The Insider reported that an apparently AI-generated photo faking an explosion near the Pentagon in D.C. went viral. The Arlington Police Department confirmed that the image and accompanying reports were fake. But when the news was shared by a reputable Twitter account on Monday, the market briefly dipped. The photo was spread by dozens of accounts on social media, including RT, a Russian state-media Twitter account with more than 3 million followers — but the post has since been deleted.

Food for thought as discussed on May 18, 2023, an article posted in The Australian Insurance Council: Banning paying a ransom to cyber hackers is counter-productive where Andrew Hall, the Chief Executive of the Insurance Council of Australia (ICA), stated that “attempts to ban businesses from paying ransoms for cyber attacks risks eroding trust and relationships with government.”

Google has recently introduced a set of new top-level domains: .dad, .esq, .prof, .phd, .nexus, .foo, .zip and.mov. They’re now available for purchase, and it’s the last two that are attracting attention due to the risk of abuse in phishing attacks. WIRED describes why.zip and.mov have raised concerns. “The two stand out because they are also common file extension names. The former, .zip, is ubiquitous for data compression, while.mov is a video format developed by Apple.

One of KnowBe4's long-term employees just send me a picture this morning of a postcard that sure looks like it's phishing, the good old-fashioned way: snail mail! Here is the picture and you tell me what all the red flags are! The domain does not work of course. The email seems to have disappeared into the bitbucket. For many obvious reasons i have not tried the QR code since I do not have a bulletproof sandbox installed on my smartphone where I can detonate malware. :-D.

For all the recent focus on artificial intelligence and its potential for deepfake impostures, the boiler room is still very much active in the criminal underworld. WIRED describes the ways in which people in many parts of the world (Ireland, France, Nigeria, and Mexico) have been recruited to work as freelancers for a company that seeks to profit from lonely people looking for love. This is how a typical operation runs.

A new report covering 13 global markets highlights phishing prevalence and its role in cyber attacks when compared to other types of attacks. It’s difficult for me not to stand on my “phishing is a problem” soapbox when there exists stories and reports demonstrating that phishing continues to dominate as a security problem that isn’t being properly addressed.

This new phishing toolkit is rising in popularity for its effective realism in impersonating not just Microsoft 365, but the victim organization as well. Security researchers at Cisco Talos have identified a new Microsoft 365 toolkit that actually creates a realistic login experience for the victim user, making it more dangerous to organizations.

We are thrilled to announce we have reached a milestone of 60,000 customer organizations globally, consisting of tens of millions of end users. KnowBe4 is a customer-driven organization. I truly believe that without excellent customer service, we do not exist, which is why I regularly emphasize the importance of fantastic customer service in our daily, organization-wide meetings.

The latest Phishing Activity Trends Report from the Anti-Phishing Working Group (APWG) shows an unrelenting upward trend in the number of phishing attacks per quarter. Despite the alarm that the growth in the number of phishing attacks should generate, this report sheds some light on what seems to be working for cybercriminals if you dig a little deeper. According to the report.

Midsize and enterprise organizations take notice: the average and median amount of a ransom payment and the median size of the victim organization are on the rise. If you’re at all concerned about ransomware (and you should be), the latest details from ransomware response vendor Coveware’s latest Quarterly Ransomware Report should have your attention.