Phishing-Resistant MFA Will Not Stop Phishing Attacks

Dec 7, 2023 10:25:31 AM By Roger Grimes

You would be hard-pressed to find an author and organization (KnowBe4) that has pushed the use of phishing-resistant multi-factor authentication (MFA) harder.

PDFs: Friend or Phishing Foe? Don't Get Caught by the Latest Scam Tactic

Dec 5, 2023 11:38:52 AM By Stu Sjouwerman

Researchers at McAfee warn that attackers are increasingly utilizing PDF attachments in email phishing campaigns.

Vishing Gang Takes Victims for “Tens of Millions” Using Little More than Social Engineering

Dec 1, 2023 12:26:52 PM By Stu Sjouwerman

Czech and Ukrainian police have arrested six individuals responsible for a call center-based vishing scam designed to trick victims into thinking they were already victims of fraud.

The Israel-Hamas Conflict is the Latest Example of Phishing Attacks Taking Advantage of Current Events

Nov 30, 2023 11:12:12 AM By Stu Sjouwerman

Using something as simple as an attachment with an Israel/Hamas-related filename seems to be all it takes for new social engineering attacks disguised as donation confirmations.

No One Knows How Online Pharmacy Company was Hit with a Data Breach Impacting 2.3 Million Customers

Nov 29, 2023 10:56:21 AM By Stu Sjouwerman

This is a cautionary tale of both how your data can legally end up in the hands of an organization you never intended and how victims can be largely left in the dark post-breach.

My Top 7 Cybersecurity Reflections for 2024

Nov 28, 2023 8:17:02 AM By Anna Collard

The digital landscape is evolving at an exponential rate, and with it, the cybersecurity challenges we face.

Initial Access Broker Activity Doubles in One Year’s Time

Nov 27, 2023 2:00:13 PM By Stu Sjouwerman

New data sheds light on just how active the Initial Access Broker (IAB) business is, and the growth uncovered doesn’t bode well for potential victim organizations.

Visa Warns of Increased Phishing Scams During Holiday Season

Nov 22, 2023 2:13:10 PM By Stu Sjouwerman

Visa Payment Fraud Disruption (PFD) expects phishing attacks to increase between November 2023 and January 2024. Findings in its Holiday Edition Threats Report outline the popular fraud ...

Cybercrime Group "Scattered Spider" is a Social Engineering Threat

Nov 20, 2023 3:08:35 PM By Stu Sjouwerman

The US Cybersecurity and Infrastructure Security Agency (CISA) and the FBI have released a joint Cybersecurity Advisory describing the Scattered Spider cybercriminal gang’s activities.

Johnny Jet's $3,000 Podcast Scam Nightmare – Unveiling the Elaborate Con that Hijacked his Facebook Kingdom

Nov 17, 2023 10:14:29 AM By Stu Sjouwerman

Travel influencer Johnny Jet has disclosed that he fell victim to a scam that caused him to lose access to his Facebook account, which has tens of thousands of followers. The scammers ...

QR Code Phishing Attacks Surging

Nov 17, 2023 10:14:02 AM By Stu Sjouwerman

The massive uptick in QR Code phishing is an indicator that scammers are seeing success in taking victims from the initial attack medium to one under the attacker’s control.

How to Help "Frequent Clickers" Become More Mindful

Nov 16, 2023 1:58:59 PM By Stu Sjouwerman

Within our organizations, there are those employees who consistently exhibit mindfulness, avoiding every phishing attempt. Yet, there are also those users who, despite repeated education ...

“Skillful Social Engineering of the IT Support Desk” One of the Most Common Tactics in Ransomware Attacks

Nov 9, 2023 3:57:11 PM By Stu Sjouwerman

As ransom payments reach an all-time high, it’s time to look at attacks from a data perspective and find the greatest opportunities to stop these attacks.

New York Department of Financial Services Strengthens Cybersecurity Regulation

Nov 7, 2023 1:47:01 PM By Stu Sjouwerman

The NYDFS’ 23 NYCRR Part 500 has been updated to reflect the current preventative and responsive measures necessary for Financial Services org to be ready for cyber attacks.

Targeted Social Engineering on the Rise With Lowering Phishing-as-a-Service Costs

Nov 7, 2023 1:46:47 PM By Stu Sjouwerman

Targeted individuals were the most common victims of social engineering attacks in the second half of 2022 and the first half of 2023, according to researchers at AtlasVPN.

Healthcare Sector Experiencing Increases in Ransomware, Ransoms and Downtime

Nov 6, 2023 9:18:42 AM By Stu Sjouwerman

An analysis of ransomware attacks on healthcare organizations from 2016 through October of 2023 shows the healthcare sector is likely to continue to suffer as a viable ransomware target.

Spear Phishing Becomes Most Common Attack Technique in Q3 2023

Nov 6, 2023 9:18:13 AM By Stu Sjouwerman

Spear phishing was the most common attack technique in the third quarter of 2023, according to researchers at ReliaQuest.

Cybersecurity Expert: AI Lends Phishing Plausibility for Bad Actors

Nov 2, 2023 10:47:52 AM By Stu Sjouwerman

Cybersecurity experts expect to see threat actors increasingly make use of AI tools to craft convincing, highly targeted and sophisticated social engineering attacks, according to Eric ...

Small Businesses are Experiencing More Cyber Attacks

Nov 2, 2023 10:47:49 AM By Stu Sjouwerman

As large organizations realize the likelihood of cyber attacks and improve their cyber readiness, small businesses are seeing increases not experienced by their larger counterparts.

September Sees a 32% Increase in the Number of Ransomware Attacks in Just One Month

Oct 31, 2023 10:07:46 AM By Stu Sjouwerman

Continued analysis of ransomware attacks shows an upward trend in the number of attacks, with September resulting in the highest number of assaults so far this year.

Security Awareness Training Blog

Social Engineering Blog

View Topics