|
By Haylea Reiner, MBA
For years, security teams have poured resources into locking down the inbox, and for good reason. Email has always been the front door for phishing and social engineering. Unfortunately, another door has been left wide open: Microsoft Teams. Threat actors are increasingly posing as IT helpdesk staff inside Microsoft Teams chats, exploiting the built-in trust employees place in their internal collaboration tools to steal credentials and take over accounts.
|
By Nick Gasse
There’s an important metric that can tell you exactly how vulnerable your high-risk employees and departments are to the next generation of social engineering. It’s not phishing click rates or training completion percentages. It probably doesn’t show up on any security dashboard. It’s the precise number of days it takes your team to respond to a live, context-specific threat with adequate training – training time to market.
|
By KnowBe4 Team
Every year, KnowBe4 analyzes millions of simulated phishing tests to measure one thing: how likely is your workforce to fall for a phishing attack? The results, published in the 2026 Phishing by Industry Benchmarking Report, paint a clear picture of where human risk concentrates — and what organizations can do about it. Here are the key findings security leaders need to know.
|
By Haylea Reiner, MBA
When we think about email security, our minds almost always jump to the inbound threats: the sophisticated phishing lures, the AI-generated business email compromise (BEC) attacks, and the malicious attachments knocking at the perimeter. But there is a silent, internal crisis happening on the way out of your organization. And chances are, you’re flying completely blind to it.
|
By KnowBe4 Team
The INC ransomware-as-a-service (RaaS) operation has grown into one of the premier ransomware offerings, claiming hundreds of victims in 2026 alone, according to researchers at Acronis. The attackers target a broad range of industries, but have recently prioritized entities in the legal sector.
|
By KnowBe4 Threat Lab
Lead Analysts: Jeewan Singh Jalal and Louis Tiley KnowBe4 ThreatLabs tracked phishing campaign activity from the first week of April through June 22, 2026 — covering the pre-tournament build-up, tournament kickoff and the first twelve days of live match play. Our latest intelligence adds crucial mid-tournament telemetry (June 15-22), a newly identified reply-back campaign track and additional infrastructure intelligence.
|
By Erich Kron
Cloud email has become the center of modern business. Regardless of your organization's industry or size, email connects employees, customers, vendors, executives, financial systems and critical business processes. Unfortunately, attackers know this too. For cybercriminals, compromising an email account is often like finding the master key to a building. Once inside, they may be able to steal information, impersonate employees, redirect payments, spread malware or gain access to other systems.
|
By Javvad Malik
I saw a venn diagram on social media. One circle is Shadow IT, one circle is Shadow AI, a substantial overlap, and the implicit message is that they are effectively the same challenge. They aren’t and that the assumption can lead to many problems. Looking back, shadow IT was like watching a crash in slow-motion. Employees using technology IT hadn't sanctioned. Personal Dropbox accounts. Unofficial Slack workspaces.
|
By KnowBe4 Team
A new report from SpyCloud has found that phishing attacks have exposed employee data at 86% of Fortune 100 companies over the past 12 months, with the technology, airline and automotive sectors being hit the hardest. The researchers also found that 78% of organizations experienced an increase in phishing volume over the past year. Additionally, 84% of respondents named AI-assisted phishing as their top concern, followed by business email compromise (BEC) attacks.
|
By Anna Collard
Remember when "social media safety" meant advising employees not to post pictures of their security badges or laptop screens? Back then, corporate risk and personal scrolling felt like two entirely separate worlds. Today, that boundary has completely dissolved. Social media has become a primary staging ground for sophisticated social engineering attacks targeting your workforce, and their families.
What is the single best piece of security advice? Pausing.
AI add-ons can automate everything from travel to banking—but are they opening backdoors to your private data? Here is what to look for before granting permissions.
What if you could build a complete, personalized security awareness course from a single prompt — in seconds? KnowBe4's AIDA Content Creation Agent does exactly that. Powered by our decade of AI innovation, it generates e-learning modules instantly — and goes far beyond basic content generation: Deepfake Face Injection — Insert real members of your team into training visuals using safe, consensual deepfake synthesis. Your people, your culture, your training.
Unexpected delivery texts are one of the most common smishing tricks out there. Here is why you should never click the link, and what to do instead!
Have you noticed a spike in sketchy job offers since starting your career search? Here is how automated bots turn your profile details against you, and the major red flags to watch out for.
POV: you finally found free cybersecurity training that doesn't make you want to fall asleep. CAPY offers bite-sized cyber safety lessons for your whole family. Under 4 minutes. No login. No cost. Just real tips that actually stick. Kids, parents, seniors — there's a path for everyone.
