Email Conversation Hacking to Distribute Malware

Mar 29, 2022 9:03:08 AM By Stu Sjouwerman

Researchers at Intezer warn that attackers are hijacking email conversations to distribute the IcedID banking Trojan. This technique makes the phishing emails appear more legitimate and ...

Making Better Push-Based MFA

Mar 28, 2022 1:51:20 PM By Roger Grimes

I used to be a huge fan of Push-Based Multifactor Authentication (MFA), but real-world use has shown that most of today’s most popular implementations are not sufficiently protective ...

Buy Now, Pay Later Scams

Mar 28, 2022 9:31:28 AM By Stu Sjouwerman

Fraudsters are taking advantage of the buy-now, pay-later (BNPL) payment model, according to Jim Ducharme, COO of Outseer. On the CyberWire’s Hacking Humans podcast, Ducharme explained ...

Initial Access Broker Group Relies on Social Engineering

Mar 24, 2022 10:20:53 AM By Stu Sjouwerman

Google’s Threat Analysis Group (TAG) describes a cybercriminal group it calls “EXOTIC LILY” that acts as an initial access broker for numerous financially motivated threat actors, ...

Number of Phishing Attacks Hits an All-Time High in 2021, Tripling That of Early 2020

Mar 23, 2022 2:00:34 PM By Stu Sjouwerman

New data from the Anti-Phishing Working Group shows cybercriminals are stepping on the gas, focusing phishing attacks on credential theft and response-based scams.

Published Zelenskyy Deepfake Video Demonstrates the Modern War is Online

Mar 22, 2022 4:10:05 PM By Stu Sjouwerman

The video uploaded to a hacked Ukrainian news website shows how far the technology has come, how it can be used in social engineering, as well as how the tech still needs to improve.

SMBs Are 350% More Likely to Experience Social Engineering Attacks Via Phishing

Mar 22, 2022 4:08:43 PM By Stu Sjouwerman

New data shows phishing, social engineering, and impersonation dominate as cybercriminals are becoming more frequent and successful with their attacks.

KnowBe4 Named a Leader in The Forrester Wave for Security Awareness and Training Solutions

Mar 17, 2022 8:00:00 AM By Stu Sjouwerman

We’re thrilled to announce that KnowBe4 has been named a Leader in The Forrester WaveTM : Security Awareness and Training Solutions, Q1 2022 report based on our current offering, strategy ...

Shipping Fraud Rises Nearly 800% in 2021

Mar 15, 2022 8:48:09 AM By Stu Sjouwerman

Shipping fraud had a global increase of nearly 800% over the course of 2021, according to TransUnion’s 2022 Global Digital Fraud Trends Report.

Social Engineering through Contact Form

Mar 14, 2022 9:16:00 AM By Stu Sjouwerman

Email is the familiar form of phishing, but there’s an ongoing criminal campaign that follows a different, arguably subtler avenue of approach: the corporate contact form. Abnormal ...

Social Engineering a Major Factor in Cyberattack on Camera Maker Axis Communications

Mar 9, 2022 10:58:04 AM By Stu Sjouwerman

As details of the February attack continue to be divulged, it becomes evident that cybercriminals were able to get past both users and security controls.

[World Premiere] KnowBe4’s New Season 4 of Netflix-Style Security Awareness Video Series - ‘The Inside Man’

Mar 8, 2022 8:30:14 AM By Stu Sjouwerman

We’re thrilled to announce the long-awaited fourth season of the award-winning KnowBe4 Original Series - ‘The Inside Man’ is now available in the KnowBe4 ModStore!

FBI: Scammers Take Business Email Compromise Attacks to Virtual Meeting Platforms

Mar 4, 2022 8:34:12 AM By Stu Sjouwerman

In a new twist on an old scam, BEC attacks switch from email to a virtual meeting where social engineering tactics are used to further establish credibility and increase the likelihood of ...

What It's Like to Be the Face of Romance (Scams)

Mar 3, 2022 8:40:41 AM By Stu Sjouwerman

A real US Army colonel named Daniel Blackmon is being impersonated in hundreds or even thousands of romance scams, according to Haley Britzky at Task & Purpose. The scammers took ...

Scammers Will Take Advantage of New IRS Rules

Mar 1, 2022 9:42:52 AM By Stu Sjouwerman

New IRS requirements will soon be used as phishbait, according to Gene Marks, owner of Marks Group PC and a columnist for the Guardian.

Wartime Suffering as Phishbait

Feb 28, 2022 10:45:46 AM By Stu Sjouwerman

It’s easy to forget, when a hybrid war like the one currently raging in Ukraine is occupying so much attention, that ordinary criminal lowlifes continue to seek victims, and the war only ...

20 Year-Old “Right-to-Left Override” Functionality Used in Attacks to Trick Microsoft 365 Users Out of Credentials

Feb 22, 2022 9:01:58 AM By Stu Sjouwerman

Used to disguise malicious file extensions, this legacy functionality is being repurposed in attacks to obfuscate attachment types and steal credentials in an impressive way.

New QBot Attack Only Takes 30 Minutes to Elevate Privileges and Steal Data

Feb 22, 2022 9:01:50 AM By Stu Sjouwerman

This banking trojan-turned-information-stealer has been around for nearly 15 years. But its latest iteration – seen even in the past few weeks – has stepped up in its’ ability to act ...

The 4 Things You Should Be Doing Right Now To Best Improve Your Cybersecurity

Feb 3, 2022 3:28:15 PM By Roger Grimes

The key to really good cybersecurity is to concentrate on just 4 things. Master them first before you begin to try and do the other hundreds of things that everyone else is going to tell ...

Web Trackers Collect Much More Info About Your Users’ Browsing Activity Than Previously Believed

Feb 3, 2022 8:27:29 AM By Stu Sjouwerman

Researchers at Norton LifeLock have found that web trackers are collecting much more information about users’ browsing activity than had previously been believed. Such trackers can follow ...

Security Awareness Training Blog

Social Engineering Blog

View Topics