The use of lookalike domains has reached critical mass with not just one counterfeit website, but many. The second act of a phishing attack intent on tricking the victim into providing valuable information is the website they are taken to. It has to look and feel like the real thing. But it also needs to have a domain that doesn’t raise suspicion. Thus, the advent of lookalike domains.

The Telekopye toolkit allows scammers to create phishing websites, send fraudulent SMS messages and emails, and target popular Russian and non-Russian online marketplaces. While toolkits are nothing new, the frequency, speed of time-to-market, and the functionality available to the “every-scammer” is becoming truly frightening.

Identity and authentication management provider Okta has warned of social engineering attacks that are targeting IT workers in an attempt to gain administrative privileges within organizations’ networks.

I frequently write about authentication, including PKI, multi-factor authentication (MFA), password managers, FIDO, Open Authentication, and biometrics. I have written dozens of articles on LinkedIn and have presented during many KnowBe4 webinars about different authentication subjects. I have been professionally writing about authentication since at least November 2004, when I wrote my first ebook for Windows & IT Pro magazine on password attacks and security.

The US Cybersecurity and Infrastructure Security Agency (CISA) has warned that scammers are exploiting the recent hurricanes that have hit the US. Criminals frequently impersonate charities and related organizations following natural disasters.

Customization, Your Way: With Content Manager you can customize your training content preferences effortlessly. Adjust passing scores, infuse branded themes, allow test-outs, and say goodbye to content skipping. And here's the kicker – it's available across all subscription levels.

As Phishing as a Service (PhaaS) kits continue to evolve, news like recent attacks using the Greatness toolkit demonstrate how easy it is for novice attackers to access accounts despite multi-factor authentication (MFA) being enabled. We’ve seen plenty of adversary-in-the-middle (AiTM) attacks over the years, where the threat actor inserts themselves (in one form or another) into an existing communication, impersonating one of the parties in the communication.

British Intelligence has come up with a potentially very effective means to disrupt ransomware attacks, but there seems to still be a few kinks in the system. The phone rings at your U.K. office and it’s the U.K. government’s National Cyber Security Centre (NCSC) letting you know they’ve detected a potential cyberattack.

New data shows a massive uptick in attacks across all industries, but a particularly worrisome growth in interest in targeting the public sector – and the indicators of who’s responsible may surprise you.

While spam tends to be dismissed as being more an annoyance, new research shows that there is a very real and ever-present threat in emails that are marked as “spam”. I’ve written plenty about phishing attacks that target bank customers. It’s nothing new. What’s interesting is a recent article by security researchers at BitDefender where banking-related phishing attacks are considered spam.