Repertoire of Ukraine Charity Phishing Scams

Mar 24, 2022 10:21:32 AM By Stu Sjouwerman

Scammers continue to exploit the crisis in Ukraine, according to researchers at Bitdefender. Over the past week, the researchers believe the fraudsters have adjusted their tactics in ...

Initial Access Broker Group Relies on Social Engineering

Mar 24, 2022 10:20:53 AM By Stu Sjouwerman

Google’s Threat Analysis Group (TAG) describes a cybercriminal group it calls “EXOTIC LILY” that acts as an initial access broker for numerous financially motivated threat actors, ...

Number of Phishing Attacks Hits an All-Time High in 2021, Tripling That of Early 2020

Mar 23, 2022 2:00:34 PM By Stu Sjouwerman

New data from the Anti-Phishing Working Group shows cybercriminals are stepping on the gas, focusing phishing attacks on credential theft and response-based scams.

Phishing Attack-Turned-Wire Fraud Case Sees a Win for the Policyholder

Mar 23, 2022 2:00:26 PM By Stu Sjouwerman

In an unusual turn of events, a recent court decision sided with the policyholder, despite specific policy language that probably should have favored the insurer.

QakBot Banking Trojan Evolves and Now Takes Over Email Conversations to Spread Malware

Mar 23, 2022 2:00:06 PM By Stu Sjouwerman

As if stealing all your credentials, cookies, and email wasn’t bad enough, this new version of QakBot inserts itself into your emails, impersonating you to gain access to more victims.

Phishing Scam with Fraudulent Invoice Costs City of Fresno Over $600,000

Mar 23, 2022 1:59:56 PM By Stu Sjouwerman

This simple invoice scam appears to be a part of a much broader campaign targeting municipalities, posing as existing subcontractors.

Exploiting Trust in reCAPTCHA

Mar 23, 2022 8:46:14 AM By Stu Sjouwerman

Researchers at Avanan warn that attackers are using reCAPTCHAs on their phishing sites to avoid detection by security scanners.

SMBs Are 350% More Likely to Experience Social Engineering Attacks Via Phishing

Mar 22, 2022 4:08:43 PM By Stu Sjouwerman

New data shows phishing, social engineering, and impersonation dominate as cybercriminals are becoming more frequent and successful with their attacks.

Chameleons Phish, Too

Mar 21, 2022 10:40:34 AM By Stu Sjouwerman

One of the challenges cyber criminals face is that their scams often have a relatively short shelf-life. Once they’ve been used, the gaff is quickly blown, and the scammers hope to ...

KnowBe4 Named a Leader in The Forrester Wave for Security Awareness and Training Solutions

Mar 17, 2022 8:00:00 AM By Stu Sjouwerman

We’re thrilled to announce that KnowBe4 has been named a Leader in The Forrester WaveTM : Security Awareness and Training Solutions, Q1 2022 report based on our current offering, strategy ...

New Phishing Method Uses VNC to Bypass MFA Measures and Gives Cybercriminals Needed Access

Mar 16, 2022 10:20:57 AM By Stu Sjouwerman

Despite cloud vendors like Google detecting reverse proxies or man-in-the-middle (MiTM) attacks and halting logons to thwart malicious actions, a new method easily gains access.

Social Engineering through Contact Form

Mar 14, 2022 9:16:00 AM By Stu Sjouwerman

Email is the familiar form of phishing, but there’s an ongoing criminal campaign that follows a different, arguably subtler avenue of approach: the corporate contact form. Abnormal ...

Email-Based Vishing Attacks Skyrocket 554% as Phishing, Social Media, and Malware Attacks Are All on the Rise

Mar 11, 2022 10:28:20 AM By Stu Sjouwerman

A new analysis of attacks in 2021 shows massive increases across the board, painting a very concerning picture for 2022 cyberattacks of all types.

“Warm Greetings” (or not) : Saudi Aramco Impersonation

Mar 10, 2022 9:31:37 AM By Stu Sjouwerman

Researchers at Malwarebytes warn of a phishing campaign that’s targeting the oil and gas industry by impersonating Saudi Aramco.

Phishing and Scam Pages Increase by 153% as Cybercriminals Seek to Establish Credibility

Mar 10, 2022 9:31:15 AM By Stu Sjouwerman

As part of either impersonating known brands or simply leveraging credible cloud services, the use of a web page as part of an attack has become a staple for threat actors.

Domains Associated with Phishing Directed Against Ukraine

Mar 9, 2022 9:05:47 AM By Stu Sjouwerman

Researchers from Secureworks’ Counter Threat Unit (CTU) are tracking phishing domains used by the “MOONSCAPE” threat actor to target users in Ukraine. The researchers note that Ukraine’s ...

Phishing Impersonation and Attack Trends in 2021

Mar 9, 2022 8:50:37 AM By Stu Sjouwerman

Facebook overtook Microsoft as the most impersonated brand in phishing attacks last year, according to a new report from Vade Secure.

[World Premiere] KnowBe4’s New Season 4 of Netflix-Style Security Awareness Video Series - ‘The Inside Man’

Mar 8, 2022 8:30:14 AM By Stu Sjouwerman

We’re thrilled to announce the long-awaited fourth season of the award-winning KnowBe4 Original Series - ‘The Inside Man’ is now available in the KnowBe4 ModStore!

By the Way, There's No Draft - Smishing Campaign Alert

Mar 7, 2022 9:48:53 AM By Stu Sjouwerman

Scammers are sending phony text messages (aka Smishing or SMS Phishing) informing people in the US that they’ve been drafted by the US Army, according to Army Times.

Phishing Attacks Impersonating LinkedIn are up 232% in the Last Month Alone!

Mar 4, 2022 8:34:15 AM By Stu Sjouwerman

During the period the world has dubbed “the great resignation”, phishing scammers are shifting tactics to take advantage of those looking for a new career or place of employment.

Security Awareness Training Blog

Phishing Blog

View Topics