Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

KnowBe4

IRS Warns of Expected Wave of Tax Scams

Urging taxpayers and tax professionals to be vigilant, the Internal Revenue Service (IRS) provides some simple guidance on how to spot new scams aimed at being able to file fake tax returns. Apparently, there are actually three certainties in life: death, taxes and scams revolving around taxes. This according to the IRS, as part of their annual Security Summit. As with any major event that has the attention of millions of people simultaneously, tax season is no exception.

As the Holiday Season Ramps Up, So Do Scams Impersonating the U.S. Postal Service

Taking traditional “delayed package” scams up a notch, new phishing and smishing attack campaigns are leveraging freemium DNS services to avoid detection by security solutions. In some ways, the old adage “there’s nothing new under the sun” seems to be holding up. Take the latest USPS impersonation scam identified by domain monitoring vendor Bolster. It follows many of the same steps and uses similar tactics as any of the USPS scams I’ve covered before.

Brand New BazarCall Phishing Campaign Abuses Google Forms

A new BazarCall phishing campaign is using Google Forms to send phony invoices, according to researchers at Abnormal Security. “BazarCall/BazaCall attacks typically start with a phishing email designed to appear as a payment notification or subscription confirmation from a known brand,” Abnormal explains. “Within the email, recipients can find the amount to be charged—generally between $49.99 to $500 or more, depending on the subscription or service being impersonated.

Why Security Awareness Training Is Effective in Reducing Cybersecurity Risk

Security awareness training (SAT) works! A well-designed security awareness training campaign will significantly reduce cybersecurity risk. We can safely state that from over 13 years of experience with tens of thousands of customer organizations and hundreds of millions of customer interactions. We have the data to prove it. The average new customer comes to us with about a third of their workforce proven to click on any phishing email.

How To Fight Long-Game Social Engineering

CISA sent out a warning about a Russian advanced persistent threat (APT) called Star Blizzard warning about their long-game social engineering tactics. They create fake email and social media accounts, contact their potential victims, talk about a non-threatening subject to gain the victim’s confidence, and wait to launch their malicious attack. I call this long-game social engineering.

Undercover Threat: North Korean Operatives Infiltrate U.S. Companies Through Job Platforms

Researchers at Nisos warn that North Korean threat actors are impersonating skilled job seekers in order to obtain remote employment at US companies. “The identified personas claim to have highly sought-after technical skills and experience and often represent themselves as U.S.-based teleworkers, but Nisos investigators found indications that they are based abroad,” the researchers write.

Phishing Remains the Most Common Attack Technique, With Malicious URL Use Increasing 144%

Analysis of nearly a year’s worth of emails brings insight into exactly what kinds of malicious content are being used, who’s being impersonated, and who’s being targeted. I love data built on statistically relevant data samples, as the larger the data set, the more relevant and representative of an entire industry, country, or world it is. One such report is Hornetsecurity’s just released Cyber Security Report 2024.

Who's Calling? Spam, Scams and Wasted Time

First ever insight into those annoying spam calls provides enlightening detail into how many calls are there, where are they coming from, and how much time is wasted dealing with them. It’s sort of the new normal - never answer your phone if you don’t know the caller and let it go to voicemail. Why? Because of the proliferation of spam calls that nobody wants to receive. But just how bad is it? Global communications provider, Truecaller, released its’ first Monthly U.S.

Unwrapping the Threat: AI-Powered Phishing Attacks Take Center Stage in 2023 Holidays

As the holiday season approaches, so does the annual surge in online shopping and holiday package tracking. Unfortunately, this joyous time has also become a prime hunting ground for cybercriminals. In a concerning development, cybersecurity experts are sounding the alarm about a new weapon in the phishing attackers' arsenal: generative artificial intelligence (AI).