Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    CyberheistNews Vol 15 #22 If I Had Only 20 Seconds To Teach People How To Avoid Scams

    Cyberheist News
    CyberheistNews Vol 15 #22 | June 3rd, 2025

    If I Had Only 20 Seconds To Teach People How To Avoid ScamsStu Sjouwerman SACP

    By Roger Grimes

    Human risk management involves more than security awareness training, but training is a huge part of the mix.

    How else are you going to best fight a cyberthreat that is responsible for 70% to 90% of all successful data breaches after already bypassing every technical cybersecurity defense you threw in its way?

    At some point, a harmful scam message will make it to a user, and that user will be called upon to evaluate its importance and treatment. The user will be called upon to make a security decision that will impact their future happiness and maybe that of their employer.

    Training people how to recognize and mitigate scams as effectively as possible isn't easy, especially in today's world, where anyone can use an AI-enabled deepfake to try to scam anyone else.

    But if I had only 20 seconds to teach the most effective anti-scam lesson to everyone I could, it would be this:

    If a message arrives unexpectedly and asks you to do something you've never done before (at least for that requestor), research the request using an alternate trusted method before performing.

    Here's how I represent that statement graphically:

    [CONTINUED] at the KnowBe4 Blog
    https://blog.knowbe4.com/if-i-had-only-20-seconds-to-teach-people-how-to-avoid-scams

    [Live Demo] How KnowBe4's AI Agents Reduce Your Security Risk

    Phishing and social engineering remain the #1 cyber threat to your organization, with 68% of data breaches caused by human error. Your security team needs an easy way to deliver personalized training—this is precisely what our AI Defense Agents provide.

    Join us for a demo showcasing KnowBe4's leading-edge approach to human risk management with agentic AI that delivers personalized, relevant and adaptive security awareness training with minimal admin effort.

    See how easy it is to train and phish your users with KnowBe4's HRM+ platform:

    • SmartRisk Agent™ - Generate actionable data and metrics to help you lower your organization's human risk score
    • Template Generator Agent - Create convincing phishing simulations, including Callback Phishing, that mimic real threats. The Recommended Landing Pages Agent then suggests appropriate landing pages based on AI-generated templates
    • Automated Training Agent - Automatically identify high-risk users and assign personalized training
    • Knowledge Refresher Agent and Policy Quizzes Agent - Reinforce your security program and organizational policies.
    • Enhanced Executive Reports - Track user activities, visualize trends, download widgets and improve searching/sorting to provide deeper insights and streamline collaboration

    See how these powerful AI-driven features work together to dramatically reduce your organization's risk while saving your team valuable time.

    Date/Time: TOMORROW, Wednesday, June 4, @ 2:00 PM (ET)

    Save My Spot:
    https://info.knowbe4.com/en-us/kmsat-demo-3?partnerref=CHN2

    Capital One Customers Targeted by Credential Harvesting Phishing Campaign

    The KnowBe4 Threat Lab has identified an active phishing campaign impersonating Capital One. The attacks are sent from compromised email accounts to help them evade reputation-based detection by native security and secure email gateways (SEGs).

    Once delivered, the attacks use stylized HTML templates and brand impersonation to trick the recipient into believing the communications are legitimate.

    Recipients who fall victim are directed to credential-harvesting websites. At this point, the campaign demonstrates significant infrastructure scale, operating across multiple domains with the capacity to rotate them to evade signature-based detection.

    This campaign also ties into wider attack trends we've observed recently, including attackers prioritizing compromise of legitimate email accounts over the creation of fake ones; social engineering becoming more sophisticated and contextual; and the growing gap of what legacy detection tools can identify.

    Phishing Attack Summary

    • Vector and type: Email phishing
    • Primary techniques: Brand impersonation, credential harvesting websites
    • Targets: Organizations globally
    • Platform: Microsoft 365
    • Bypassed native and SEG detection: Yes

    [CONTINUED] at KnowBe4 blog with links and screenshots
    https://blog.knowbe4.com/capital-one-customers-targeted-by-credential-harvesting-phishing-campaign

    [WEBINAR] Outsmart the Evolving Threat: Your Guide to Beating 2025's Phishing Epidemic

    Your organization is facing a social engineering assault. Phishing emails evading secure email gateways surged 47% in 2024, while 33% of employees routinely interact with these threats. KnowBe4's analysis of 14.5 million users across 62,400 organizations reveals this perfect storm of sophisticated attacks targeting your most vulnerable assets—your people.

    Join us for this webinar where KnowBe4's Erich Kron, Security Awareness Advocate, and Jack Chapman, SVP of Threat Intelligence, will reveal powerful findings from our 2025 phishing research, including which industries face the highest risks and how cybercriminals are reviving old threats with dangerous new techniques.

    They'll share insights, including:

    • The sneaky tricks cybercriminals use to evade detection by SEGs and native security
    • Latest insights on how AI is transforming the phishing landscape (and how you can fight fire with fire!)
    • Detailed industry risk profiles—and whether yours is vulnerable
    • The shocking reasons your employees are more vulnerable than ever in 2025
    • Battle-tested strategies to fortify your human firewall against these evolving threats

    Don't become another phishing statistic! Join us to learn how to transform your organization from easy prey into an impenetrable fortress, and earn CPE for attending!

    Date/Time: Wednesday, June 11, @ 2:00 PM (ET)

    Save My Spot:
    https://info.knowbe4.com/pib-webinar-2025?partnerref=CHN

    Scammers Exploit Uncertainty Surrounding U.S. Tariffs

    Cybersecurity experts are warning that scammers are taking advantage of uncertainty surrounding the U.S. administration's tariff policies, CNBC reports.

    Fraudsters may send texts or emails posing as retailers, delivery companies or government agencies, requesting tariff-related payments for purchases and deliveries.

    James Lee, president of the Identity Theft Resource Center, noted that scammers frequently take advantage of new government policies to launch phishing attacks. In this case, Lee says the crooks "will use the fact that people don't know a lot about tariffs."

    Researchers at BforeAI observed over 300 tariff-themed potential phishing sites during the first three months of 2025.

    "PreCrime Labs analysis projects additional increases in domain registrations as the fallout from these political actions gains momentum," the researchers wrote. "This presents various avenues for exploitation, such as the rise of fraudulent businesses providing tariff-related services or educational resources on the new legislation.

    "Therefore, it is strongly recommended that users thoroughly inspect newly formed consultancies, agencies, and cryptocurrency coins before engaging with them, as they may be designed to harvest personal information, further trapping users in financial scams."

    Theresa Payton, CEO of Fortalice Solutions, told CNBC that users should be wary of emails, texts or social media ads that convey a sense of urgency related to tariff payments. Additionally, users should be on the lookout for phishing sites that impersonate retailers or government agencies.

    Another red flag is a lack of transparency, according to Payton. Legitimate sellers will clearly label tariff-related fees.

    New-school security awareness training can enable your employees to keep up with the evolving threat landscape. KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

    Blog post with links:
    https://blog.knowbe4.com/scammers-exploit-uncertainty-surrounding-us-tariffs

    [Whitepaper]: Overcoming the Phishing Tsunami: A Game-Changing Strategy for Stopping Phishing

    Phishing attacks often feel like an unrelenting tsunami, flooding your organization with a never-ending deluge of threats.

    Traditional methods for analyzing and mitigating phishing attacks are manual, repetitive and error-prone. These workflows slow the speed at which you can mitigate a spear-phishing attack and increase the risk that phishing presents to your organization.

    There is a better way. One that shifts the burden off your IT team to a unique, AI-powered system built from the ground up to automate the identification and prioritization of phishing threats and uses crowdsourced threat intelligence to improve accuracy and speed time to mitigation.

    Read this whitepaper to learn:

    • The five major challenges you'll face when manually reporting, analyzing and mitigating phishing attacks
    • How the right SOAR product can provide finely-tuned, automated identification and mitigation of phishing emails
    • Why the right SOAR product is crucial to your organization's incident response plan and supercharging your existing email security filters

    Download Now:
    https://info.knowbe4.com/wp-overcoming-the-phishing-tsunami-chn

    We're No. 1 in Top 10 Social Engineering Blogs!

    We received this:

    "My name is Anuj Agarwal. I'm the Founder of FeedSpot. I would like to personally congratulate you as your blog KnowBe4 Security Awareness Training Blog » Social Engineering has been selected by our panelist as one of the Top 10 Social Engineering Blogs on the web."

    Here is the whole Top 10 list:
    https://bloggers.feedspot.com/social_engineering_blogs/

    Thanks very much and keep up the good fight!


    Let's stay safe out there.

    Warm Regards,

    Stu Sjouwerman, SACP
    Founder and Exec Chair
    KnowBe4, Inc.

    PS: Perry Carpenter has been playing with Google DeepMind's Veo3. It's scary good! Here is a 3-minute video he produced. Oh boy...:
    https://www.linkedin.com/posts/perrycarpenter_veo3-cybersecurity-deepfake-ugcPost-7334260205490249728-rvJj?

    PPS: Your KnowBe4 Fresh Content Updates from May 2025:
    https://blog.knowbe4.com/knowbe4-content-updates-may-2025

    Quotes of the Week  
    "The world is a very malleable place. If you know what you want, and go for it with maximum energy and drive and passion, the world will often reconfigure itself around you much more quickly and easily than you would think."
    - Marc Andreessen - born 9 July 1971. An American entrepreneur, investor and software engineer
    "You must be the change you want to see in the world."
    - Mahatma Gandhi - Leader (1869 - 1948)
    Thanks for reading CyberheistNews

    You can read CyberheistNews online at our Blog
    https://blog.knowbe4.com/cyberheistnews-vol-15-22-if-i-had-only-20-seconds-to-teach-people-how-to-avoid-scams

    Security News

    French Users Targeted by Major Phishing Campaign

    Researchers at IBM Security warn that a major phishing campaign is targeting users in France, incorporating leaked personal data to make the emails more convincing. IBM has observed seventeen waves of the campaign since March 2024, and at least 160,000 victims have clicked on the phishing link.

    "The phishing emails inform recipients that their Amazon Prime subscription will automatically renew at a cost of 480 Euros per year," IBM explains. "The emails contain personalized information such as the victim's IBAN, BIC, first name, last name, and full address, making the message appear authentic.

    "The email includes a 'cancel subscription' button, which links to a convincing replica of the Amazon Prime login page. When users enter their credentials in an attempt to cancel the subscription, their information is captured by the attackers. Some variations of the attack ask for the victims' full credit card information."

    The campaign is ongoing and has increased in intensity over the past few weeks. Nearly all the victims are located in France. "At the end of March and early April, the phishing campaigns were already very effective, drawing hundreds or even thousands of victims per hour to malicious sites," the researchers write.

    "However, visits to these phishing sites were still sporadic, with large gaps in activity between campaigns. As April 8th approached, we began to observe constant traffic to the phishing sites. Fast forward to the end of April, we began seeing the move to constant hourly traffic.

    "The traffic is so predictable during the time period between April 22 and April 24 that the night and day differences can be seen, with spikes in the morning and low traffic at night."

    IBM concludes, "This spear phishing campaign illustrates a dangerous evolution in cyber crime, leveraging leaked personal data to increase the efficacy of social engineering tactics. As the digital landscape continues to evolve, it's crucial for both organizations and individuals to stay vigilant and adapt their security measures accordingly."

    IBM has the story:
    https://www.ibm.com/think/x-force/spear-fishing-campaign-targets-users-in-france

    Extortion Gang Targets Law Firms with Social Engineering Attacks

    The FBI is warning that the Silent Ransom Group (SRG) is targeting law firms with IT-themed social engineering attacks and callback phishing emails.

    SRG is a cybercriminal gang that demands ransoms in exchange for not leaking stolen data. "SRG has been operating since 2022 and has primarily been known for their callback phishing emails, masquerading as well-known businesses who offer subscription plans," the FBI explains. "Typically, SRG phishing emails purport to charge small amounts of 'subscription fees' as they are less likely to generate immediate suspicion.

    In order to cancel the fake subscription, the victim is instructed to call the threat actor who emails a link which downloads remote access software giving the actor access to their device or system. Once the actor has established persistent access, the threat actors will seek to identify valuable information to exfiltrate, before sending a ransom notice to the victim threatening to share the victim's data if a ransom is not paid."

    The gang recently began impersonating IT departments to target employees, a technique that the FBI says "has been highly effective and resulted in multiple compromises."

    "As of March 2025, SRG was observed changing their tactics to calling individuals and posing as an employee from their company's IT department," the Bureau writes. "SRG will then direct the employee to join a remote access session, either through an email sent to them, or navigating to a web page. Once the employee grants access to their device, they are told that work needs to be done overnight."

    The FBI offers the following advice to help organizations thwart these attacks:

    • "Conduct staff training on resisting phishing attempts
    • Develop and communicate policies surrounding when and how company's IT will authenticate themselves with employees
    • Maintain regular backups of company data
    • Implement two-factor authentication for all employees"

    The FBI has the story:
    https://www.ic3.gov/CSA/2025/250523.pdf

    What KnowBe4 Customers Say

    "I wanted to let you know what a positive experience it has been having Eniz as my sales rep and especially Travis as my KnowBe4 customer success / implementation partner.

    "Travis is very knowledgeable, flexible and explains everything very clearly. Always keen and ready to help, he's been instrumental in getting my organization launched with your SAT. I appreciate that he understands that given the many demands in a start-upish company.

    "Knowing Travis is only an email or call away gives me the confidence that my organization will make the most of the subscription and that we will be well trained.

    "I would also like to say that while I haven't yet had the chance to learn all about intricacies of the platform, it does seem impressive and the whole process of responding to my request for a sales call (where I wasn't pushed to some third-party provider and received a demo and had all my questions answered) and getting the signing done with Eniz was great.

    "I look forward to working further with Travis and implementing more of your platform and content."

    - J.L., Director of Finance

    The 10 Interesting News Items This Week
    1. New Russian cyberespionage actor targets Europe and the US with spear phishing attacks:
      https://therecord.media/laundry-bear-void-blizzard-russia-hackers-netherlands

    2. How Can We Solve the 'Insane' Deepfake Video Problem?:
      https://www.bankinfosecurity.com/blogs/how-we-solve-insane-deepfake-video-problem-p-3877

    3. Mandiant flags fake AI video generators laced with malware:
      https://cyberscoop.com/ai-video-generator-malware-mandiant-unc5032-vietnam/

    4. Russian Laundry Bear cyberspies linked to Dutch Police hack:
      https://www.bleepingcomputer.com/news/security/russian-void-blizzard-cyberspies-linked-to-dutch-police-breach/

    5. Police takes down AVCheck site used by cybercriminals to scan malware:
      https://www.bleepingcomputer.com/news/security/police-takes-down-avcheck-antivirus-site-used-by-cybercriminals/

    6. New Browser Exploit Technique Undermines Phishing Detection:
      https://www.infosecurity-magazine.com/news/browser-exploit-technique/

    7. Chinese APT41 Exploits Google Calendar for Malware Command-and-Control Operations:
      https://thehackernews.com/2025/05/chinese-apt41-exploits-google-calendar.html

    8. More than 90% of top email domains are vulnerable to spoofing:
      https://www.infosecurity-magazine.com/news/infosec2025-email-domains-spoofing/

    9. Fake Bitdefender website used to spread infostealer malware:
      https://therecord.media/fake-bitdefender-website-venomrat-infostealer

    10. FBI reveals infrastructure and IoCs associated with investment scams:
      https://www.ic3.gov/CSA/2025/250529.pdf

    Cyberheist 'Fave' Links
    This Week's Links We Like, Tips, Hints and Fun Stuff

     

    Return To KnowBe4 Security Blog

    Topics: Cybercrime, KnowBe4

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the Founder and Executive Chairman of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe to Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews