A phishing campaign uses an email stating as a security awareness training from a well-known security company.
A phishing campaign uses an email stating as a security awareness training from a well-known security company.
Cofense discovered a new phishing campaign, in which threat actors send emails pretending to be from KnowBe4, reminding them to log in and take their phishing training.
The subject in the email is “Training Reminder: Due Date” and they ask the recipients to log in to their “Security Awareness Training” before it expires within 24 hours.
The most interesting fact of the phishing email is that it states that the link will not be available on a standard phishing training platform but an external site.
“The threat actors provide this warning to put victims at ease if they see a suspicious URL asking them to enter their credentials,” states BleepingComputer.
If the user clicks on the link, they will be directed to a URL using the Russia .ru TLD that asks them to log in with their Outlook credentials to begin the training.
As soon as they log in, they will be asked to enter information like their username, address, email, name, birthday and their password.
While having this personal information in their hand, it becomes easy for the criminals to use it in further targeted attacks such as BEC scams or to access a victim’s network.
Always read your email carefully, and find out if the content has grammar errors because cybercriminals often make plenty of mistakes like redundant words in capitals etc.
For the latest cyber threats and the latest hacking news please follow us on Facebook, Linkedin, and Twitter.
You may be interested in reading: How to Survive the COVID Time Cyber Security Threats?