Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    CyberheistNews Vol 15 #50 [NEW FEATURE] KnowBe4 Releases Deepfake Training to Combat AI Threats!

    KnowBe4 Team | Dec 16, 2025
    Cyberheist News
    CyberheistNews Vol 15 #50  |   December 16th, 2025

    [NEW FEATURE] KnowBe4 Releases Deepfake Training to Combat AI Threats!

    Deepfakes have officially moved from "someday risk" to "right now" threat. In the last 12 months, more than 62% of organizations have been targeted by a deepfake attack. That's a social engineering problem, because these scams are designed to bypass your tools and go straight to your users.

    That's why I'm excited to share this KnowBe4 launch: Deepfake Training.

    Here's what makes it different. Instead of using generic examples, you can create a deepfake training video featuring a leader from your own organization. Picture an employee getting a "video message from the CFO" asking for an urgent wire transfer or credentials.

    When people see how believable AI impersonation can be, using familiar faces and voices, it sticks. That's how you strengthen the human firewall and build a culture where 'think before you click' becomes muscle memory.

    This also helps you prove ROI. A highly personalized experience drives higher engagement and completion, which makes it easier to show measurable improvement and secure continued support for your security program.

    My recommendation: pilot it with finance and IT first, track completion, then expand across your organization.

    Availability is simple:

    • If you already have AIDA, it's available today.
    • Admins can access it under Training → Deepfakes.
    • Diamond-level customers can also try it via the AIDA Orchestration technical preview for three months.

    If deepfakes are on your 2026 risk list, don't wait for the first incident. Train for it now, before "the CEO" calls.

    Want the full walkthrough? Read the AIDA Deepfakes Support Guide, attend the webinar below, or both!
    https://support.knowbe4.com/hc/en-us/articles/46872935053459-Deepfakes-Training-Guide

    NEW! Deepfake Training: A Strategic Advantage Against Emerging Threats

    Deepfake attacks have become more compelling and realistic than ever before.

    Attackers are impersonating trusted leaders with convincing videos and voice, making it harder for employees to know what is real. Traditional awareness training is a good start, but nothing replaces first-hand exposure to real and synthetic content when it comes to telling deepfake videos from authentic ones.

    That's why we're introducing KnowBe4's Deepfake Training Content. This new capability transforms abstract risk into an unforgettable, high-engagement training moment that demonstrates how convincing AI-powered social engineering has become and delivers clear, actionable guidance on how to detect these attacks.

    How it Works

    KnowBe4 makes it easy to generate deepfake training tailored to your organization. In just minutes you can create hyper-realistic deepfakes that deliver scalable, high-impact training experiences.

    1. Choose a Leader to Feature - Select a CEO, executive or another recognizable leader your employees trust.
    2. Upload a Short Sample - Provide a brief video and audio clip of that person, then select a deepfake scenario to generate.
    3. Generate Your Custom Deepfake Training Experience - KnowBe4's system creates a hyper-realistic deepfake that your employees can experience within a controlled training environment. These deepfakes demonstrate how convincing AI impersonation can be and teach employees what cues to look out for.
    4. Deploy in Any Training Campaign - Add the deepfake module to existing training plans or use it as a high-impact standalone experience.
    5. Measure Improvement - Track completion, engagement and performance over time to show real behavior change.

    Why it Matters

    • Deepfake attacks are increasing fast. Employees need training that reflects today's threat landscape.
    • Personalized content captures attention. A custom deepfake training experience featuring someone your employees know drives higher engagement than generic material.
    • Security teams need measurable impact. Deepfake training drives exceptionally high completion rates, making it easy for security leaders to prove measurable behavior change.
    • It prepares your employees for what's coming next. Deepfakes are becoming a standard tool for social engineering, and your KnowBe4 training now reflects that reality.

    Join our upcoming webinar, NEW Deepfake Training: Empowering Your Users to Recognize What AI Can Fake, to learn how deepfake attacks work, how to train users to identify them and how to create your own custom deepfake training experience with KnowBe4.

    Date/Time: Wednesday, January 14 @ 2:00 PM (ET)

    Save My Spot:
    https://info.knowbe4.com/new-deepfake-training-na?partnerref=CHN1

    [Beware] Microsoft Teams 'Chat With Anyone' Invites Aren't Always Safe

    Researchers at CyberProof warn that threat actors are launching phishing attacks via Microsoft Teams' "Chat with Anyone" feature, which lets external users send direct messages via email addresses.

    "Microsoft Teams now allows users to send direct chat invitations to any email address, even if recipients aren't part of a Teams tenant," the researchers explain. "Users can start chats with external participants who join as guests governed by Entra B2B Guest policies."

