Q3 2020 Top-Clicked Phishing Subjects: Coronavirus-Related Attacks Still Prevalent [INFOGRAPHIC]

Oct 15, 2020 8:00:00 AM By Stu Sjouwerman

KnowBe4's latest quarterly report on top-clicked phishing email subjects is here. These are broken down into three different categories: social media related subjects, general subjects, ...

[HEADS UP] Local Boston Town Falls Victim to a Phishing Attack

Oct 9, 2020 2:03:48 PM By Stu Sjouwerman

According to a local news source from Boston, the Town of Franklin recently became the next victim to a phishing attack, costing over $500K.

Healthcare Sector Still Sustains Phishing Campaigns

Oct 5, 2020 8:29:52 AM By Stu Sjouwerman

No one should take too seriously the high-minded things criminals sometimes say about how they’re restraining themselves during the pandemic, and that they’re going to avoid hitting ...

[Heads Up] Scam of The Week: Watch Out For Trump COVID Disinformation

Oct 3, 2020 10:27:59 AM By Stu Sjouwerman

The bad guys are going to have a ball with this one. President Trump announced that he and first lady Melania are COVID Positive. This event will be used in a variety of ways through ...

Beware of Fake Forwarded Phishes

Sep 17, 2020 3:29:13 PM By Roger Grimes

There are many specific, heightened challenges of spear phishing emails coming from compromised, trusted third parties. Trusted third-party phishing emails usually come from the ...

How to Become a Harder Target From Malicious Threat Actors

Sep 16, 2020 8:30:35 AM By Stu Sjouwerman

The US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has issued an advisory regarding threat actors associated with China’s Ministry of State ...

Business Email Compromise attacks increase 67% Leading to Fraud, Ransomware, and Data Breaches

Sep 14, 2020 10:34:13 AM By Stu Sjouwerman

Involved in 60% of cybersecurity insurance claims, Business Email Compromise (BEC) is growing in interest by cybercriminals as the initial malicious action as part of a larger attack.

Users Are Still Falling for Phishing Attacks. Want to Know Why?

Sep 8, 2020 7:00:00 AM By Stu Sjouwerman

With phishing and spear phishing so prevalent as the primary initial attack vector for malware, ransomware, and data breach attacks, why aren’t users getting wise.

Malicious Actors & State Actors: IT Admins Targeted with Fake Warning Notice

Sep 3, 2020 1:51:44 PM By Eric Howes

By Eric Howes, KnowBe4 Principal Lab Researcher. For several years both Google and Yahoo have been warning users about potential attacks on their accounts by "state actors." Indeed, ...

Threat Group DeathStalker Uses PowerShell-based Implant Powersing to Hack into Financial Services Firms

Sep 2, 2020 8:23:15 AM By Stu Sjouwerman

Apparently focused on more intelligence gathering than taking direct malicious action against the organizations they compromise, this attack is filled with ingenuity.

How to Defend Against Phishes Coming from Trusted Partners

Aug 31, 2020 9:54:51 AM By Roger Grimes

One of the most frequent concerns I hear from IT security practitioners and CISOs is the rise of phishing attacks coming from compromised trusted partners and contractors. The attackers ...

New Lazarus Spearphishing Attack on Crypto Organizations Uses a LinkedIn Job Posting as its Front

Aug 27, 2020 2:03:45 PM By Stu Sjouwerman

What better way to gain complete control over a crypto organization’s network that to target their sysadmin with a Job Posting and then spear phish them?

RedCurl APT Uses Spear Phishing to Conduct Corporate Espionage

Aug 18, 2020 8:26:36 AM By Stu Sjouwerman

A previously unobserved APT group called “RedCurl” has been launching cyber espionage campaigns against organizations around the world since at least 2018, according to researchers at ...

[HEADS UP] North Korean Cybercriminals Use Fake Recruitment Emails in Phishing Scam

Jul 31, 2020 7:00:00 AM By Stu Sjouwerman

North Korean hackers have been following that bit of social engineering wisdom to a T. According to researching from McAfee, a months long phishing campaign against aerospace and defense ...

Sawfish Spearphishing Attacks Continue, Prompting Password Resets on GitHub and DeepSource

Jul 29, 2020 11:34:04 AM By Stu Sjouwerman

A new wave of attacks on GitHub users via app developer DeepSource has raised concerns over access to user credentials and development code.

[Heads up] CISA And NSA Urge “Immediate Action” To Secure National Critical Infrastructure

Jul 25, 2020 11:05:53 AM By Stu Sjouwerman

The Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) have issued a joint advisory warning that foreign hackers are targeting systems that ...

[Heads Up] Scam of The Week: Watch Out For This COVID Class Action Workplace Lawsuit

Jul 14, 2020 12:44:52 PM By Stu Sjouwerman

Major Law Firm Fisher Philips warned that COVID-19 workplace lawsuits are increasing exponentially. Of the 283 recent COVID-19 workplace lawsuits tracked, 122 of them, or 43%, were filed ...

[Heads Up] The First-Ever Russian BEC Gang, Cosmic Lynx, Was Uncovered. They Spear Phish Multinational & Fortune 500 Senior Executives

Jul 7, 2020 10:13:48 AM By Stu Sjouwerman

“This is a historic shift to the global email threat landscape and portends new and sophisticated social engineering attacks that CISOs around the world must brace for now,” according to ...

Pyongyang's Phishing with Job Offers

Jun 22, 2020 8:27:28 AM By Stu Sjouwerman

An attack campaign with possible ties to North Korea’s Lazarus Group targeted aerospace and military companies in Europe and the Middle East with spear phishing attacks late last year, ...

[Heads Up] Ransomware Damage Skyrockets As Ransoms Grew 14 Times In Just 12 Months

May 27, 2020 11:25:48 AM By Stu Sjouwerman

Last year was highly profitable for ransomware actors but with the prices we've seen recently, 2020 is likely to surpass it as actors continue to target large companies in key industries. ...

Security Awareness Training Blog

Spear Phishing Blog

View Topics