Microsoft was the most impersonated brand last quarter, accounting for a third (33%) of all brand phishing attempts in October, November, and December 2023, according to Check Point’s Brand Phishing Report for Q4 2023. Check Point notes, “The technology sector stood out as the most targeted industry overall, with Amazon securing second place with 9% and Google in third at 8%.

Trained security awareness professionals are aware that whatever someone says about themselves and personal experiences can be used against them in a social engineering scam. It is always good to share that message, at least once a year with co-workers, family members, and friends. I was reminded of this latest news story discussing a recent Instagram and TikTok trend. Basically, users are sent (or send) a “survey” that asks the receiver to describe themselves.

We are thrilled to announce that KnowBe4 has been named a leader in the latest G2 Grid Report that compares security awareness training (SAT) vendors based on user reviews, customer satisfaction, popularity and market presence. Based on 1,455 G2 customer reviews, KnowBe4’s KMSAT is the top ranked SAT platform with 98% of users rating 4 or 5 stars. The KMSAT platform received the highest G2 score among products in the SAT category with a score of 93 out of 100.

Verizon has published an article outlining various forms of social engineering attacks, including SMS/text messaging phishing (smishing), voice phishing (vishing), and spear phishing (targeted attacks, often via email). Verizon warns users to be on the lookout for the following red flags: Verizon concludes, “Remember, phishing is common and perpetrators are hoping to catch you with your guard down. But most companies will never proactively reach out to you.

Millions of data records and GBs of data from organizations around the globe were made freely available to cybercriminals to coincide with dates around Christmas of 2023. The pressure presented by cybercriminals threatening to publish data on the web is very compelling. After all, what company wants to be responsible for millions of everyday people potentially becoming victims of scams and cyber attacks? That’s right, not a single one.

For the first time ever, the U.S. Justice Department announced the existence of an FBI-developed decryption tool that has been used to save hundreds of victim organizations attacked by one of the most prolific ransomware variants in the world. In an announcement made last month, the Justice Department made the world aware of the existence of a decryption tool to be used by those organizations hit by Blackcat – also known as ALPHV or Noberus.

With over half of organizations being the victim of password-based attacks in the last year, new data sheds light on the risk of phishing attacks and the use of password-based credentials. If you don’t think credentials are a key element in cyber attacks, I refer you back to an article of mine from the middle of last year where 15 billion (with a ‘b’) credentials are on sale on the dark web.

Resecurity is tracking a cybercriminal gang called “GXC Team” that develops and sells tools to facilitate online banking theft and social engineering attacks. In November, the gang began selling a tool that uses artificial intelligence to craft fraudulent invoices for use in business email compromise (BEC) attacks. The invoices can hijack business transactions by replacing banking information contained in legitimate invoices.

Be careful of emails, SMS messages, or calls claiming to be from your bank about your card being used fraudulently. If this ever happens, call the phone number on the back of your card. This is a very common sort of social engineering fraud. Do not get scammed like TV host Andy Cohen did.

A flaw found by security researchers in the encryption software allows victim organizations to use “Black Basta Buster” to recover some of their data – but there’s a catch. We’ve all heard – for as long as ransomware attacks have been happening, you either need to pay the ransom or recover from backups. But a third option has now sprouted up on GitHub.