Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Threat actors are increasingly using generative AI tools to improve their phishing campaigns, according to a new report from Zscaler. “AI represents a paradigm shift in the realm of cybercrime, particularly for phishing scams,” the researchers write. “With the aid of generative AI, cybercriminals can rapidly construct highly convincing phishing campaigns that surpass previous benchmarks of complexity and effectiveness.

Hackers love to trick employees into wiring them money using emails that look legitimate. Here's what you need to know about business email compromise scams.

Managing email services efficiently is essential for any organization’s productivity and security in the modern digital workspace. This blog will discuss Exchange Online administrative tasks and how to streamline their management process. Before we discuss how to manage Exchange Online, we’ll explore its history.

Attackers predominantly use phishing attacks to steal and misuse user identities. A global Statista study on employee-reported malicious emails revealed that in the first quarter of 2023, 58.2% of malicious emails were credential theft attacks, 40.5% were impersonation attacks, and 1.3% were malware deliveries. Phishing attacks create a sense of urgency and panic in users, who, as a result, easily fall victim to them.

New data shows phishing attacks are deviating from the traditional focus on technology and retail sectors and are opting for alternate brands with widespread appeal. I’ve covered plenty of reports about brand impersonation and it’s almost always Microsoft on top of the list. And with good reason: access to a Microsoft 365 account can give attackers a foothold and potential access to data, applications and more.

In April of 2024, the FBI released a warning that threat actors are sending SMS phishing, also known as smishing, messages to individuals pretending to be toll road operators messaging about unpaid toll fees. This kind of attack is a common one, and targets more than just individuals –— think the MGM resorts breach of 2023 that started with a phishing call to an IT professional and ended up costing the casino millions.

The cybercriminal threat actor FIN7 is launching spear phishing attacks against the automotive industry in the United States, according to researchers at BlackBerry. The threat actor identifies IT employees at automotive companies and attempts to trick them into downloading a Trojanized version of a free IP scanning tool. FIN7 is a Russia-based financially motivated threat actor that carries out a variety of cybercrime activities, including ransomware attacks.

Phishing isn’t what it used to be. Older, popular scams — like grammatically incorrect love letters and mysterious princes who just need a little money — have given way to sophisticated and dangerous social engineering attacks. In fact, phishing has become so prevalent and effective that it is one of the three primary ways hackers compromise credentials.

In the ever-evolving landscape of cyber threats, a subtle yet potent form of phishing has emerged — quishing, short for QR phishing. It has been 30 years since the invention of QR codes, yet quishing still poses a significant risk, especially after the era of COVID, when QR codes became the norm to check statuses, register for events, and even order food.

We are excited to announce that KnowBe4 has been named a leader in the Spring 2024 G2 Grid Report for Security Orchestration, Automation, and Response (SOAR) for the PhishER platform for the 12th consecutive quarter! The latest G2 Grid Report compares Security Orchestration, Automation, and Response (SOAR) Software vendors based on user reviews, customer satisfaction, popularity and market presence. Based on 278 G2 customer reviews, KnowBe4’s PhishER platform is the top ranked SOAR software.