Over 1200 Man-in-the-Middle Phishing Toolkits Designed to Intercept 2FA Found in the Wild

Jan 6, 2022 2:19:54 PM By Stu Sjouwerman

An academic partnership between Stony Brook University and Palo Alto Networks uncovered a massive use of tools that will steal authentication cookies mid-stream instead of credentials.

Reducing Stress with CBD Is the Latest Theming for Phishing Attacks

Jan 4, 2022 10:03:58 AM By Stu Sjouwerman

Spanning three languages and at least 15,000 unique phishing emails, this latest phishing campaign targets stressed out workers in the U.S. and France, avoiding detection and promising to ...

Copyright Infringement Notice to Instagram Users Serves as Newest Phishbait

Jan 4, 2022 10:03:54 AM By Stu Sjouwerman

Scammers are sending phony accusations of copyright infringement to Instagram users in a new phishing attack, Paul Ducklin writes at Naked Security. The scammers are taking advantage of ...

Omicron-Themed Phishing Campaign is Running Rampant

Dec 29, 2021 11:01:30 AM By Stu Sjouwerman

A mean-spirited phishing campaign is mocking victims after infecting their devices with Dridex malware, according to Lawrence Abrams at BleepingComputer.

Organizations Worldwide Experience Over 722 Million Attacks in the Last 30 Days!

Dec 29, 2021 11:01:23 AM By Stu Sjouwerman

Analysis of data collected by Internet and security services vendor Akamai shows an unimaginable number of cyberattacks, demonstrating how frequently these attacks are happening.

5 Notable Obscure Phishing Scams

Dec 29, 2021 11:01:12 AM By Roger Grimes

I love that KnowBe4’s customers are among the most knowledgeable and educated people in the world in avoiding phishing scams. KnowBe4’s products help its customers to educate and test ...

Google Takes a Step Towards Reducing the Use of Calendar Invitations as Phishing Tools

Dec 29, 2021 11:00:50 AM By Stu Sjouwerman

Doing their part, Google adds new functionality that defaults to automatically adding Google-based calendar invites to a victim’s calendar to lower the malicious value of an invite.

[Eye Opener] New Phishing Research Shows 37% of Sites Had More Than a Day Downtime

Dec 28, 2021 11:19:30 AM By Stu Sjouwerman

More than half (55%) of phishing attacks target IT departments, according to research commissioned by OpenText. Additionally, nearly half of survey respondents said they had fallen for a ...

New Nigerian Phishing Scams Target U.S. Military Families with Needed “Services”

Dec 23, 2021 4:17:23 PM By Stu Sjouwerman

With loved ones potentially a half a world away, scammers prey on families with scams that offer to assist with communication, care packages, leave, and more.

Office 365 “Spam Notification” Phishing Emails Seek to Capture Credentials

Dec 23, 2021 4:17:00 PM By Stu Sjouwerman

A new campaign spotted in the wild uses a tried-and-true method of convincing victims to provide their Office 365 logon credentials to be used in future attacks.

One-Third of Phishing Pages Are Inactive After Just One Day

Dec 23, 2021 11:39:19 AM By Stu Sjouwerman

We’ve always known phishing scammers work very quickly, moving from campaign to campaign, but new data indicates some scammers are moving on in terms of literally hours.

Canadian Government Urges Organizations to Take Additional Steps to Protect Against Ransomware Attacks

Dec 23, 2021 11:38:50 AM By Stu Sjouwerman

Citing upticks in attacks, Canada’s Centre for Cyber Security asks organizations to step up protective measures, offering guidance and a playbook to improve security.

Having an Efficient Security Awareness Training Program

Dec 23, 2021 9:06:46 AM By Roger Grimes

I love that KnowBe4’s customers are among the most knowledgeable and educated people in the world in avoiding phishing scams. KnowBe4’s products help its customers to educate and test ...

With KnowBe4’s Phish Alert Button, You Can Now Collect Feedback from Your Users When They Report Suspicious Emails

Dec 21, 2021 11:51:13 AM By Stu Sjouwerman

We are excited to announce the availability of KnowBe4’s enhanced Phish Alert Button for Microsoft 365 with the new User Comments feature!

Phishing Campaign Impersonates Pfizer

Dec 21, 2021 10:20:31 AM By Stu Sjouwerman

A phishing campaign is impersonating Pfizer with phony request-for-quotation (RFQ) emails, according to Roger Kay at INKY. The email lures had fairly convincing PDF attachments that ...

Phishing Remains Top Form of Cybersecurity Breach in 2021

Dec 20, 2021 3:14:15 PM By Stu Sjouwerman

Over half of organizations say they’ve experienced a cybersecurity breach caused by phishing in the last 12 months, dwarfing the second-place breach cause (malware) by almost 30%.

Embedded Email Attacks Are on the Rise and Aren’t Being Detected by Security Solutions

Dec 20, 2021 3:13:11 PM By Stu Sjouwerman

This classic tactic is making a comeback and is elegantly simple to execute, yet sufficiently complex enough to keep email scanning solutions from seeing it as malicious.

[EYE OPENER] New EU Phishing Study Shows That Crowd-sourcing Phishing Defense Is Successful

Dec 16, 2021 4:27:59 PM By Stu Sjouwerman

A Swiss phishing study involving roughly 15,000 participants in a 15-month experiment produced some interesting results. The study was run by researchers at ETH Zurich, working together ...

Wall Street Journal article: "Shaming Employees For Phishing is Counterproductive"

Dec 15, 2021 1:31:44 PM By Stu Sjouwerman

Shaming employees for falling for phishing attacks is the wrong approach, according to Dr. Karen Renaud, a chancellor’s fellow at the University of Strathclyde. In an article for the Wall ...

The Unbearable Lightness of Phishing Pages

Dec 14, 2021 8:45:50 AM By Stu Sjouwerman

Researchers at Kaspersky have found that most phishing pages are active for less than one day, with many of them going offline after just a few hours. Most of these short-lived pages were ...

Security Awareness Training Blog

Phishing Blog

View Topics