    In this case, an attacker sent direct messages to Teams users, posing as IT support. Several employees received these messages and were tricked into joining remote support sessions using Windows Quick Assist.

    "The attacker then contacted the user as IT Support on the very next day, started a Teams call and tricked the user into initiating Quick Assist by sending a phishing URL, where the user needed to provide login credentials to download Quick Assist," CyberProof says. After the user entered their Microsoft credentials, the attacker installed an infostealer on their computer.

    The researchers warn that organizations should prepare for more of these attacks as the "Chat with Anyone" feature is fully released in the coming weeks. Users should be wary of unsolicited messages, even if they appear to come from known colleagues.

    "Since its rollout, the MS Teams feature, scheduled for early release in November 2025 and the full global rollout planned by January 2026, has raised concern about data exposure and compliance risks," the researchers write. "We believe this could leave the door open for a potential escalation in more malware and phishing attacks."

    Blog post with links:
    https://blog.knowbe4.com/social-engineering-campaign-targets-microsoft-teams-users

    [Live Demo] Stop Inbound and Outbound Email Threats

    With over 376 billion emails sent daily, your organization faces unprecedented risks from Business Email Compromise (BEC), misdirected sensitive communications and sophisticated AI-driven phishing attacks. The human element, involved in the vast majority of data breaches, contributes to email-based threats that cost organizations like yours millions annually.

    Discover how you can stop up to 97% more attacks and uncover 10x more potential data breaches in your Microsoft 365 environment before they happen.

    Join our live demo to see how KnowBe4's Cloud Email Security seamlessly integrates into Microsoft 365 to enhance its native protection while providing the tools needed to identify risky communications before they lead to breaches.

    See KnowBe4's Cloud Email Security in action as we show you how to:

    • Defend your organization against sophisticated inbound threats including BEC, supply chain attacks and ransomware
    • Prevent costly outbound mistakes with real-time alerts that stop misdirected emails and unauthorized file sharing
    • Enforce information barriers that keep you compliant with industry regulations
    • Detect and block data exfiltration attempts before sensitive information leaves your organization
    • Customize incident response workflows to match your security team's needs

    Strengthen your security posture with AI-native intelligent email security that reduces human-activated risk and safeguards your organization from inbound and outbound threats.

    Date/Time: TOMORROW, Wednesday, December 17 @ 1:00 PM (ET)

    Save My Spot:
    https://info.knowbe4.com/ces-demo-month3?partnerref=CHN2

    Report: Phishing Has Surged 400% Year-Over-Year

    Researchers at SpyCloud have observed a 400% year-over-year increase in successful phishing attacks, with a disproportionate number of attacks targeting corporate accounts.

    "The company tracked a 400% year-over-year increase in successfully phished identities, with nearly 40% of the 28+ million recaptured phished records containing a business email address – compared to just 11.5% in recaptured malware data," the researchers write.

    "The result is a warning to enterprises that their workforce is three times more likely to be targeted with phishing attacks than infostealer malware."

    The researchers warn that these findings show that attackers are increasingly using phishing as an initial access vector into corporate networks.

    "The findings reinforce a growing shift in cybercriminals' strategy: phishing is now the preferred gateway into enterprise environments, and SpyCloud sees this trend continuing in 2026," SpyCloud says.

    "Threat actors are using this access as a launchpad for follow-on attacks, with SpyCloud reporting in its 2025 Identity Threat Report that phishing is now the leading entry point for ransomware, accounting for 35% of all ransomware infections."

    Trevor Hilligoss, SpyCloud's Head of Security Research, said in a statement, "Phishing is now one of the most scalable tools cybercriminals use to breach enterprise environments.

    "Cybercrime enablement services, like phishing-as-a-service kits that automate convincing lures and adversary-in-the-middle tactics that capture MFA tokens and session cookies, put advanced tactics into the hands of low-skilled actors, making it easier than ever to compromise users at scale."

    AI-powered security awareness training can give your organization an essential layer of defense against phishing and other social engineering attacks. KnowBe4 empowers your workforce to make smarter security decisions every day.

    Over 70,000 organizations worldwide trust the KnowBe4 HRM+ platform to strengthen their security culture and reduce human risk.

    Blog post with links:
    https://blog.knowbe4.com/report-phishing-has-surged-400-year-over-year

    Intelligent Email Defense: Automate, Remediate and Train from One Platform

    It's not a matter of if but when AI-powered attacks will breach your email defenses. Phishing attacks have surged 1,265% since 2022. With 31% of IT teams taking over five hours to respond, every delayed minute keeps active threats in your users' inboxes.

    During this demo, you'll discover how PhishER Plus can help you regain control over rising AI phishing risks by:

    • NEW! Creating custom threat detection rules instantly using plain-English descriptions through AI-powered automation, no coding required
    • Accelerating response times with AI-powered automation that reduces manual email review by 85-99%
    • Providing comprehensive threat intelligence from a network of 13+ million global users and third-party integrations
    • Removing threats automatically from all mailboxes with PhishRIP before users can interact with them
    • Converting real attacks into targeted training opportunities with PhishFlip

    Discover how PhishER Plus combines AI and human intelligence to transform your users from security risks into your most valuable defenders.

    Date/Time: TOMORROW, Wednesday, December 17 @ 2:00 PM (ET)

    Save My Spot:
    https://info.knowbe4.com/phisher-demo-3?partnerref=CHN2


    Let's stay safe out there.

    Warm regards,

    Stu Sjouwerman, SACP
    Executive Chairman
    KnowBe4, Inc.

    PS: Check out the Fresh Content Updates from November 2025:
    https://blog.knowbe4.com/fresh-content-updates-from-november-2025

    PPS: [Favor Please? I'm hosting a webinar, forward to your CMO?] The Rise Of AI-Native Research Is Reshaping Business Decisions:
    https://www.marketingaiinstitute.com/native-ai-research-readingmindsai

    Quotes of the Week  
    "Property may be destroyed and money may lose its purchasing power; but, character, health, knowledge and good judgment will always be in demand under all conditions."
    - Roger Babson - Educator (1875 - 1967)
    "Try not to become a man of success, but rather try to become a man of value."
    - Albert Einstein - Physicist (1879 - 1955)
    Thanks for reading CyberheistNews

    You can read CyberheistNews online at our Blog
    https://blog.knowbe4.com/cyberheistnews-vol-15-50-new-feature-knowbe4-releases-deepfake-training-to-combat-ai-threats

    Security News

    Russian Spear Phishing Campaign Targets European Governments

    A Russian state-sponsored spear phishing campaign is targeting European and U.S. government workers, as well as individuals working on European foreign policy matters. The campaign impersonated European security conferences to breach users' Microsoft 365 accounts.

    "In October 2025, Volexity worked an incident where a user's Microsoft 365 account had been identified as compromised following the detection of anomalous login activity," the researchers write. "An investigation into the incident found the user had received a spear-phishing email leading to an OAuth authentication workflow.

    "The email had come from an account the user had recently corresponded with, and it was a continuation of an existing and legitimate thread related to the upcoming Belgrade Security Conference in Serbia.

    "The attackers establish conversations with the targeted users in order to build rapport before sending them anything malicious.

    "This method of phishing would further require the targeted user to send to the attacker a code generated by Microsoft that would be found in the URL bar of the user's browser," the researchers write. "There was no email correspondence indicating what to do with this code, so Volexity suspected the attacker was communicating with the victim outside of email.

    "Working with its customer, Volexity found the threat actor had been actively communicating with this targeted user on WhatsApp. The attacker had reached out under two different identities related to the Belgrade Security Conference, both of which had been compromised."

    Notably, the lures were so effective that victims forwarded the phishing emails to their colleagues. "Referencing upcoming events as a pretext to engage users has also proven effective," the researchers write. "Volexity has observed users directly forwarding event invitations to other users within their organization who may be suitable attendees.

    "Effectively, users help the attacker build a target list for both that particular phishing campaign and others in the future." KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 HRM+ platform to strengthen their security culture and reduce human risk.

    Volexity has the story:
    https://www.volexity.com/blog/2025/12/04/dangerous-invitations-russian-threat-actor-spoofs-european-security-events-in-targeted-phishing-attacks/

    Warning: Phishing Campaign Targets U.S. Universities

    Threat actors are using the open-source phishing framework Evilginx to target universities across the United States, according to researchers at Infoblox.

    The attackers have targeted at least 18 universities and educational entities since April 2025, using phishing pages that spoofed student single sign-on (SSO) portals.

    "In the campaigns we analyzed, students were targeted via personalized emails that contained TinyURL links," Infoblox says. "These short links redirected to phishing URLs dynamically generated from Evilginx phishlets—configuration files that define how the proxy interacts between the victim's device and the legitimate site.

    "Each phishing URL used a subdomain that impersonated the target brand and a URI with eight random alphabetic characters (case-insensitive). The URLs expired within 24 hours, a tactic to limit exposure and evade detection. When victims accessed the phishing URL, Evilginx proxied the legitimate login flows in real time, making traffic appear normal and bypassing MFA."

