[Heads-Up] Feeding Frenzy: COVID-19 Phishing Attacks Surge as U.S. Reels from Pandemic

Mar 23, 2020 7:00:00 AM By Eric Howes

By Eric Howes, KnowBe4 Principal Lab Researcher. Having already published three blog pieces on the epidemic of Coronavirus-themed phishing emails and spam/scam offerings online (see HERE, ...

Reinforcing Security Norms During the Coronavirus Crisis

Mar 20, 2020 8:43:08 AM By Joanna Huisman

This blog was co-written by Joanna Huisman and Aimee Laycock. We have all seen an increase in the amount of advice and guidance from the healthcare sector and others since the start of ...

Organizations Need To Be Wary Of Home Worker Phishing Risks

Mar 19, 2020 5:31:33 PM By Stu Sjouwerman

Security experts warn that phishing attacks against home workers will rise.

Human Behavior is What Makes Phishing Attacks So Successful

Mar 19, 2020 8:28:37 AM By Stu Sjouwerman

The problem isn’t the lack of software designed to detect, prevent, and protect – it’s that human response is a required part of every phishing attack that users seem to be happy to ...

Healthcare Providers Suffer 350 Percent Increase in Ransomware Attacks

Mar 19, 2020 8:25:03 AM By Stu Sjouwerman

The lack of proper security technologies in place is largely to blame for the massive increase in ransomware attacks in Q4 of 2019 as compared to the same time the previous year.

Domains Use Homographic Characters to Create Hard to Spot Phishing URL's

Mar 18, 2020 8:35:31 AM By Stu Sjouwerman

Website domains can use homographic characters to create very hard-to-spot phishing URLs, Threatpost reports. Cybersecurity researcher Avi Lumelsky demonstrated how easy it is to create ...

The Effectiveness of Educating End Users With a Test-Out Quiz

Mar 17, 2020 12:54:14 PM By Roger Grimes

Use a “test-out” quiz as a way to get people who are normally resistant to training to proactively take the training. They think they are taking a quiz to avoid the training, but in ...

FBI Sends Private Industry Notification Warning of BEC Techniques

Mar 17, 2020 8:32:03 AM By Stu Sjouwerman

The FBI sent out a Private Industry Notification (PIN) warning companies that attackers are abusing Microsoft Office 365 and Google’s G Suite to launch business email compromise (BEC) ...

U.K. Revenue Collector Data Shows Email Scams Are on the Decline in Favor of Vishing and SMiShing Attacks

Mar 16, 2020 6:05:03 PM By Stu Sjouwerman

Scams aimed at conning U.K. taxpayers out of money and credentials are reportedly experiencing shifts in mediums from email to phone and text.

It is in times of crisis you will be tested

Mar 16, 2020 1:43:21 PM By Stu Sjouwerman

Many organizations are dusting off their crisis management documents this week. Many a contingency plan will see its first-ever run. As the C-19 is spreading fast around the world, more ...

Coronavirus-Themed Simulated Phishing Templates

Mar 16, 2020 9:48:41 AM By Stu Sjouwerman

The following templates were added to the console this morning:

Malicious IQY Files Found in Spam Campaign

Mar 16, 2020 8:26:37 AM By Stu Sjouwerman

Researchers at Lastline have come across a phishing campaign that’s using Internet Query (IQY) files to bypass security filters and deliver a new version of the Paradise ransomware. The ...

U.S. Homeland Security: "Malicious Actors Expected To Focus Attacks On Teleworkers. Secure Your VPN"

Mar 14, 2020 9:55:44 AM By Stu Sjouwerman

The Department of Homeland Security's cybersecurity agency this week shared tips on how to properly secure enterprise virtual private networks (VPNs) seeing that a lot of organizations ...

FBI: Ransomware Attacks Have Cost Victims over $140 Million With Ryuk Leading the Way

Mar 13, 2020 3:12:17 PM By Stu Sjouwerman

New details presented at RSA 2020 outline which ransomware variants are the highest paid over the last 6 years and what was their share of the millions paid in ransom.

U.K. Pensions Regulator Sees 145 Percent Increase in Malicious Email Activity

Mar 13, 2020 8:21:15 AM By Stu Sjouwerman

The U.K. Government’s massive jump in email-based cyberattacks far outpaces even the most aggressive phishing or spam growth numbers seen this year.

[Heads Up] Your Exfiltrated Ransomware Data Is Now Used To Spearphish Your Business Partners

Mar 12, 2020 1:26:41 PM By Stu Sjouwerman

Ransomware operators are continually improving their tactics to ensure more lucrative payouts, according to Information Security Media Group (ISMG). Over the past several years, attackers ...

[Heads Up!] A Whopping 21 Percent of Phishing Attack URLs Are Not Detected As Malicious For Days After They Go Live

Mar 12, 2020 7:03:09 AM By Stu Sjouwerman

New data from Akamai provides insight into why phishing attacks are making it all the way to the endpoint… and why they can trick users so easily into becoming a victim.

Secret Service Warning: Exploiting the Coronavirus for Fraud and Profit.

Mar 11, 2020 1:07:08 PM By Eric Howes

By Eric Howes, KnowBe4 Principal Lab Researcher. On Monday of this week we published a review of the coronavirus-themed emails that had been reported to us by customers using the Phish ...

A Look at Email Security in the US Healthcare Sector

Mar 11, 2020 8:24:41 AM By Stu Sjouwerman

90% of US healthcare organizations experienced email-based attacks in the past year, and 25% of these organizations said the attacks were extremely or very disruptive, according to a new ...

Cyberattacks on MSPs Grow Exponentially as the Focus Shifts to Hold Their Customer’s Data for Ransom

Mar 10, 2020 9:56:37 AM By Stu Sjouwerman

Recent insight from data protection vendor Datto puts MSPs on notices to secure their own environments to protect both their business and that of their customers.

Security Awareness Training Blog