KnowBe4 Blog

Social Engineering

Latest social engineering news, analysis, tactics the bad guys are using and what you can do to defend your organization.

[Heads Up] GitHub Breach Shows Developer Tools Are Social Engineering Targets

GitHub disclosed that attackers accessed its internal repositories after compromising an employee device through a poisoned Visual Studio Code extension. The company said the activity ...

Robinhood Glitch Allowed Attackers to Send Phishing Emails to Customers

A phishing campaign exploited a glitch in Robinhood’s account creation process to send phishing emails from the investment platform’s own systems, SecurityWeek reports.

Report: Romance Scams Cost UK Victims £102 Million Last Year

UK residents lost £102 million ($138 million US) to romance scams in 2025, according to a new report from the City of London Police.

Warning: Phishing Attacks Are Abusing the Kuse AI App

Attackers are abusing the storage and sharing features of Kuse, a free AI app, to assist in phishing campaigns, according to researchers at Trend Micro. Kuse is a legitimate agentic AI ...

FTC: Americans Lost $2.1 Billion to Social Media Scams Last Year

A new report from the US Federal Trade Commission (FTC) has found that Americans lost $2.1 billion in 2025 to scams that began on social media. Nearly 30% of people who reported losing ...

Warning: Netflix Phishing Scams Can Lead to Serious Consequences

Researchers at Bitdefender warn that Netflix-themed phishing attacks can have far-reaching consequences if users follow poor security practices. While Netflix is generally associated with ...

Attackers Continue to Pose as Help Desks in Social Engineering Attacks

Researchers at Google’s Threat Intelligence Group (GTIG) are tracking a new threat actor that’s impersonating help desks to trick users into installing malware. The threat actor, which ...

FBI: Americans Lost More Than $20 billion to Fraud Last Year

Cyber-enabled crimes cost Americans nearly $21 billion in 2025, a 26% increase from the previous year, according to the FBI’s latest Internet Crime Report. Phishing, extortion, and ...

Phishing Campaigns Abuse AI Workflow Automation Platforms

Threat actors are abusing agentic AI automation platforms to deliver malware and send phishing emails, according to researchers at Cisco Talos. The researchers observed attackers using ...

New Phishing Kit Streamlines ClickFix Attacks

A new commodity phishing kit called “Venom Stealer” allows threat actors to automate ClickFix attacks, according to researchers at BlackFog. ClickFix is a social engineering technique ...