    Notably, Evilginx has built-in measures that help its attacks avoid detection, allowing unskilled threat actors to launch sophisticated, evasive phishing campaigns.

    "The low detection rates across the cybersecurity community highlight how effective Evilginx's evasion techniques have become," the researchers write. "Recent versions, such as Evilginx Pro, add features that make detection even harder.

    "These include default use of wildcard TLS certificates, bot filtering through advanced fingerprinting like JA4, decoy web pages, improved integration with DNS providers (e.g., Cloudflare, DigitalOcean), multi-domain support for phishlets and JavaScript obfuscation. As Evilginx continues to mature, identifying its phishing URLs will only become more challenging."

    AI-powered security awareness training gives your organization an essential layer of defense against phishing and other social engineering attacks. KnowBe4 empowers your workforce to make smarter security decisions every day.

    Infoblox has the story:
    https://blogs.infoblox.com/threat-intelligence/dns-uncovers-infrastructure-used-in-sso-attacks/

    What KnowBe4 Customers Say

    "Happy Friday! I wanted to send you a quick message to let you know that I've had a very positive experience working with Caveeta B. I joined my company 3 months ago, and Caveeta was so gracious in helping me onboard to KnowBe4. She was thorough, clear, patient, supportive and to top it off, genuinely personable and friendly to interact with. I just wanted to let you know how appreciative I am of Caveeta's partnership over the past few months."

    - W.C., Office Manager

    "Hey Bryan, it has been an exceptional experience thus far. I am sold on the system; and Alan A. was instrumental in getting us up and running, as well as a good foundational understanding of the system. Looking forward to reconnecting with him after we get some time with the system.

    "Appreciate you checking in, have a great weekend!"

    - M.C., IT Manager

    The 10 Interesting News Items This Week
    1. Maryland man sentenced for N. Korea IT worker scheme involving U.S. government contracts:
      https://therecord.media/north-korea-it-worker-scheme-maryland-man-sentenced

    2. Portugal updates cybercrime law to exempt security researchers:
      https://www.infosecurity-magazine.com/news/portugal-cybercrime-law-security/

    3. Poland arrests Ukrainians utilizing 'advanced' hacking equipment:
      https://www.bleepingcomputer.com/news/security/poland-arrests-ukrainians-utilizing-advanced-hacking-equipment/

    4. More than $2 billion in payments from 4,000 ransomware incidents reported to Treasury in recent years:
      https://therecord.media/fincen-treasury-2-billion-ransomware-payments-report

    5. Europol cracks down on violence-as-a-service network:
      https://www.europol.europa.eu/media-press/newsroom/news/operational-taskforce-grimm-193-arrests-in-6-months-tackling-violence-service-networks

    6. U.S. Authorities Shut Down Major China-Linked AI Tech Smuggling Network:
      https://www.justice.gov/opa/pr/us-authorities-shut-down-major-china-linked-ai-tech-smuggling-network

    7. Senators return to effort to boost cybersecurity for commercial satellite industry:
      https://therecord.media/commercial-satellite-industry-cybersecurity-cornyn-peters-bill-returns

    8. Pro-Russia Hacktivists Conduct Opportunistic Attacks Against U.S. and Global Critical Infrastructure:
      https://www.ic3.gov/CSA/2025/251209.pdf

    9. Parliamentary authorities warn of increased phishing attacks targeting UK MPs:
      https://www.theguardian.com/uk-news/2025/dec/11/uk-mps-facing-rising-number-of-phishing-attacks

    10. Crooks are using new DiCaprio movie as malware bait:
      https://www.bitdefender.com/en-us/blog/hotforsecurity/fake-leonardo-dicaprio-film-torrent-agent-tesla-malware

    Cyberheist 'Fave' Links
    This Week's Links We Like, Tips, Hints and Fun Stuff

     

    Return To KnowBe4 Security Blog

    Topics: Cybercrime, KnowBe4

    KnowBe4 Team

    ABOUT KNOWBE4 TEAM

    The KnowBe4 Team delivers timely, expert-driven insights on cybersecurity trends, emerging threat intelligence, human risk best practices, compliance strategies and industry research to help organizations strengthen their human defense layer and stay informed, resilient, and secure.

    Read more from KnowBe4 »

    Subscribe to Our Blog


    Security Awareness Training
    Blog RSS Feed
    Gartner Magic Quadrant
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest insights, trends and security news. Subscribe to CyberheistNews.