In April of 2024, the FBI released a warning that threat actors are sending SMS phishing, also known as smishing, messages to individuals pretending to be toll road operators messaging about unpaid toll fees. This kind of attack is a common one, and targets more than just individuals –— think the MGM resorts breach of 2023 that started with a phishing call to an IT professional and ended up costing the casino millions.

The cybercriminal threat actor FIN7 is launching spear phishing attacks against the automotive industry in the United States, according to researchers at BlackBerry. The threat actor identifies IT employees at automotive companies and attempts to trick them into downloading a Trojanized version of a free IP scanning tool. FIN7 is a Russia-based financially motivated threat actor that carries out a variety of cybercrime activities, including ransomware attacks.

Phishing isn’t what it used to be. Older, popular scams — like grammatically incorrect love letters and mysterious princes who just need a little money — have given way to sophisticated and dangerous social engineering attacks. In fact, phishing has become so prevalent and effective that it is one of the three primary ways hackers compromise credentials.

Our latest Phishing Threat Trends Report gives a comprehensive oversight into the types of phishing attacks and tactics organizations are facing so far in 2024, from the rise of ‘quishing’ and AI-powered phishing campaigns to the multi-channel approach. In this blog, we look at the key findings from the report, the industries and demographics most at risk, and the evolution of payloads from 2021 to date.

In the ever-evolving landscape of cyber threats, a subtle yet potent form of phishing has emerged — quishing, short for QR phishing. It has been 30 years since the invention of QR codes, yet quishing still poses a significant risk, especially after the era of COVID, when QR codes became the norm to check statuses, register for events, and even order food.

We are excited to announce that KnowBe4 has been named a leader in the Spring 2024 G2 Grid Report for Security Orchestration, Automation, and Response (SOAR) for the PhishER platform for the 12th consecutive quarter! The latest G2 Grid Report compares Security Orchestration, Automation, and Response (SOAR) Software vendors based on user reviews, customer satisfaction, popularity and market presence. Based on 278 G2 customer reviews, KnowBe4’s PhishER platform is the top ranked SOAR software.

To help secure sensitive data, emails that include health and care information sent to and from health and social care organisations are required to meet the Secure Email Standard (DCB1596). In this article, we discuss the standard, what it covers, and how to ensure your organisation fully meets its requirements.

Microsoft and Google were the most frequently impersonated brands in phishing attacks during the first quarter of 2024, according to a report from Check Point. Microsoft-themed phishing attempts accounted for 38% of attacks in Q1 2024, while Google came in at a distant second with 11%. Notably, phishing attacks impersonating vacation rental company Airbnb have spiked over the past few weeks.

The complex geopolitical landscape in Southeast Asia, influenced by People’s republic of China (PRC)’s strategic interests and territorial disputes, faces a prominent offensive threat from Chinese cyber operations. Southeast Asia’s economic and digital growth make it a prime target for cyber threats. In the past 8 months Cyberint has been able to identify a major large-scale campaign.