Security Awareness Training Blog

Phishing Blog

Learn about current phishing techniques, notable campaigns and attacks, what to watch out for 'in the wild', and more.

Phishing Attacks Rose by 30 Million in Q3 2018

Kaspersky Lab blocked 137 million phishing attempts in the third quarter of 2018, a 28 percent increase compared to Q2 2018. A report by the anti-virus company reveals that phishing ...
Continue Reading

New Ransomware Gang Pays Affiliates Up To 70% Of The Loot

A growing Ransomware-as-a-Service model uses affiliate attackers with proven track records to spread the malware, offering a percentage of the ransom.
Continue Reading

"Inception Attackers" Mix Old Exploit, New Backdoor, and Spear Phishing

SecurityWeek reported about a Palo Alto Networks warning: "A malicious group known as the “Inception” attackers has been using a year-old Office exploit and a new backdoor in recent ...
Continue Reading

Scam Of The Week: Fortnite And League of Legends Phishing Attacks

This is an excellent opportunity to sit down with your young'uns and explain the risks of online scams.
Continue Reading

Phishing Scam Is Targeting League of Legends Players

A phishing scam is using fake login pages to target League of Legends players, according to Avast Blog. At the moment, the attacks are taking place primarily in western Europe, mainly ...
Continue Reading

Got A Chinese Vishing Scam Call in Mandarin

Howard, KnowBe4's HackBusters Discussion Forum Moderator reported on this very interesting phone call he got:
Continue Reading

Has Microsoft Office 365 Beat Phishing?

By Roger A. Grimes, KnowBe4's Data-Driven Defense Evangelist. Microsoft recently announced a big update to their Microsoft Office 365 (O365) anti-phishing technical capabilities. ...
Continue Reading

School Daze: Clever Phishing Emails Target Educational Organizations

By Eric Howes, KnowBe4 Principal Lab Researcher. It will surprise few people to learn that during our daily review of suspicious emails forwarded to us by users of the Phish Alert Button ...
Continue Reading

Replica Phishing Sites Prey on User Trust

Attacks leveraging look-alike federated logon pages are more dangerous than malware-laden attachments in email.
Continue Reading

KnowBe4 Top-Clicked Phishing Email Subjects for Q3 2018 [INFOGRAPHIC]

The latest results of KnowBe4's quarterly top-clicked phishing email subjects is now available. We report on three different categories: general emails, social media related subjects, and ...
Continue Reading

[Heads-up] U.S. Government: "Your Weak Cyber Security Violates Federal Law"

Reuters just made me aware of a U.S. Securities and Exchange Commission report about a recent SEC investigation of nine companies that had been victims of CEO fraud had sufficient ...
Continue Reading

It Only Takes One Phish: 37K Records and a Month of Access

The attack on California-based Gold Coast Health Plan went undetected, allowing attackers access to healthcare data serving as fuel for fraud.
Continue Reading

UK publishers warn of global phishing scams targeting manuscripts

A succession of global phishing scams targeting publishers and agents has prompted responses from several global publishers, reports the Bookseller.
Continue Reading

Organizations Need to Prepare for the Aftermath of Phishing Attacks

Phishing campaigns are growing more sophisticated as industries become increasingly aware of the threat they pose. Some of these attacks are so clever and meticulously crafted that many ...
Continue Reading

Vishing Scams are Increasingly Difficult to Detect

Phone scams are becoming more convincing as attackers devise new ways to sound legitimate. KrebsOnSecurity recently spoke with several readers who'd been targeted by voice phishing, or ...
Continue Reading

KnowBe4's Phish Alert Button Now Works With Outlook Mobile!

Do your users know what to do when they receive a suspicious email? Should they call the help desk, or forward it? Should they forward to IT including all headers? Delete and not report ...
Continue Reading

Bleeding Edge Phishing Attack Uses Decoy PDF with Microsoft-issued SSL Cert

TL,DR: A recent phishing attack posing as a PDF decoy from a Denver law firm was stealing clients' Office 365 credentials. The phishing bait was hosted in Azure blob storage and contained ...
Continue Reading

Worry About Phishing, Not Malware!

With so many security strategies revolving around the detection of malware, organizations forget the primary source of all their worries – phishing.
Continue Reading

Kevin Mitnick weighs in on Facebook's big security breach

It was all over the news, and CNBC interviewed KnowBe4's very own Chief Hacking Officer Kevin Mitnick (note the StreetCred box on the right).
Continue Reading

[InfoGraphic] 20 Ways to Block Mobile Attacks

To start your National Cyber Security Awareness Month (NCSAM) here is a goodie for your users to kick things off.
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews