KnowBe4 Blog

Phishing

Learn about current phishing techniques, notable campaigns and attacks, what to watch out for 'in the wild', and more.

Phishing Campaign Abuses Google’s Infrastructure to Bypass Defenses

Researchers at RavenMail warn that a major phishing campaign targeted more than 3,000 organizations last month, primarily in the manufacturing industry.

Phishing Campaign Targets WhatsApp Accounts

Researchers at Gen warn that a phishing campaign is attempting to trick users into linking malicious devices to their WhatsApp accounts.

North Korean Threat Actor Spreads Malware via QR Codes

The North Korean threat actor “Kimsuky” is using QR codes to trick users into installing malicious mobile apps, according to security researchers at ENKI. The phishing sites, which ...

New ConsentFix Technique Tricks Users Into Handing Over OAuth Tokens

Researchers at Push Security have observed a new variant of the ClickFix attack that combines “OAuth consent phishing with a ClickFix-style user prompt that leads to account compromise.”

New BlackForce Phishing Kit Bypasses Multifactor Authentication

Zscaler has published a report on a new phishing kit dubbed “BlackForce” that uses Man-in-the-Browser (MitB) attacks to steal credentials and bypass multi-factor authentication. Notably, ...

Be Careful of That Warrant for Your Arrest

A popular phone call/voicemail scam (i.e., vishing) involves someone calling you, claiming to be law enforcement with a warrant for your arrest, and then offers you an opportunity to ...

WeChat Phishing Attacks a Growing Threat Outside China

Lead analysts: Cameron Sweeney, Lucy Gee, Louis Tiley, James Dyer “Super-app” WeChat offers a wealth of functionality—from instant messaging, text and voice messaging, and video calls to ...

Phishing Campaign Targets Executives With Phony Awards

A phishing campaign is targeting executives with phony offers for awards, according to researchers at Trustwave SpiderLabs. The attackers first dupe the victims into handing over their ...

[Heads Up] Crafty New Phishing Attacks Abuse Free Cloudflare Pages

Malwarebytes warns that threat actors are abusing the free Cloudflare Pages service to host phishing portals, helping the phishing sites avoid detection by security scanners.

[Beware] Microsoft Teams 'Chat with Anyone' invites aren't always safe

Researchers at CyberProof warn that threat actors are launching phishing attacks via Microsoft Teams' “Chat with Anyone” feature, which lets external users send direct messages via email ...