Security Awareness Training Blog

Security Awareness Training Blog

Read the latest news about security awareness training, best practices, why you need it, and what happens when you don't have it in place.

Cybercriminals Target Execs in Microsoft 365 Credential Attack to Launch Internal BEC Scams

A new phishing attack spotted in the wild by security researchers at Trend Micro demonstrates how compromised data in an initial cyberattack is purposed in subsequent attacks.
Continue Reading

Many US States Requiring Training on COVID-19 Before Return to Work

Many states across the US are now mandating that organizations provide training to your employees before they can return to work. Definitely check your local state guidelines but KnowBe4 ...
Continue Reading

Legitimate Accounts for Illegitimate Business Email Compromise

Cybercriminals frequently use email accounts from legitimate services like Gmail to carry out business email compromise (BEC) attacks, Help Net Security reports. Researchers at Barracuda ...
Continue Reading

SBA Phishing: Malicious Actors "Return to Roots" in the Hunt for Money

By Eric Howes, KnowBe4 Principal Lab Researcher. The COVID-19 pandemic continues to dominate news headlines as well as the development of malicious email attacks designed to separate ...
Continue Reading

Cyberattacks Involving Both Data Exfiltration and Ransomware to Ensure Ransom Payment Increase 152%

Ransomware authors are realizing the benefit of either stealing data or just implying they have and threatening to publish the data publicly in order to increase their chances of being ...
Continue Reading

Dark Patterns and the Craft of Online Persuasion

People should learn how to spot the tactics companies (and, more importantly, criminals) use to persuade customers (or marks), especially when those tactics are used deceitfully, ...
Continue Reading

Nearly Half of Dutch Listed Companies Do Not Provide Information on Cybersecurity in Annual Report

Many publicly traded companies in the Dutch AEX, AMX and AScX indices fail to be transparent on cybersecurity efforts in their annual reports. While the Netherlands is a highly digitized ...
Continue Reading

The U.N. counterterrorism chief says a 350% increase in phishing websites was reported in Q1 2020

UNITED NATIONS -- A 350% increase in phishing websites was reported in the first quarter of the year, many targeting hospitals and health care systems and hindering their work responding ...
Continue Reading

Leaked U.S.-UK Trade Documents Show How Devastating Compromised Email Can Be

An ongoing criminal investigation highlights how classified documents stolen by Russian hackers from former U.K. trade minister Liam Fox may have been used to impact the British 2019 ...
Continue Reading

The Importance of Identifying and Focusing on the Malicious Behavior

Identifying malicious behavior is a more effective long-term strategy than trying to block individual malicious actors, according to Johnathan Hunt, Vice President of Security at GitLab. ...
Continue Reading

See Ridiculously Easy Security Awareness Training and Phishing

Join us for a live demo on Security Awareness Training and phishing in action!
Continue Reading

Visit KnowBe4 at Black Hat USA 2020 - Virtual Event

Are you attending (the 100% virtual) Black Hat USA 2020? Be sure to stop by the KnowBe4 booth August 5-6th to find out how to secure your last line of defense: USERS.
Continue Reading

Explosion of Zoom Meeting Phishing Attacks Over Spring and Summer of 2020 and Targeting Office365 and Outlook Credentials

Researchers at INKY have observed an “explosion” of Zoom-themed phishing attacks over the Spring and Summer of 2020. Most of the attacks are aimed at stealing credentials to services like ...
Continue Reading

New U.K. Phishing Scam uses a £400 Tax Cut as Bait

Pretending to be the U.K. Governments’ Digital Service Team, this latest COVID-related phishing attack seeks to con victims out of their credit card details.
Continue Reading

Netflix Phishing Attack Hides Behind a Functional CAPTCHA Page to Avoid Detection

In an interesting twist, cybercriminals utilize a well-known technology to keep security solutions from identifying a “failed payment” email as being fraudulent.
Continue Reading

Is it a Quiz Scam? Is it Bad? Is it Back With a Vengeance?

The answer to all three questions would seem to be, "yes." Quiz scams have become widespread over the past year, but they’ve gone largely unremarked, researchers at Akamai have found. ...
Continue Reading

July Fresh Content Updates from KnowBe4: Including New Recommended Training Suggestions in the ModStore

Here are a few important fresh content and feature updates to share with you for the month of July.
Continue Reading

[MOST WANTED] Criminal Hacker Of The Week: Maksim Viktorovich Yakubets

The FBI said: The United States Department of State’s Transnational Organized Crime Rewards Program is offering a reward of up to $5 million for information leading to the arrest and/or ...
Continue Reading

Introduction To KnowBe4's Services

KnowBe4 helps organizations to educate and train their employees against social engineering attacks, and carry out other required compliance training. KnowBe4 offers over 1,000 different ...
Continue Reading

The Recent Massive Twitter Social Engineering Hack Was Tried And True Pretexting

The verge reported: "Twitter provided an update about the unprecedented July 15th attack that allowed hackers to tweet from some of the most high-profile accounts on the service, in a ...
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews