KnowBe4 Blog

Social Engineering

Latest social engineering news, analysis, tactics the bad guys are using and what you can do to defend your organization.

Warning: Scammers are Targeting WhatsApp Users

Researchers at Bitdefender warn of a wave of social engineering attacks targeting WhatsApp accounts.

What is Human Risk Management?

Cybersecurity has long focused on fortifying networks, securing endpoints and blocking malicious code. Yet one of the most persistent and costly security vulnerabilities isn’t technical — ...

Europol Warns of Social Engineering Attacks

Social engineering remains a primary initial access vector for cybercriminals, according to a new report from Europol.

Warning: Voice Deepfakes Continue to Improve

AI-generated voice deepfakes present an urgent threat to organizations, according to researchers at Pindrop.

Phishing Deep Dive: EU-Affiliated Survey Platform Exploited in Sophisticated Credential Harvesting Campaign

Lead Researchers: James Dyer and Louis Tiley Between May 5 and May 7, 2025, KnowBe4 Threat Lab identified a phishing campaign originating from accounts created on the legitimate service ...

Protect Yourself: Vishing Attacks Are Growing More Sophisticated

Researchers at Google’s Mandiant have published a report on voice phishing (vishing) attacks, noting that these attacks have served as initial access points for recent waves of ransomware ...

What Is AI?

What is AI really? Throughout this article, I will remove the hype and get to the most honest answer ever.

How a Fake Cybersecurity Firm Became a Real Threat

Picture this: it's 2021. You're an IT professional, scrolling through LinkedIn, when a message pings. "Bastion Secure," a new cybersecurity company, is hiring. The pay? Excellent.

OpenAI Report Describes AI-Assisted Social Engineering Attacks

OpenAI has published a report looking at AI-enabled malicious activity, noting that threat actors are increasingly using AI tools to assist in social engineering attacks and influence ...

Warning: Crooks Are Using Vishing Attacks to Compromise Salesforce Instances

A criminal threat actor tracked as “UNC6040” is using voice phishing (vishing) attacks to compromise organizations’ Salesforce instances, according to researchers at Google’s Threat ...