Creating urgency, triggering reactions, and bypassing logic—sound familiar? Whether it's a 3 a.m. meow or a fake security alert, the tactics are the same. Don't be the catch of the day. Learn to spot the "phish" before you click!
Think phishing is just a corporate email issue? Think again. Scammers use compromised accounts and lookalike profiles on social media to target you where you least expect it. Stay sharp, verify outside the app, and don't get reeled in by sketchy links!
A Flashy pop-up + a huge ransom demand = FAKE. "Your files aren't encrypted." It's theater designed to panic you into paying. Close the browser. Don't click and don't pay. Real ransomware doesn't need the dramatics. Fake ones do.
You just unboxed your child’s new device...now what? Default settings are built for clicks, not kids. Use these tips to set them up for safety success on day one.
|
By KnowBe4
Your employees are your largest attack surface. For too long the human component of cybersecurity has been neglected, leaving employees vulnerable and creating an easy target for cybercriminals to exploit. But your users want to do the right thing. Rather than a hurdle to be overcome, organizations need to think of their employee base as an asset, once properly equipped.
|
By KnowBe4
Want to read this bestseller? Register now for your free (instant 240-page PDF download) Cyberheist e-book and learn how to not be the next victim! Cyberheist was fully updated and written for the IT team and owners / management of Small and Medium Enterprise, which includes non-profits, local and state government, churches, and any other organization with more than a few thousand dollars in their bank operating account.
|
By KnowBe4
Hackers have become increasingly savvy at launching specialized attacks that target your users by tapping into their fears, hopes, and biases to get access to their data. Cybersecurity is not just a technological challenge, but increasingly a social and behavioral one. People, no matter their tech savviness, are often duped by social engineer scams, like CEO fraud, because of their familiarity and immediacy factors.
|
By KnowBe4
Spear phishing emails remain a top attack vector for cybercriminals, yet most companies still don't have an effective strategy to stop them. This enormous security gap leaves you open to business email compromise, session hijacking, ransomware and more. Don't get caught in a phishing net! Learn how to avoid having your end users take the bait. Roger Grimes, KnowBe4's Data-Driven Defense Evangelist, will cover techniques you can implement now to minimize cybersecurity risk due to phishing and social engineering attacks.
|
By KnowBe4
Anything but 100% completion on your employee compliance training is often more than simply frustrating. Compliance audits and regulatory requirements can make anything less than 100% feel like a failure. But, getting compliance on your compliance training is possible! Organizations have struggled for years with getting everyone to complete their required compliance training. This puts organizations at risk of more incidents occurring, fines or reputational damage if an employee is non-compliant.
|
By KnowBe4
All multi-factor authentication (MFA) mechanisms can be compromised, and in some cases, it's as simple as sending a traditional phishing email. Want to know how to defend against MFA hacks? This eBook covers over a dozen different ways to hack various types of MFA and how to defend against those attacks.
- July 2026 (9)
- June 2026 (39)
- May 2026 (39)
- April 2026 (28)
- March 2026 (50)
- February 2026 (26)
- January 2026 (22)
- December 2025 (31)
- November 2025 (31)
- October 2025 (42)
- September 2025 (26)
- August 2025 (24)
- July 2025 (17)
- June 2025 (26)
- May 2025 (24)
- April 2025 (31)
- March 2025 (31)
- February 2025 (24)
- January 2025 (24)
- December 2024 (21)
- November 2024 (29)
- October 2024 (37)
- September 2024 (27)
- August 2024 (33)
- July 2024 (41)
- June 2024 (32)
- May 2024 (38)
- April 2024 (34)
- March 2024 (38)
- February 2024 (42)
- January 2024 (46)
- December 2023 (41)
- November 2023 (33)
- October 2023 (45)
- September 2023 (49)
- August 2023 (49)
- July 2023 (42)
- June 2023 (45)
- May 2023 (48)
- April 2023 (44)
- March 2023 (14)
- February 2023 (3)
- January 2023 (4)
- December 2022 (3)
KnowBe4 is the provider of the world's largest integrated platform for security awareness training combined with simulated phishing attacks. Join our more than 56,000 customers to manage the continuing problem of social engineering.
The KnowBe4 platform is user-friendly and intuitive, and powerful. It was built to scale for busy IT pros that have 16 other fires to put out. Our goal was to design a full-featured, yet easy-to-use platform.
Find Out How Effective Our Security Awareness Training Is:
- Train Your Users: The world’s largest library of security awareness training content. Automated training campaigns with scheduled reminder emails.
- Phish Your Users: Best-in-class, fully automated simulated phishing attacks, thousands of templates with unlimited usage, and community phishing templates.
- See The Results: Enterprise-strength reporting, showing stats and graphs for both training and phishing, ready for management. Show the great ROI!
Human Error. Conquered.