Social Engineering is a Core Element of Nearly Every Cyber Attack

Jan 18, 2021 8:25:46 AM By Stu Sjouwerman

As organizations look to figure out where to strengthen their cybersecurity strategy, industry data provides guidance by pointing at one of the most common aspects of cyberattacks for ...

BEC Attacks Nearly Doubled in 2020

Dec 29, 2020 8:25:24 AM By Stu Sjouwerman

A new report from Barracuda Networks found that business email compromise (BEC) attacks have nearly doubled over the past year. These attacks made up 12% of all spear phishing attacks in ...

All 200 Million Office 365 Users at Risk by a New Global Spear Phishing Attack Spoofing Microsoft.com

Dec 14, 2020 8:20:30 AM By Stu Sjouwerman

A new spear phishing campaign appearing to come from a microsoft.com email address is targeting organizations in critical industries that use Office 365 for email to steal credentials.

Why Are You Being Phished?

Dec 8, 2020 4:05:42 PM By Roger Grimes

People often wonder, why are they being phished? Why are they being phished by a hacker in the first place? What does their organization have that some hacker decided they were noteworthy ...

Think Tanks Targeted by APT Actors

Dec 3, 2020 8:28:48 AM By Stu Sjouwerman

The US Cybersecurity and Infrastructure Security Agency (CISA) and the FBI have issued a joint advisory warning that nation-state advanced persistent threat (APT) actors are targeting US ...

[Heads-Up] A Hacker Is Selling Access To The Email Accounts Of Hundreds Of C-Level Executives

Nov 27, 2020 11:52:05 AM By Stu Sjouwerman

ZDNet's Zero Day column just reported one of the best reasons why you should step your users through new-school security awareness training yet:

Nearly Half of Spear Phishing Emails Bypass Security Filters

Nov 18, 2020 8:29:30 AM By Stu Sjouwerman

47% of payloadless phishing emails are able to bypass the most popular secure email gateways (SEGs), according to researchers at IronScales. These are emails that don’t contain malicious ...

Threat Actors Use Fake Sites for Espionage

Nov 10, 2020 8:21:20 AM By Stu Sjouwerman

Researchers at Volexity report that the Vietnamese threat actor OceanLotus has been using phony news and bogus activist websites to track users, or to trick them into downloading malware. ...

Middle Management is the Next Target for Phishing Attacks

Oct 22, 2020 8:23:11 AM By Stu Sjouwerman

Mid-level managers need to be particularly wary of targeted phishing attacks, according to Jenn Gast at INKY. Gast explains that criminals can easily conduct open-source research on a ...

Q3 2020 Top-Clicked Phishing Subjects: Coronavirus-Related Attacks Still Prevalent [INFOGRAPHIC]

Oct 15, 2020 8:00:00 AM By Stu Sjouwerman

KnowBe4's latest quarterly report on top-clicked phishing email subjects is here. These are broken down into three different categories: social media related subjects, general subjects, ...

[HEADS UP] Local Boston Town Falls Victim to a Phishing Attack

Oct 9, 2020 2:03:48 PM By Stu Sjouwerman

According to a local news source from Boston, the Town of Franklin recently became the next victim to a phishing attack, costing over $500K.

Healthcare Sector Still Sustains Phishing Campaigns

Oct 5, 2020 8:29:52 AM By Stu Sjouwerman

No one should take too seriously the high-minded things criminals sometimes say about how they’re restraining themselves during the pandemic, and that they’re going to avoid hitting ...

[Heads Up] Scam of The Week: Watch Out For Trump COVID Disinformation

Oct 3, 2020 10:27:59 AM By Stu Sjouwerman

The bad guys are going to have a ball with this one. President Trump announced that he and first lady Melania are COVID Positive. This event will be used in a variety of ways through ...

Beware of Fake Forwarded Phishes

Sep 17, 2020 3:29:13 PM By Roger Grimes

There are many specific, heightened challenges of spear phishing emails coming from compromised, trusted third parties. Trusted third-party phishing emails usually come from the ...

How to Become a Harder Target From Malicious Threat Actors

Sep 16, 2020 8:30:35 AM By Stu Sjouwerman

The US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has issued an advisory regarding threat actors associated with China’s Ministry of State ...

Business Email Compromise attacks increase 67% Leading to Fraud, Ransomware, and Data Breaches

Sep 14, 2020 10:34:13 AM By Stu Sjouwerman

Involved in 60% of cybersecurity insurance claims, Business Email Compromise (BEC) is growing in interest by cybercriminals as the initial malicious action as part of a larger attack.

Users Are Still Falling for Phishing Attacks. Want to Know Why?

Sep 8, 2020 7:00:00 AM By Stu Sjouwerman

With phishing and spear phishing so prevalent as the primary initial attack vector for malware, ransomware, and data breach attacks, why aren’t users getting wise.

Malicious Actors & State Actors: IT Admins Targeted with Fake Warning Notice

Sep 3, 2020 1:51:44 PM By Eric Howes

By Eric Howes, KnowBe4 Principal Lab Researcher. For several years both Google and Yahoo have been warning users about potential attacks on their accounts by "state actors." Indeed, ...

Threat Group DeathStalker Uses PowerShell-based Implant Powersing to Hack into Financial Services Firms

Sep 2, 2020 8:23:15 AM By Stu Sjouwerman

Apparently focused on more intelligence gathering than taking direct malicious action against the organizations they compromise, this attack is filled with ingenuity.

How to Defend Against Phishes Coming from Trusted Partners

Aug 31, 2020 9:54:51 AM By Roger Grimes

One of the most frequent concerns I hear from IT security practitioners and CISOs is the rise of phishing attacks coming from compromised trusted partners and contractors. The attackers ...

Security Awareness Training Blog

Spear Phishing Blog

View Topics