Specially Crafted ZIP Files Used to Bypass Secure Email Gateways

Nov 8, 2019 7:00:00 AM By Stu Sjouwerman

Attackers are always looking for new tricks to distribute malware without them being detected by antivirus scanners and secure email gateways. This was illustrated in a new phishing ...

The Most Fascinating Layer in a SOC: The Human Layer

Nov 7, 2019 8:00:00 AM By Jelle Wieringa

During my travels, the topic of security operations comes up often. And nearly every security professional I talk to is either contemplating or already implementing some form of ...

APWG Q3 Report: Phishing Attacks at Highest Level in Three Years

Nov 5, 2019 10:38:28 AM By Stu Sjouwerman

According to the APWG’s new Phishing Activity Trends Report, the number of phishing attacks continued to rise into the autumn of 2019. The total number of phishing sites detected by APWG ...

Healthcare Industry Names KnowBe4 As The 2019 Top Rated Platform For Cybersecurity Training & Education

Nov 4, 2019 10:22:19 AM By Stu Sjouwerman

Black Book Market Research LLC surveyed over 2,876 security professionals from 733 provider organizations to identify gaps, vulnerabilities and deficiencies that persist in keeping ...

American Nikkei Employee Falls For Social Engineering Scam And Loses 29 Million Dollars

Nov 4, 2019 7:48:46 AM By Stu Sjouwerman

Phil Muncaster at InfoSec Mag had the (painful) scoop: "Media giant Nikkei has become the latest firm to suffer a humiliating Business Email Compromise (BEC), after it admitted losing ...

[Heads Up] Scam Of The Week: Phishing Attacks Using Better Benefits And Pay Raise Bait

Nov 2, 2019 9:25:02 AM By Stu Sjouwerman

Millions of employees use KnowBe4's Phish Alert Button to report suspect emails, and thousands of organizations share these reports with us. This has become a fascinating threat source, ...

Webroot Threat Researchers Take a Fresh Look at Phishing Tactics

Nov 1, 2019 7:15:50 AM By Stu Sjouwerman

Most people aren’t aware of how sophisticated phishing email templates and websites have become, according to David Dufour from Webroot. Dufour recently told the CyberWire that criminals ...

[Heads-Up] North Korean Malware Found On Indian Nuclear Plant's Network

Oct 31, 2019 7:05:09 AM By Stu Sjouwerman

I am not a happy camper. This is exactly why I have been insisting on security awareness training for employees at critical infrastructure organizations. This could have been a Real Life ...

Lessons Learned From Vishing Robocall Attacks In Mandarin

Oct 31, 2019 6:49:00 AM By Stu Sjouwerman

Among the specialized forms of vishing are those that target specific language communities. Chinese-speaking people in the US and around the world are increasingly being targeted with ...

Ransomware Attack Causes School 'District-Wide Shutdown'

Oct 30, 2019 6:51:58 AM By Stu Sjouwerman

A ransomware attack hitting Las Cruces Public Schools forced the district to shut down the entire computer system to contain the infection.

Vishing, from (not) the Bank

Oct 30, 2019 5:59:59 AM By Stu Sjouwerman

We saw yesterday how phishing affects the financial sector. Here we see another, related trend: impersonation attacks that purport to be from the victim’s bank.

Phishing Attack Targets Humanitarian Organizations

Oct 28, 2019 7:01:01 AM By Stu Sjouwerman

Researchers at Lookout have discovered an ongoing phishing campaign targeting humanitarian non-governmental organizations (NGOs), including UNICEF and the Red Cross. The infrastructure ...

CNN Says "Hack Our Reporter," and White Hat Rachel Tobac Does

Oct 24, 2019 6:54:14 AM By Stu Sjouwerman

It’s “disturbingly easy” to steal someone’s personal data using information gleaned from their social media accounts, according to Donie O’Sullivan at CNN. O’Sullivan met with Rachel ...

Credential Phishing With a Masked URL

Oct 23, 2019 5:55:49 AM By Stu Sjouwerman

Cofense warns of a phishing campaign going after credentials for the Stripe online payment platform. The attackers are sending emails purporting to be from Stripe Support, telling the ...

A New Strain of Tech Support Scam in the U.K.

Oct 22, 2019 6:54:11 AM By Stu Sjouwerman

The BBC reports a tech support scam that caused a British man, Doug Varey, to lose £4,000. The scam began when Mr. Varey saw an online ad for twelve years’ worth of computer security ...

Smishing and Carrier Impersonation

Oct 22, 2019 6:47:08 AM By Stu Sjouwerman

While most phishing campaigns involve email, SMS text messages are an ideal alternative for attackers, according to Paul Ducklin at Naked Security. Text messages are brief and uniform in ...

Can An Employee's Bad Conscience Be A Vulnerability?

Oct 21, 2019 7:06:27 AM By Stu Sjouwerman

It can be useful to remember that social engineering succeeds much better when its marks are stressed or hurried. That appears to be the case with an ongoing scam campaign that lays its ...

KnowBe4 Wins ComputingSecurity Award: Education and Training Provider of the Year

Oct 18, 2019 9:43:51 AM By Stu Sjouwerman

We are extremely pleased to announce we won the ComputingSecurity Award for Education and Training Provider of the Year. Here is the team accepting the award.

An Unusually Vile Bit of Social Engineering

Oct 18, 2019 6:59:20 AM By Stu Sjouwerman

A woman in Wales lost £1,000 to a scammer who posed as a police officer and threatened that she would lose her children if she didn’t pay the money within an hour, Wales Online reports. ...

A Lawyer's Look at "Big Game Phishing"

Oct 17, 2019 6:50:18 AM By Stu Sjouwerman

Ransomware attacks have increasingly been going after high-value data in order to extract larger ransoms from victims, according to the well-known law firm Cooley. This trend was ...

Security Awareness Training Blog

Social Engineering Blog

View Topics