National Cyber Security Centre Notes UK Law Firms are Main Target for Cybercriminals

Jun 28, 2023 11:16:46 AM By Stu Sjouwerman

In the most recent Cyber Threat report from the National Cyber Security Centre (NCSC), it is clear that UK law firms are a gold mine for cybercriminals.

Russian Threat Actor Targets Ukraine Government And Military With Spear Phishing Emails

Jun 27, 2023 8:54:25 AM By Stu Sjouwerman

Russia’s APT28 (also known as “Fancy Bear” or “BlueDelta”) is using spear phishing to compromise Ukrainian government and military entities, according to researchers at Recorded Future. ...

New Cryptocurrency Coinbase Phishing Campaign Uses Social Engineering

Jun 26, 2023 9:12:26 AM By Stu Sjouwerman

A phishing campaign is impersonating cryptocurrency trading platform Coinbase, Tech.co reports. Crypto trader Jacob Canfield described the campaign in a Twitter thread, stating that the ...

Want To Stop All Scams? Here Is How!

Jun 23, 2023 2:25:52 PM By Roger Grimes

There are many ways to be socially engineered and phished, including email, websites, social media, SMS texts, chat services, phone calls and in-person. These days, it is hard to sell ...

Extremely Persistent Threat Group Demonstrates a Strong Understanding of the Modern Incident Response Frameworks

Jun 22, 2023 9:44:42 AM By Stu Sjouwerman

A threat actor tracked as “Muddled Libra” is using the 0ktapus phishing kit to gain initial access to organizations in the software automation, business process outsourcing, ...

Is AI-Generated Disinformation on Steroids About To Become a Real Threat for Organizations?

Jun 21, 2023 9:49:39 AM By Martin Kraemer

A researcher was alerted to a fake website containing fake quotes that appeared to be written by himself. The age of generative artificial intelligence (AI) toying with our public ...

KnowBe4’s 2023 Phishing By Industry Benchmarking Report Reveals that 33.2% of Untrained End Users Will Fail a Phishing Test

Jun 20, 2023 9:07:42 AM By Joanna Huisman

Cybercriminals still know that the easiest way to successfully infiltrate an organization is through its people.

New Social Engineering Tactic Uses PDFs in Business Email Compromise Attacks

Jun 20, 2023 8:46:31 AM By Stu Sjouwerman

Legitimate services can be exploited in social engineering, including business email compromise (BEC) attacks.  Researchers at Check Point describe one current BEC campaign that’s using ...

New Survey Shows 40% of People Searching for a Job Encountered a Scam

Jun 15, 2023 8:47:35 AM By Stu Sjouwerman

A survey by PasswordManager.com has found that one in three job seekers has fallen for, and responded to, fake job scams over the past two years.

[INFOGRAPHIC] KnowBe4’s SecurityCoach: Top 10 Risky Behaviors

Jun 14, 2023 4:08:25 PM By Stu Sjouwerman

Real-time security coaching helps improve your organization’s security culture by enabling real-time coaching of your users in response to risky security behaviors.

France Accuses Russia of Spoofing Foreign Ministry Website in ‘Typosquatting’ Campaign

Jun 14, 2023 2:10:17 PM By Stu Sjouwerman

The French government is taking a stand against the increasing threat of digital warfare. Publicly accusing Russia of conducting an extensive online manipulation campaign, France is ...

Half of U.K. Companies Have Been a Cyber Attack Victim in the Last Three Years

Jun 12, 2023 9:18:26 AM By Stu Sjouwerman

New data puts the spotlight on the human factor in U.K. cyber attacks, where users continue to be susceptible to social engineering, creating the so-called “Human Risk.”

How NK's Cyber Criminals Stole 3 Billion in Crypto To Fund Their Nukes

Jun 11, 2023 8:01:42 PM By Stu Sjouwerman

The Wall Street Journal today revealed that North Korea's hacker army managed to steal a huge amount of cryptocurrency amounting to $3 billion to finance their nuclear program. US ...

Verizon: Stolen Credentials Tops the List of Threat Actions in Breaches

Jun 9, 2023 10:00:18 AM By Stu Sjouwerman

Verizon's DBIR always has a lot of information to unpack, so I’ll continue my review by covering how stolen credentials play a role in attacks.

Verizon: Pretexting Now Tops Phishing in Social Engineering Attacks

Jun 8, 2023 7:10:48 AM By Stu Sjouwerman

The New Verizon DBIR is a treasure trove of data. As we covered here, and here, people are one of the most common factors contributing to successful data breaches. Let’s drill down a bit ...

Why Do You Still Need Security Awareness Training If You Use Phishing-Resistant MFA?

Jun 7, 2023 10:21:14 AM By Roger Grimes

For years, KnowBe4 has been a long-time proponent of everyone using PHISHING-RESISTANT multi-factor authentication (MFA) whenever possible.

North Korean Phishing Campaign Targeting Think Tanks, Academics and Media

Jun 6, 2023 6:28:01 PM By Stu Sjouwerman

The U.S. and South Korean governments have issued a joint advisory outlining a North Korean phishing campaign, The Register reports. The threat actor, known as “Kimsuky,” is targeting ...

[FBI ALERT] Skin Deep: The Scary Reality of New Deepfake-Enabled Sextortion

Jun 5, 2023 6:27:52 PM By Stu Sjouwerman

Today, the FBI alerted warned against a new even more disgusting type of sextortion. Previously, these schemes involved coerced or stolen digital material, but now some criminals are ...

Verification and Deepfake Fraud Trends in North America

Jun 2, 2023 3:14:33 PM By Stu Sjouwerman

Forced verification fraud and deepfake fraud are on the rise in the US and Canada, according to researchers at Sumsub. Pavel Goldman-Kalaydin, Sumsub’s Head of AI & ML, explains that ...

[Wake-Up Call] It's Time to Focus More on Preventing Spear Phishing

May 31, 2023 2:22:02 PM By Roger Grimes

Fighting spear phishing attacks is the single best thing you can do to prevent breaches.

Security Awareness Training Blog

Social Engineering Blog

View Topics