U.K. Firms Have Dismissed Employees for Breaching Cybersecurity Policy Since COVID-19 Pandemic

Aug 18, 2020 11:23:11 AM By Stu Sjouwerman

Almost two-fifths of business decision-makers have fired employees because of a cybersecurity policy breach since the pandemic began, a survey has found.

ABC News Interviewed Me on South Carolina Man Finding Personal Information of WWE Star and Raiding Her Home

Aug 18, 2020 10:13:04 AM By Stu Sjouwerman

A man in South Carolina was just arrested after finding the personal information of WWE Star Sonya Deville, and ABC Action News Tampa Bay interviewed me about how we can prevent ...

The Celebrities Don't Know You, and You Don't Know Them

Aug 18, 2020 8:48:00 AM By Stu Sjouwerman

Over the past four months, the UK’s National Cyber Security Centre (NCSC) has shut down more than 300,000 URLs linking to investment schemes that fraudulently claim to be endorsed by ...

Trying for a win, win, win game. Listen to this 5-minute interview with me.

Aug 17, 2020 10:34:42 AM By Stu Sjouwerman

Cyberwire has a short-form podcast called Career Notes and interviewed me recently. They said: "Founder and CEO Stu Sjouwerman takes us on a journey of how his career developed from ...

Phishing Golden Hour

Aug 12, 2020 6:08:44 PM By Roger Grimes

In emergency healthcare settings, the “golden hour” is the time between when a patient suffering a life threatening event (e.g., heart attack, stroke, aneurysm, etc.) is most likely to ...

[Heads Up] Apparently Slack Phishing Got So Bad They Had To Do Something About It

Aug 12, 2020 10:09:15 AM By Stu Sjouwerman

Slack has announced a slew of new security features, certificates and integrations, including a verification system that adds an additional layer to protect against phishing scams.

Cybercriminals Target Execs in Microsoft 365 Credential Attack to Launch Internal BEC Scams

Aug 11, 2020 9:30:40 AM By Stu Sjouwerman

A new phishing attack spotted in the wild by security researchers at Trend Micro demonstrates how compromised data in an initial cyberattack is purposed in subsequent attacks.

Many US States Requiring Training on COVID-19 Before Return to Work

Aug 11, 2020 9:25:24 AM By Stu Sjouwerman

Many states across the US are now mandating that organizations provide training to your employees before they can return to work. Definitely check your local state guidelines but KnowBe4 ...

Legitimate Accounts for Illegitimate Business Email Compromise

Aug 11, 2020 8:28:12 AM By Stu Sjouwerman

Cybercriminals frequently use email accounts from legitimate services like Gmail to carry out business email compromise (BEC) attacks, Help Net Security reports. Researchers at Barracuda ...

SBA Phishing: Malicious Actors "Return to Roots" in the Hunt for Money

Aug 10, 2020 10:55:00 AM By Eric Howes

By Eric Howes, KnowBe4 Principal Lab Researcher. The COVID-19 pandemic continues to dominate news headlines as well as the development of malicious email attacks designed to separate ...

Cyberattacks Involving Both Data Exfiltration and Ransomware to Ensure Ransom Payment Increase 152%

Aug 10, 2020 8:27:19 AM By Stu Sjouwerman

Ransomware authors are realizing the benefit of either stealing data or just implying they have and threatening to publish the data publicly in order to increase their chances of being ...

Dark Patterns and the Craft of Online Persuasion

Aug 10, 2020 8:22:35 AM By Stu Sjouwerman

People should learn how to spot the tactics companies (and, more importantly, criminals) use to persuade customers (or marks), especially when those tactics are used deceitfully, ...

Nearly Half of Dutch Listed Companies Do Not Provide Information on Cybersecurity in Annual Report

Aug 10, 2020 8:00:00 AM By Stu Sjouwerman

Many publicly traded companies in the Dutch AEX, AMX and AScX indices fail to be transparent on cybersecurity efforts in their annual reports. While the Netherlands is a highly digitized ...

The U.N. counterterrorism chief says a 350% increase in phishing websites was reported in Q1 2020

Aug 7, 2020 4:14:05 PM By Stu Sjouwerman

UNITED NATIONS -- A 350% increase in phishing websites was reported in the first quarter of the year, many targeting hospitals and health care systems and hindering their work responding ...

Leaked U.S.-UK Trade Documents Show How Devastating Compromised Email Can Be

Aug 6, 2020 4:15:57 PM By Stu Sjouwerman

An ongoing criminal investigation highlights how classified documents stolen by Russian hackers from former U.K. trade minister Liam Fox may have been used to impact the British 2019 ...

The Importance of Identifying and Focusing on the Malicious Behavior

Aug 6, 2020 8:31:49 AM By Stu Sjouwerman

Identifying malicious behavior is a more effective long-term strategy than trying to block individual malicious actors, according to Johnathan Hunt, Vice President of Security at GitLab. ...

Visit KnowBe4 at Black Hat USA 2020 - Virtual Event

Aug 5, 2020 11:26:42 AM By Stu Sjouwerman

Are you attending (the 100% virtual) Black Hat USA 2020? Be sure to stop by the KnowBe4 booth August 5-6th to find out how to secure your last line of defense: USERS.

Explosion of Zoom Meeting Phishing Attacks Over Spring and Summer of 2020 and Targeting Office365 and Outlook Credentials

Aug 5, 2020 8:44:18 AM By Stu Sjouwerman

Researchers at INKY have observed an “explosion” of Zoom-themed phishing attacks over the Spring and Summer of 2020. Most of the attacks are aimed at stealing credentials to services like ...

New U.K. Phishing Scam uses a £400 Tax Cut as Bait

Aug 5, 2020 8:24:40 AM By Stu Sjouwerman

Pretending to be the U.K. Governments’ Digital Service Team, this latest COVID-related phishing attack seeks to con victims out of their credit card details.

Netflix Phishing Attack Hides Behind a Functional CAPTCHA Page to Avoid Detection

Aug 5, 2020 8:21:36 AM By Stu Sjouwerman

In an interesting twist, cybercriminals utilize a well-known technology to keep security solutions from identifying a “failed payment” email as being fraudulent.

Security Awareness Training Blog