading

Phishing Email Attack Numbers “Decline” While Malware Volumes Increase 15%

New data focused on the first half of the year shows some anomalies. Phishing attacks are slowing down… that is, until you dive into the details.
Continue Reading

How KnowBe4 Can Help You Fight Spear Phishing

This blog was co-written by KnowBe4's Data-Driven Defense Evangelist Roger A. Grimes and Chief Learning Officer John Just. Social engineering is involved in 70% to 90% of successful ...
Continue Reading

Beware of the Barbie Scam: What You Need to Know After the Recent Movie Release

Scammers are taking advantage of the popularity of the Barbie movie, according to researchers at McAfee.
Continue Reading

[Live Demo] Ridiculously Easy Security Awareness Training and Phishing

Old-school awareness training does not hack it anymore. Your email filters have an average 7-10% failure rate; you need a strong human firewall as your last line of defense.
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews