KnowBe4 Blog

Social Engineering

Latest social engineering news, analysis, tactics the bad guys are using and what you can do to defend your organization.

North Korean Job Invitation

A friend of mine, John D., received this outreach on Threads (see below). At first, he thought it was the standard fake employer scam, but it is more than that. It is very likely part of ...

[Beware] Microsoft Teams 'Chat with Anyone' invites aren't always safe

Researchers at CyberProof warn that threat actors are launching phishing attacks via Microsoft Teams' “Chat with Anyone” feature, which lets external users send direct messages via email ...

Report: Phishing Has Surged 400% Year-Over-Year

Researchers at SpyCloud have observed a 400% year-over-year increase in successful phishing attacks, with a disproportionate number of attacks targeting corporate accounts.

Notorious Cybercrime Group is Now Targeting Zendesk Users

ReliaQuest warns that the cybercriminal collective “Scattered Lapsus$ Hunters” appears to be using social engineering attacks to target organizations’ Zendesk instances.

New Criminal Toolkit Abuses Browser Push Notifications

A new criminal platform called “Matrix Push C2” is using browser notifications to launch social engineering attacks, according to researchers at BlackFog.

One-Size-Fits-All Security Training Fits Nobody

Here's a curious thing about people, sometimes we crave the familiar, and sometimes we demand the novel.

Warning: Malicious Apps Are Impersonating AI Tools

Researchers at Appknox warn that malicious apps are impersonating popular AI tools like ChatGPT and DALL-E to trick users into installing malware on their mobile devices. Some of these ...

Microsoft Help Desk Phishing Attempt

I received this email the other day to my personal email account. It is a “Security Alert” from “Microsoft Helpdesk.” Oh, my!

LastPass Phishing Campaign Informs Users of Phony Death Notifications

A phishing campaign is targeting LastPass users with phony notifications informing users that someone has notified the company of the user’s death and is trying to gain access to their ...

Human Error is Still a Top Contributor to Cyberattacks

Human error remains the primary exploitation vector in mobile security incidents, according to Verizon’s latest Mobile Security Index (MSI).