CyberheistNews Vol 16 #03 [New Scam] AI Deepfakes Religious Leaders to Steal Your Money

[New Scam] AI Deepfakes Religious Leaders to Steal Your Money

WIRED reports that deepfake attacks are impersonating pastors and other religious figures in order to scam congregations.

Father Mike Schmitz, a priest who hosts a podcast with over a million followers, warned his listeners in November that AI-generated deepfakes were using his likeness to fraudulently solicit donations.

WIRED found that several of these fake accounts are still active on TikTok, and they appear when a TikTok user searches for Father Schmitz. Rachel Tobac, CEO of SocialProof Security, told WIRED that these phony videos can be very convincing.

"If you're on TikTok or Reels, they've probably come across your For You page," Tobac said. "This is somebody who looks to be a priest, who's wearing all of the garments, who's standing up on a pulpit or a stage or whatever you'd call it, and they seem to be speaking to their congregation in a very enthusiastic way."

Similar scams have targeted congregations across the world, exploiting the fact that real religious figures often ask for donations for legitimate causes. "Pastors and ministers in Birmingham, Alabama, Freeport, New York, and Fort Lauderdale, Florida, have warned their followers about AI scams impersonating them in the form of DMs, calls and deepfakes," WIRED says.

"Alan Beauchamp, a pastor in the Ozarks, said his Facebook account was hacked, with the hacker posting a fake, possibly AI-generated certificate for cryptocurrency trading with Beauchamp's name on it and a caption urging his congregants to join him.

"A megachurch in the Philippines received reports of deepfakes featuring its pastors. An evangelical church in Nebraska issued an AI 'scammer alert' on Facebook, and one churchgoer in the comments posted a screenshot of texts purported to be from one of their pastors."

Why are we still surprised by the new lows cybercrime sinks to?

Train your users to recognize the red flags.

Blog post with links:
https://blog.knowbe4.com/ai-deepfakes-are-impersonating-religious-figures-to-solicit-donations

Automate Incident Response and Maximize SOC Efficiency

Your security team is drowning in alerts, and threats are slipping through. With SOC teams facing more than 4,400 daily alerts, over 40% of which are false positives, the vast majority of organizations are drowning in backlogs.

The result? A five-hour response gap that leaves threats sitting in your employee inboxes for days or weeks. Stop gambling with unaddressed alerts with technology that collapses the time-to-containment from hours to minutes.

During this demo, you'll discover how PhishER Plus eliminates the dangerous vulnerability window between threat detection and containment by combining triple-validated threat intelligence with human oversight:

• Accelerate response times with AI-powered automation that allows you to code custom rules in plain-English, reduce manual email review time by up to 99%, and helps eliminate alert fatigue
• Leverage unmatched threat intelligence from 13+ million global users, KnowBe4 Threat Research Lab, and leading third-party integrations, catching zero-day threats that bypass SEGs and other ICES defenses
• Maintain complete visibility and control over AI-driven decisions with PhishML Insights, eliminating black-box uncertainty and reducing false positives that waste $875K annually
• Remove threats automatically from all mailboxes with Global PhishRIP before users can interact with them, eliminating the risk of employees otherwise falling for the attack
• Convert real attacks into targeted training opportunities with PhishFlip, reinforcing vigilant employee behavior while showcasing security awareness gaps

Discover how PhishER Plus customers achieve 650% ROI within the first year. Transform your employees into your most valuable defenders while meeting SOC efficiency targets.

Date/Time: TOMORROW Wednesday, January 21 @ 2:00 PM (ET)

Save My Spot:
https://info.knowbe4.com/phisher-demo-1?partnerref=CHN2

Last Week My New Book 'Agent-Powered Growth' Was Published

It made it immediately #1 on the Best Sellers in Business Sales list. :-D

While marketing leaders still struggle with their 120-tool stacks and four-hour daily administrative burdens, autonomous agents are delivering results that once seemed impossible: 24/7 operation, infinite personalization and strategic decision-making without human intervention.

This book, published by Wiley, lays out a practical and secure roadmap to deploying marketing agents that deliver measurable results. The goal is to help as many marketers as possible and the IT teams that support them to ride the agentic wave, and not be crushed by it.

Companies implementing these systems report average revenue increases of 15.8% and productivity improvements of 22.6%. And while Gartner also predicts that 30% of GenAI projects will be abandoned after proof of concept by the end of 2025, autonomous agents will succeed where generative AI fails.

The difference lies in understanding what makes an agent truly autonomous, and how to implement (a team of) them correctly and securely.

That difference is found in Agent-Powered Growth!

Get your copy today wherever books and ebooks are sold, and tell your marketing team to get theirs... 👍 😊 👍

This page is dedicated to the book and has links to the major booksellers:
https://stu-sjouwerman.multiscreensite.com/

[Live Demo] Stop Inbound and Outbound Email Threats

With over 376 billion emails sent daily, your organization faces unprecedented risks from Business Email Compromise (BEC), misdirected sensitive communications and sophisticated AI-driven phishing attacks.

The human element, involved in the vast majority of data breaches, contributes to email-based threats that cost organizations like yours millions annually. Discover how you can stop up to 97% more attacks and uncover 10x more potential data breaches in your Microsoft 365 environment before they happen.

Join our live demo to see how KnowBe4's Cloud Email Security seamlessly integrates into Microsoft 365 to enhance its native protection while providing the tools needed to identify risky communications before they lead to breaches.

See KnowBe4's Cloud Email Security in action as we show you how to:

• Defend your organization against sophisticated inbound threats including BEC, supply chain attacks and ransomware
• Prevent costly outbound mistakes with real-time alerts that stop misdirected emails and unauthorized file sharing
• Enforce information barriers that keep you compliant with industry regulations
• Detect and block data exfiltration attempts before sensitive information leaves your organization
• Customize incident response workflows to match your security team's needs

Strengthen your security posture with AI-native intelligent email security that reduces human-activated risk and safeguards your organization from inbound and outbound threats.

Date/Time: TOMORROW Wednesday, January 21 @ 1:00 PM (ET)

Save My Spot:
https://info.knowbe4.com/ces-demo-month-1?partnerref=CHN2

Threat Actors Exploit Misconfigurations to Spoof Internal Emails

Attackers are increasingly abusing network misconfigurations to send spoofed phishing emails, according to researchers at Microsoft. This technique isn't new, but Microsoft has observed a surge in these attacks since May 2025.

"Phishing actors are exploiting complex routing scenarios and misconfigured spoof protections to effectively spoof organizations' domains and deliver phishing emails that appear, superficially, to have been sent internally," the researchers write.

"Threat actors have leveraged this vector to deliver a wide variety of phishing messages related to various phishing-as-a-service (PhaaS) platforms such as Tycoon2FA. These include messages with lures themed around voicemails, shared documents, communications from human resources (HR) departments, password resets or expirations, and others, leading to credential phishing."

Employees are more likely to fall for these attacks, since they appear to be sent by people within their organization.

"Phishing messages sent through this vector may be more effective as they appear to be internally sent messages," the researchers write. "Successful credential compromise through phishing attacks may lead to data theft or business email compromise (BEC) attacks against the affected organization or partners and may require extensive remediation efforts, and/or lead to loss of funds in the case of financial scams."

Microsoft says a majority of these messages, as with most other phishing emails observed in 2025, were sent via the Tycoon2FA phishing platform.

"PhaaS platforms such as Tycoon2FA provide threat actors with a suite of capabilities, support and ready-made lures and infrastructure to carry out phishing attacks and compromise credentials," the researchers write.

"These capabilities include adversary-in-the-middle (AiTM) phishing, which is intended to circumvent multifactor authentication (MFA) protections. Credential phishing attacks sent through this method employ a variety of themes such as voicemail notifications, password resets, HR communications, among others."

Blog post with links:
https://blog.knowbe4.com/threat-actors-exploit-misconfigurations-to-spoof-internal-emails

Critical Capabilities When Evaluating Human Risk Management Platforms

Human Risk Management (HRM) is more than just the next step in security awareness training (SAT)—it's a fundamental shift in how organizations approach human security risks.

