QBot Malware Attacks Use SVG files to Perform HTML Smuggling

Dec 27, 2022 9:20:16 AM By Stu Sjouwerman

QBot malware phishing campaigns have adopted a new distribution method using SVG files to perform HTML smuggling that locally creates a malicious installer for Windows.

Spear Phishing Campaign Targets Japanese Political Organizations

Dec 22, 2022 9:43:59 AM By Stu Sjouwerman

Researchers at ESET warn that a Chinese-speaking threat actor dubbed “MirrorFace” targeted Japanese political organizations with spear phishing emails in the run-up to the Japanese House ...

"How I lost my dog and almost my Google credentials..."

Dec 21, 2022 4:45:48 PM By Stu Sjouwerman

A well-trained Knowster posted: "I lost my dog this weekend and my mother in law was trying to be helpful and put my real phone number on a few social media posts she made. Now im getting ...

Ivanti Report Shows Cybersecurity Practitioners Concentrating on Right Threats

Dec 21, 2022 9:25:23 AM By Roger Grimes

A recent Ivanti report shows cybersecurity practitioners getting more focused on the threat landscape, but defenders may need to hone their attention to focus on the right threats.

Now BEC Attacks Steal Physical Goods

Dec 20, 2022 8:49:21 AM By Stu Sjouwerman

The Federal Bureau of Investigation (FBI), the Food and Drug Administration Office of Criminal Investigations (FDA OCI), and the US Department of Agriculture (USDA) have released a joint ...

Social Engineering, Money Mules, and Job Seekers

Dec 19, 2022 10:32:37 AM By Stu Sjouwerman

A small town in Manitoba, WestLake-Gladstone (population about 3300), fell victim to a social engineering campaign. The municipal government seems to have been a target of opportunity, ...

Look Out For Scammers This Holiday Season on Social Media

Dec 14, 2022 9:12:39 AM By Erich Kron

You know how some gifts are insanely sought after each year, selling out in mere minutes? Well, these are great tools for scammers, especially on social media.

[EYE OPENER] How ChatGPT Can Be Used For Social Engineering

Dec 10, 2022 10:12:36 AM By Stu Sjouwerman

ChatGPT could give Google a serious run for its money. We are not quite there yet, but the capabilities are rapidly improving. Just have a look at the command I gave it. In 5 seconds the ...

Scammer Group Uses Business Email Compromise to Impersonate European Investment Portals

Dec 8, 2022 8:58:00 AM By Stu Sjouwerman

A sophisticated scammer group has stolen at least €480 million from victims in France, Belgium, and Luxembourg since 2018, according to researchers at Group-IB. The gang uses a highly ...

New Threat Group Already Evolves Delivery Tactics to Include Google Ads

Dec 2, 2022 12:36:56 PM By Stu Sjouwerman

Delivering an equally new Royal ransomware, this threat group monitored by Microsoft Security Threat Intelligence has already shown signs of impressive innovation to trick victims.

Quiet Quitting Can Potentially Lead to Insider Security Risks

Nov 29, 2022 8:52:45 AM By Stu Sjouwerman

The phenomenon known as “quiet quitting,” in which employees become disengaged from their work while formally remaining in their jobs, can lead to serious security risks, according to Tim ...

Merriam-Webster has announced "gaslighting" as the 2022 word of the year

Nov 29, 2022 7:13:38 AM By Stu Sjouwerman

Merriam-Webster has announced "gaslighting" as the 2022 word of the year. One definition of gaslighting is "to manipulate (someone) into believing that he or she is going insane or that ...

There’s No Such Thing as a Free Yeti, Only Social Engineering Tactics

Nov 28, 2022 11:34:57 AM By Stu Sjouwerman

It’s easy to think of the typical online holiday scam as something that affects mostly individuals. Sad, maybe, and unfortunate, but not something that might seriously threaten a ...

[Send This To Your Users] 5 Top Scams To Watch Out For This Holiday Season

Nov 25, 2022 4:05:48 PM By Stu Sjouwerman

Here is a 3-minute article that we suggest you copy/paste and send to all your users as part of your ongoing security culture campaign. "The holiday season is a time when people are ...

New Instagram Support Phishing Attack Fakes “Unusual Logon” Experience Well Enough to Fool Victims

Nov 22, 2022 9:36:16 AM By Stu Sjouwerman

Long gone are the days of tacky landing pages that barely impersonate a brand; threat actors are improving their social engineering game well enough to make anyone believe it’s the real ...

Over One-Third of Companies Who Pay the Ransom are Targeted for a Second Time

Nov 21, 2022 11:33:06 AM By Stu Sjouwerman

Despite the somewhat logical notion that once you’ve paid the ransom, the attack is over, new data shows that paying the ransom doesn’t help you anywhere near how much you think it does.

Fangxiao Domain-Spoofing for Revenue

Nov 16, 2022 9:07:56 AM By Stu Sjouwerman

Researchers at Cyjax describe a large phishing campaign being run by a China-based financially motivated threat actor called “Fangxiao.” The threat actor has been active since at least ...

[FREE Resource Kit] Stay Safe This Holiday Season with KnowBe4

Nov 15, 2022 12:32:09 PM By Stu Sjouwerman

It's the best time of the year! But also, it's the busiest time for cybercriminals. Since your users will be distracted with seasonal activities, cybercriminals will take advantage of the ...

“Hired Hand” in the Kingdom of Saudi Arabia Uses Domain Spoofing

Nov 15, 2022 8:59:27 AM By Stu Sjouwerman

Sometimes a social engineering campaign has a clear geographical focus, often shaped by language, holidays, or current events. In this case, the scammers are taking opportunistic ...

[HEADS UP] FBI Warns of Tech Support Scams That Impersonate Payment Portals for Fake Refunds

Nov 10, 2022 3:59:40 PM By Stu Sjouwerman

In the latest FBI warning, cybercriminals are now impersonating financial institutions' refund payment portals. This effort is to contain victims' personal information with legitimacy.

Security Awareness Training Blog

Social Engineering Blog

View Topics