News

Security awareness tips, industry news, and product updates.

Person signing in to a laptop with a fingerprint instead of a password
Security Awareness Tips

Passkeys: The Phishing-Resistant MFA Worth Adopting

Passwords and even push-based MFA keep falling to phishing. Passkeys close the door structurally because there is no shared secret to steal. Here is why they work and how to roll them out.

Natalie Hoffmann·6/10/2026·7 min read
Finance professional on a video conference call reviewing a wire transfer request
Phishing & Social EngineeringThreat Intelligence

Deepfake CEO Fraud: When a Fake Voice Authorizes the Wire

Attackers can now clone an executive's voice from three seconds of audio and join a video call as a synthetic colleague. Here's how deepfake CEO fraud works and how to stop it.

Marcus Chen·6/9/2026·5 min read
Editing a localized phishing email template
Phishing & Social EngineeringProduct Updates

Phishing Template Library: Localization and Import/Export

empowsec's phishing template library lets you build, translate, import, and export realistic lure emails - so every simulation reaches each employee in their own language.

Marcus Chen·6/9/2026·7 min read
Employee following an on-screen instruction prompt on their computer
Phishing & Social EngineeringThreat Intelligence

ClickFix Attacks: The Fake CAPTCHA That Installs Malware

ClickFix tricks users into pasting a malicious command into their own computer under the guise of a CAPTCHA or 'fix this error' prompt. Here's why it bypasses your filters and how to train against it.

Elena Vasquez·6/8/2026·4 min read
Security team reviewing a phishing simulation dashboard
Phishing & Social EngineeringProduct Updates

Phishing Simulation Campaigns: A Complete Overview

Phishing simulation campaigns let you measure and improve how your employees respond to real-world lures - safely, at scale, and with the data to prove it is working.

Marcus Chen·6/7/2026·6 min read
Football fans filling a packed stadium during a major tournament match
Phishing & Social EngineeringThreat Intelligence

FIFA World Cup 2026 Ticket Scams Hit the Workplace

The FBI is warning fans that criminals are spoofing FIFA's ticketing site ahead of the 2026 World Cup. Here is why event-themed lures land in employee inboxes and how to train your team to spot them.

Marcus Chen·6/7/2026·7 min read
Employee entering a login code on a laptop at an office desk
Phishing & Social EngineeringSecurity Awareness TipsThreat Intelligence

Kali365 Phishing Service Targets Microsoft 365 Accounts

The FBI is warning about Kali365, a phishing-as-a-service platform that hijacks Microsoft 365 accounts by abusing OAuth device code authentication to steal session tokens and bypass MFA. Here's how the attack works and how to defend your organization.

Marcus Chen·6/6/2026·9 min read
Security analyst reviewing a suspicious device login code on a laptop
Phishing & Social EngineeringSecurity Awareness TipsThreat Intelligence

Device Code Phishing Is Moving Into Criminal Toolkits

Device code phishing is spreading through criminal toolkits and phishing-as-a-service offerings. Here is how the Microsoft 365 attack works and what teams should do next.

Marcus Chen·5/15/2026·8 min read
Driver checking a suspicious toll payment text message on a mobile phone
Phishing & Social EngineeringSecurity Awareness TipsThreat Intelligence

Road Toll Smishing Scams: Lessons from Operation Road Trap

Bitdefender's Operation Road Trap research shows how toll, parking, and traffic-fine smishing has scaled across countries. Here is what employees and security teams should watch for.

Elena Vasquez·5/15/2026·7 min read
Security team reviewing a suspicious compliance email on a laptop
Phishing & Social EngineeringSecurity Awareness TipsThreat Intelligence

Microsoft AiTM Phishing Alert: Lessons for US Teams

Microsoft is warning US organizations about a sophisticated code-of-conduct phishing campaign using PDFs, CAPTCHA gates, and AiTM token theft. Here is what security teams should watch for next.

Rachel Andersen·5/6/2026·7 min read
Marketing employee reviewing a social media account alert on a laptop
Phishing & Social EngineeringSecurity Awareness TipsThreat Intelligence

Facebook Phishing Through Google: What Teams Should Do

A new campaign abused Google AppSheet emails to steal Facebook business accounts at scale. Here is what your team should watch for and how empowsec helps build the right response habits.

Marcus Chen·5/5/2026·7 min read
Employee reporting a suspicious email from their Gmail inbox
Security Awareness TipsProduct Updates

Report Suspicious Emails Directly from Gmail with empowsec

Our new Google Workspace add-on lets employees report phishing, spam, and suspicious emails with one click — right from their Gmail inbox. Here's how it works and why it matters.

Marcus Chen·5/2/2026·6 min read