Security Awareness Training Blog

Spear Phishing Blog

Learn about current spear phishing attacks, specific examples, and techniques the bad guys are currently using so your users don't fall for these attacks.

View Topics

[Live Demo] Boost Your Email Security Defense - PhishER Plus to the Rescue!

Aug 11, 2023 4:09:16 PM By Stu Sjouwerman
Now there's a super easy way to keep malicious emails away from all your users through the power of KnowBe4 PhishER Plus!
Continue Reading

New AI Bot FraudGPT Hits the Dark Web to Aid Advanced Cybercriminals

Aug 6, 2023 10:59:01 AM By Stu Sjouwerman
Assisting with the creation of spear phishing emails, cracking tools and verifying stolen credit cards, the existence of FraudGPT will only accelerate the frequency and efficiency of ...
Continue Reading

CISA Discovers Spear Phishing and Valid Account Compromise Are the Most Common Attack Vectors

Jul 31, 2023 11:00:38 AM By Stu Sjouwerman
The US Cybersecurity and Infrastructure Security Agency (CISA) has found that compromise of valid accounts and spear phishing attacks were the two most common vectors of initial access in ...
Continue Reading

How KnowBe4 Can Help You Fight Spear Phishing

Jul 27, 2023 8:00:00 AM By Roger Grimes
This blog was co-written by KnowBe4's Data-Driven Defense Evangelist Roger A. Grimes and Chief Learning Officer John Just. Social engineering is involved in 70% to 90% of successful ...
Continue Reading

Iranian Threat Actor Charming Kitten Using Spear Phishing Campaign To Distribute Malware

Jun 29, 2023 1:18:11 PM By Stu Sjouwerman
The Iranian threat actor Charming Kitten is launching sophisticated spear phishing attacks to distribute a new version of its POWERSTAR malware, according to researchers at Volexity.
Continue Reading

Russian Threat Actor Targets Ukraine Government And Military With Spear Phishing Emails

Jun 27, 2023 8:54:25 AM By Stu Sjouwerman
Russia’s APT28 (also known as “Fancy Bear” or “BlueDelta”) is using spear phishing to compromise Ukrainian government and military entities, according to researchers at Recorded Future. ...
Continue Reading

KnowBe4’s 2023 Phishing By Industry Benchmarking Report Reveals that 33.2% of Untrained End Users Will Fail a Phishing Test

Jun 20, 2023 9:07:42 AM By Joanna Huisman
Cybercriminals still know that the easiest way to successfully infiltrate an organization is through its people.
Continue Reading

Organizations Take 43 Hours to Detect an Spear Phishing Cyber Attack

Jun 12, 2023 9:17:52 AM By Stu Sjouwerman
New data makes it crystal clear that spear phishing is a real problem… and organizations may not properly be prepared to detect and address it.
Continue Reading

Why Do You Still Need Security Awareness Training If You Use Phishing-Resistant MFA?

Jun 7, 2023 10:21:14 AM By Roger Grimes
For years, KnowBe4 has been a long-time proponent of everyone using PHISHING-RESISTANT multi-factor authentication (MFA) whenever possible.
Continue Reading

North Korean Phishing Campaign Targeting Think Tanks, Academics and Media

Jun 6, 2023 6:28:01 PM By Stu Sjouwerman
The U.S. and South Korean governments have issued a joint advisory outlining a North Korean phishing campaign, The Register reports. The threat actor, known as “Kimsuky,” is targeting ...
Continue Reading

[Wake-Up Call] It's Time to Focus More on Preventing Spear Phishing

May 31, 2023 2:22:02 PM By Roger Grimes
Fighting spear phishing attacks is the single best thing you can do to prevent breaches.
Continue Reading

Spear Phishing Trends in 2023

May 31, 2023 8:57:49 AM By Stu Sjouwerman
50% of organizations surveyed were victims of spear phishing attacks in the last twelve months, according to a new report from Barracuda. The report also found that, on average, ...
Continue Reading

Recently Exposed North Korean Threat Actor APT43 Targeting Organizations With Spear Phishing

Apr 6, 2023 9:02:08 AM By Stu Sjouwerman
Google’s Threat Analysis Group (TAG) has published a report describing the activities of “ARCHIPELAGO,” a subset of the North Korean state-sponsored threat actor APT43. ARCHIPELAGO’s ...
Continue Reading

[HEADS UP] Russian Hacker Group Launches New Spear Phishing Campaign with Targets in US and Europe

Feb 16, 2023 9:17:56 AM By Stu Sjouwerman
The Russian-based hacking group Seaborgium is at it again with increased spear phishing attacks targeting US and European countries in the last year.
Continue Reading

Reddit is the Latest Victim of a Spear Phishing Attack Resulting in a Data Breach

Feb 15, 2023 8:18:20 AM By Stu Sjouwerman
There is a lot to learn from Reddit's recent data breach, which was the result of an employee falling for a “sophisticated and highly-targeted” spear phishing attack.
Continue Reading

Spear Phishing Attacks Increase 127% as Use of Impersonation Skyrockets

Feb 9, 2023 8:51:35 AM By Stu Sjouwerman
Impersonation of users, domains, and brands is on the rise, as is the use of malicious links, in response to security vendors improving their ability to detect malicious attachments.
Continue Reading

Russian and Iranian Spear Phishing Campaigns are Running Rampant in the UK

Jan 30, 2023 8:52:25 AM By Stu Sjouwerman
The UK’s National Cyber Security Centre (NCSC) has described two separate spear phishing campaigns launched by Russia’s SEABORGIUM threat actor and Iran’s TA453 (also known as Charming ...
Continue Reading

Spear Phishing Campaign Targets Southeast Asia

Jan 17, 2023 8:52:07 AM By Stu Sjouwerman
Researchers at Group-IB are tracking a previously unknown threat actor dubbed “Dark Pink” that’s using spear phishing attacks to target government, military, and religious organizations. ...
Continue Reading

Using AI Large Language Models to Craft Phishing Campaigns

Jan 4, 2023 8:41:49 AM By Stu Sjouwerman
Researchers at Check Point have shown that Large Language Models (LLMs) like OpenAI’s ChatGPT can be used to generate entire infection chains, beginning with a spear phishing email. The ...
Continue Reading

[Heads Up] Giant LastPass Breach Can Supercharge Spear Phishing Attacks

Dec 28, 2022 2:27:36 PM By Roger Grimes
By Roger A. Grimes. KnowBe4 recommends that everyone use a password manager to create and use strong passwords as a part of their password policy ...
Continue Reading
Subscribe

Search Our Blog


Cybersecurity Awareness Month Free Resource Kit

Subscribe To Our Blog

Posts By Topic

View all

Get the latest about social engineering

Subscribe to CyberheistNews