Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The Hidden Cost of "Free" Gifts: How Survey Scams Are Evolving to Steal Financial Data

You've probably seen them: enticing online offers for free products from brands you trust, like a Yeti beach chair from Costco or an emergency car kit from AAA. All you have to do is fill out a quick survey and pay a small "shipping fee" of a couple of dollars. But what seems like a harmless transaction is actually a sophisticated scam with a high price tag. The KnowBe4 Threat Lab team has been tracking a phishing campaign where scammers use these fake surveys to steal financial data.

The Technical Sophistication Behind the "Free" Gift Scam: Evading Detection

Below is an example of a sophisticated survey scam phishing email that KnowBe4’s Threat Lab team has been monitoring as discussed in “The Hidden Cost of "Free" Gifts: How Survey Scams Are Evolving to Steal Financial Data”. As discussed in our previous blog, the human element is a critical part of the fake survey scam. However, the campaign's success is largely due to its advanced technical infrastructure.

Threat Actors Are Increasingly Abusing Generative AI Tools for Phishing

Cybercriminals are increasingly abusing AI-assisted website generators to quickly craft convincing phishing sites, according to researchers at Palo Alto Networks’ Unit 42. In many cases, even when these services have safeguards in place to prevent abuse, criminals are able to bypass these measures in order to create phishing pages. Unit 42 tested a popular website generator to see how easy it was to spin up a spoofed website.

Warning: Social Engineering is a Growing Threat to the Industrial Sector

Social engineering attacks are a growing threat to operational technology (OT) environments, Industrial Cyber reports. Cyberattacks against these environments can be particularly damaging since they have the potential to cause physical disruptions.

The Attacker's Playbook: A Technical Analysis of Quishing and Encrypted SVG Payloads Used in HR Impersonation Phishing Attacks

In this series, we first explored the psychology that makes HR phishing so effective, then showcased the real-world lures attackers use to trick your employees. Now, we’re going under the hood to answer the critical question: How do these attacks technically bypass security defenses?

New Homoglyph Phishing Campaign Impersonates Booking.com

Attackers are using a Japanese Unicode character to replace forward slashes in phishing URLs, BleepingComputer reports. The attacks impersonate Booking.com with phony emails that inform users of a new login to their account. “The attack, first spotted by security researcher JAMESWT, abuses the Japanese hiragana character “ん” (Unicode U+3093), which closely resembles the Latin letter sequence '/n' or '/~', at a quick glance in some fonts,” BleepingComputer explains.

Phishing Attacks Target Brokerage Accounts to Manipulate Stock Prices

Professional phishing groups are targeting customers of brokerage firms in order to manipulate stock prices, KrebsOnSecurity reports. The attackers use a technique called “ramp and dump” to profit from the scheme. “With ramp and dump, the scammers do not need to rely on ginning up interest in the targeted stock on social media,” Krebs explains.

From Human Resources to Human Risk: Why HR is the Perfect Department for Cybercriminals to Impersonate

We all trust HR - or at least we do when we think they’re emailing us! Data from KnowBe4’s HRM+ platform reveals that phishing simulations with internal subject lines dominate the list of most-clicked templates in 2025. Out of the top 10 templates people interacted with between May 1 - June 30, 2025, an incredible 98.4% had subject lines relating to internal topics - with HR mentioned in 45.2%.

That 'Urgent Payroll Update' Email is a Trap: A Look at the Latest HR Phishing Tactics

Phishing attacks impersonating HR are on the rise. Between January 1 – March 31, 2025, our Threat Lab team observed an 120% surge in these attacks reported via our PhishER product versus the previous three months. These attacks have remained at elevated levels since peaking in February. (FYI in our previous post, we explored the psychology that makes these attacks so effective.

How KnowBe4 Defend Seamlessly Integrates with Microsoft Defender for Office 365 Quarantine-And Why SOC Teams Should Care

Modern Security Operations Centers (SOCs) face a persistent challenge: managing threats across multiple security tools while maintaining operational efficiency. While single-vendor approaches offer simplicity, they often leave gaps that sophisticated attackers are quick to exploit. The reality is that today's threat landscape demands a more nuanced approach—one that combines the best capabilities from multiple specialized vendors.