#phishing

Security awareness tips, industry news, and product updates.

Close inspection of a web address on a laptop screen with a magnifying glass
Phishing & Social EngineeringThreat Intelligence

Lookalike Domains & Typosquatting: A Defense Guide

An 'rn' that reads as an 'm', an extra word, a wrong TLD — lookalike domains impersonate trusted brands in phishing and brand abuse. Here is how to spot them and the controls that blunt them.

David Kowalski·6/22/2026·7 min read
Finance team reviewing payment documents around a conference table
Security Awareness TipsThreat Intelligence

FBI IC3 2025: $20.9B Lost — and What Your Team Can Do

The FBI's 2025 Internet Crime Report tallies a record $20.9 billion in losses, with business email compromise close to the top. Here's what the numbers mean and the controls that actually help.

Sarah Mitchell·6/19/2026·4 min read
Security team reviewing breach data and charts on screens
Security Awareness TipsThreat Intelligence

Verizon DBIR 2026: The Human Element in 62% of Breaches

Verizon's 2026 Data Breach Investigations Report puts the human element in 62% of breaches and confirms attackers are pivoting to mobile and the browser. Here's what it means for your awareness program.

James Thornton·6/18/2026·4 min read
Security team reviewing a human risk analytics dashboard in an office
Security Awareness Tips

Human Risk Management: Beyond Awareness Training Alone

Annual click-through training checks a compliance box but rarely changes behavior. Human Risk Management replaces it with continuous, data-driven, personalized risk reduction. Here is what that shift looks like in practice.

James Thornton·6/13/2026·7 min read
Employee reporting a suspicious email with one click at their office desk
Security Awareness Tips

The Report Button: Your Highest-ROI Security Habit

One click on a report button can turn every employee into a sensor and shrink an attacker's dwell time to minutes. Here is how to build the process and the blameless culture that make reporting reflexive.

Thomas Eriksson·6/12/2026·7 min read
New employee being welcomed and onboarded on their first day in the office
Security Awareness Tips

Security Onboarding: Protect New Hires From Day One

New hires are eager to please, unfamiliar with the norms, and disproportionately targeted by BEC and impersonation scams. Their first 90 days are the riskiest. Here is how to build security into onboarding from day one.

Elena Vasquez·6/11/2026·7 min read
Person signing in to a laptop with a fingerprint instead of a password
Security Awareness Tips

Passkeys: The Phishing-Resistant MFA Worth Adopting

Passwords and even push-based MFA keep falling to phishing. Passkeys close the door structurally because there is no shared secret to steal. Here is why they work and how to roll them out.

Natalie Hoffmann·6/10/2026·7 min read
Football fans filling a packed stadium during a major tournament match
Phishing & Social EngineeringThreat Intelligence

FIFA World Cup 2026 Ticket Scams Hit the Workplace

The FBI is warning fans that criminals are spoofing FIFA's ticketing site ahead of the 2026 World Cup. Here is why event-themed lures land in employee inboxes and how to train your team to spot them.

Marcus Chen·6/7/2026·7 min read
Employee entering a login code on a laptop at an office desk
Phishing & Social EngineeringSecurity Awareness TipsThreat Intelligence

Kali365 Phishing Service Targets Microsoft 365 Accounts

The FBI is warning about Kali365, a phishing-as-a-service platform that hijacks Microsoft 365 accounts by abusing OAuth device code authentication to steal session tokens and bypass MFA. Here's how the attack works and how to defend your organization.

Marcus Chen·6/6/2026·9 min read
Driver checking a suspicious toll payment text message on a mobile phone
Phishing & Social EngineeringSecurity Awareness TipsThreat Intelligence

Road Toll Smishing Scams: Lessons from Operation Road Trap

Bitdefender's Operation Road Trap research shows how toll, parking, and traffic-fine smishing has scaled across countries. Here is what employees and security teams should watch for.

Elena Vasquez·5/15/2026·7 min read
Security team reviewing a suspicious compliance email on a laptop
Phishing & Social EngineeringSecurity Awareness TipsThreat Intelligence

Microsoft AiTM Phishing Alert: Lessons for US Teams

Microsoft is warning US organizations about a sophisticated code-of-conduct phishing campaign using PDFs, CAPTCHA gates, and AiTM token theft. Here is what security teams should watch for next.

Rachel Andersen·5/6/2026·7 min read
Marketing employee reviewing a social media account alert on a laptop
Phishing & Social EngineeringSecurity Awareness TipsThreat Intelligence

Facebook Phishing Through Google: What Teams Should Do

A new campaign abused Google AppSheet emails to steal Facebook business accounts at scale. Here is what your team should watch for and how empowsec helps build the right response habits.

Marcus Chen·5/5/2026·7 min read