Sextortion Scam Combines Lust and Envy

Mar 24, 2020 8:28:29 AM By Stu Sjouwerman

A sleazy phishing campaign is trying to tempt people into opening an attachment that supposedly contains nude pictures of a friend’s girlfriend, BleepingComputer reports. The attackers ...

Brand Impersonation Phishing Attacks Grow While Organizations Fail to Protect Their Brand Using DMARC

Mar 23, 2020 4:08:41 PM By Stu Sjouwerman

New data from Security vendor Agari shows how identity deception techniques are being used to fool recipient victims as organizations lack the needed safeguards to ensure emails are ...

[On-Demand] New 2020 Phishing By Industry Benchmarking Report: How Does Your Organization Measure Up

Mar 23, 2020 8:39:24 AM By Stu Sjouwerman

As a security leader, you have a lot on your plate. Even as you increase your budget for sophisticated security software, your exposure to cybercrime keeps going up. IT security seems to ...

Urgency Around the Coronavirus Leads to Phishing Scams Targeting Healthcare

Mar 23, 2020 8:24:07 AM By Stu Sjouwerman

As if the virus itself wasn’t bad enough, lowlife scammers are using the pandemic to trick healthcare workers into giving up credentials. Elite hackers tried to break into the World ...

[Heads-Up] Feeding Frenzy: COVID-19 Phishing Attacks Surge as U.S. Reels from Pandemic

Mar 23, 2020 7:00:00 AM By Eric Howes

By Eric Howes, KnowBe4 Principal Lab Researcher. Having already published three blog pieces on the epidemic of Coronavirus-themed phishing emails and spam/scam offerings online (see HERE, ...

Organizations Need To Be Wary Of Home Worker Phishing Risks

Mar 19, 2020 5:31:33 PM By Stu Sjouwerman

Security experts warn that phishing attacks against home workers will rise.

Human Behavior is What Makes Phishing Attacks So Successful

Mar 19, 2020 8:28:37 AM By Stu Sjouwerman

The problem isn’t the lack of software designed to detect, prevent, and protect – it’s that human response is a required part of every phishing attack that users seem to be happy to ...

Domains Use Homographic Characters to Create Hard to Spot Phishing URL's

Mar 18, 2020 8:35:31 AM By Stu Sjouwerman

Website domains can use homographic characters to create very hard-to-spot phishing URLs, Threatpost reports. Cybersecurity researcher Avi Lumelsky demonstrated how easy it is to create ...

The Effectiveness of Educating End Users With a Test-Out Quiz

Mar 17, 2020 12:54:14 PM By Roger Grimes

Use a “test-out” quiz as a way to get people who are normally resistant to training to proactively take the training. They think they are taking a quiz to avoid the training, but in ...

FBI Sends Private Industry Notification Warning of BEC Techniques

Mar 17, 2020 8:32:03 AM By Stu Sjouwerman

The FBI sent out a Private Industry Notification (PIN) warning companies that attackers are abusing Microsoft Office 365 and Google’s G Suite to launch business email compromise (BEC) ...

Coronavirus-Themed Simulated Phishing Templates

Mar 16, 2020 9:48:41 AM By Stu Sjouwerman

The following templates were added to the console this morning:

Malicious IQY Files Found in Spam Campaign

Mar 16, 2020 8:26:37 AM By Stu Sjouwerman

Researchers at Lastline have come across a phishing campaign that’s using Internet Query (IQY) files to bypass security filters and deliver a new version of the Paradise ransomware. The ...

Extreme Measures: The Epidemic of COVID-19 Phishing Emails Rages On

Mar 16, 2020 7:02:25 AM By Stu Sjouwerman

Since the publication of our first two blog pieces documenting the flood of Coronavirus-themed emails (see HERE and HERE), customers using the Phish Alert Button (PAB) have continued to ...

U.S. Homeland Security: "Malicious Actors Expected To Focus Attacks On Teleworkers. Secure Your VPN"

Mar 14, 2020 9:55:44 AM By Stu Sjouwerman

The Department of Homeland Security's cybersecurity agency this week shared tips on how to properly secure enterprise virtual private networks (VPNs) seeing that a lot of organizations ...

U.K. Pensions Regulator Sees 145 Percent Increase in Malicious Email Activity

Mar 13, 2020 8:21:15 AM By Stu Sjouwerman

The U.K. Government’s massive jump in email-based cyberattacks far outpaces even the most aggressive phishing or spam growth numbers seen this year.

[Heads Up!] A Whopping 21 Percent of Phishing Attack URLs Are Not Detected As Malicious For Days After They Go Live

Mar 12, 2020 7:03:09 AM By Stu Sjouwerman

New data from Akamai provides insight into why phishing attacks are making it all the way to the endpoint… and why they can trick users so easily into becoming a victim.

Secret Service Warning: Exploiting the Coronavirus for Fraud and Profit.

Mar 11, 2020 1:07:08 PM By Eric Howes

By Eric Howes, KnowBe4 Principal Lab Researcher. On Monday of this week we published a review of the coronavirus-themed emails that had been reported to us by customers using the Phish ...

A Look at Email Security in the US Healthcare Sector

Mar 11, 2020 8:24:41 AM By Stu Sjouwerman

90% of US healthcare organizations experienced email-based attacks in the past year, and 25% of these organizations said the attacks were extremely or very disruptive, according to a new ...

Cyberattacks on MSPs Grow Exponentially as the Focus Shifts to Hold Their Customer’s Data for Ransom

Mar 10, 2020 9:56:37 AM By Stu Sjouwerman

Recent insight from data protection vendor Datto puts MSPs on notices to secure their own environments to protect both their business and that of their customers.

Exploiting the Coronavirus: The Spammers, the Scammers, and the Bad Guys

Mar 9, 2020 1:35:06 PM By Eric Howes

By Eric Howes, KnowBe4 Principal Lab Researcher. If you've been paying attention to the news over the past week or so, you've undoubtedly noticed that the majority of the stories on your ...

Security Awareness Training Blog

Phishing Blog

View Topics