The U.S. FBI warns that scammers are attempting to trick law firms into transferring money as part of a phony debt collection scheme. The scam “may focus on any type of representation where a lawyer is hired to assist in the transfer or collection of money, e.g. real estate, collection matters, collaborative law agreements in family matters, etc.” The schemes typically take the following steps: The FBI outlines some recommendations to help organizations avoid falling for these scams.

AI is quickly becoming the basis for more cyber attacks, leading organizations to realize the risk it presents. A new report now shows that AI-enhanced cyber attacks are now the top concern of security leaders. I recently wrote about how prolific ransomware attacks are and what the outcomes were for those experiencing attacks. In the same report - GetApp’s 2024 Data Security report – I also found some interesting data around where AI sits in the list of concerns for cybersecurity leaders.

We are excited to announce that KnowBe4 has been named a leader in the Fall 2024 G2 Grid Report for Security Orchestration, Automation, and Response (SOAR) for the PhishER platform for the 14th consecutive quarter! The latest G2 Grid Report compares Security Orchestration, Automation, and Response (SOAR) Software vendors based on user reviews, customer satisfaction, popularity and market presence. Based on 318 G2 customer reviews, KnowBe4’s PhishER platform is the top ranked SOAR software.

New research shows that less malicious emails are getting past security scanners to the inbox, but also provides details about how phishing emails are becoming increasingly dangerous. So much of our training is centered around elevating the employee’s state of cyber awareness so that when they do come across that sketchy email or that too good to be true web page, they know better. But it’s only one part of a larger cybersecurity effort within an organization.

We are thrilled to announce that KnowBe4 has been named a leader in the latest G2 Grid Report that compares security awareness training (SAT) vendors based on user reviews, customer satisfaction, popularity and market presence. Have you ever wanted to peek behind the curtain of Security Awareness Training (SAT) platforms and see which one truly stands out? Well, you don't need to wonder anymore.

As ransomware becomes more pervasive, new data provides insight into how well organizations are responding and the attack vector being used most. We hear a lot about ransomware attacks, but I’m not seeing data about how well organizations fared, so I was glad to see GetApp’s 2024 Data Security report. According to the report, nearly half of U.S.

A partnering of European and Latin American law enforcement agencies took down the group behind the mobile phone credential theft of 483,000 victims. Someone steals a physical mobile phone and they need to unlock it. But to do so, you need the Apple ID or Google account of the phone’s owner. So, where do you go? Well, it used to be iServer – an automated phishing-as-a-service platform that could harvest credentials to unlock the stolen phones.

Depending on who you ask, between 70 and 90 percent of cyber risk has human error as the root cause. That's why Human Risk Management (HRM) is so important. And here is the next major advance in HRM. We're thrilled to announce the second version of our risk score architecture. It is so far advanced we have renamed—promoted really—our initial "Virtual Risk Officer" to SmartRisk Agent.

Cybercriminals have found a new way of leveraging legitimate web services for malicious purposes, this time with the benefit of added automation of campaign actions. Security researchers at CheckPoint have discovered a new phishing campaign that uses Google App Scripts – a scripting platform developed by Google that lets you integrate with and automate tasks across Google products – as the destination in malicious links.

The Trinity ransomware gang is launching double-extortion attacks against organizations in the healthcare sector, according to an advisory from the US Department of Health and Human Services (HHS). The ransomware gains initial access via phishing emails or software vulnerabilities. “Trinity ransomware was first seen around May 2024,” the advisory says.