A more innovative, proactive approach is required. One that provides real-time guidance to employees to mitigate an attack before it succeeds while also providing training at the moment of risky behavior. This is why real-time security coaching has emerged as a powerful two-pronged mitigation strategy for stopping these attacks.

Download this whitepaper to understand:

• The difference between security awareness training and human risk management
• How HRM platforms take a data-driven approach to human cyber risk
• The key capabilities to allow an HRM platform to identify, quantify and mitigate human risk effectively

Download Now:
https://info.knowbe4.com/whitepaper/evaluating-human-risk-management-platforms-chn

Let's stay safe out there.

Warm regards,

Stu Sjouwerman, SACP
Executive Chairman
KnowBe4, Inc.

PS: Watch the new KnowBe4 "Save The Humans" video- it's a riot!:
https://www.youtube.com/watch?v=GSvriOO8Z_g

PPS: I really like the new a16z promo video: "It's Time To Build":
https://youtu.be/M9VKnPMs6Rw?si=z9fSVh22NMFmFtzn

You can read CyberheistNews online at our Blog
https://blog.knowbe4.com/cyberheistnews-vol-16-03-new-scam-ai-deepfakes-religious-leaders-to-steal-your-money

Report: Microsoft Was the Most Impersonated Brand in Q4 2025

Microsoft was the most commonly impersonated brand in phishing attacks during the fourth quarter of 2025, according to researchers at Guardio. Microsoft was followed by Facebook, Roblox, McAfee, Steam, AT&T, Amazon, Google, Yahoo and Coinbase.

"Scammers ramped up brand impersonation attacks throughout Q4 2025, timing their campaigns around when people are busiest online, shopping for deals, renewing subscriptions or looking for jobs," Guardio says.

"They targeted Microsoft, Facebook, Roblox and McAfee by launching fake storefronts during Black Friday, sending delivery scams throughout December's package delivery rush, and running job scams as January job hunting picks up."

Microsoft and Facebook are generally among the most commonly impersonated brands throughout the year, due to their massive userbases. Some of the other brands are more commonly targeted near the end of the year, during the holiday and tax seasons.

"For example, gaming platforms like Steam see heavy traffic during year-end holiday sales," the researchers explain. "Phone and web service companies (AT&T, Google, Yahoo) get more attention in December when people check their accounts and renew subscriptions.

"Amazon gets targeted because of holiday shopping, while Coinbase gets hit when people review their crypto investments and prepare for tax season." Users should maintain a healthy sense of suspicion and be on the lookout for social engineering in order to avoid falling for these attacks.

"Staying safe requires consistent vigilance," Guardio says. "Verify sender authenticity before clicking links, checking for domain misspellings or suspicious extensions. Navigate to official websites independently rather than using links in messages.

"Enable two-factor authentication on all accounts. Most importantly, pause before acting on urgent messages. Scammers count on people acting fast without thinking."

KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 HRM+ platform to strengthen their security culture and reduce human risk.

Blog post with links:
https://blog.knowbe4.com/report-microsoft-was-the-most-impersonated-brand-in-q4-2025

Phishing Campaign Abuses Google’s Infrastructure to Bypass Defenses

Researchers at RavenMail warn that a major phishing campaign targeted more than 3,000 organizations last month, primarily in the manufacturing industry.

The phishing messages posed as legitimate business notifications, such as file access requests or voicemail alerts, and were designed to send users to credential-harvesting login pages.

Notably, the campaign abused legitimate Google infrastructure and links to avoid being flagged by security tools. "In each case, emails were sent from legitimate Google infrastructure, passed SPF, DKIM and DMARC, and used trusted Google-hosted URLs as payloads," RavenMail says.

"This fundamentally breaks the trust model that most email security platforms rely on....Security researchers have repeatedly observed that these campaigns bypass both secure email gateways and native email protections because there is nothing technically 'wrong' with the message delivery itself."

The campaign didn't involve any breach of Google's systems, but the attackers were able to "manipulate workflow automation services meant to streamline business processes." The researchers note that this is part of a broader trend in which attackers are abusing legitimate services to bypass defenses.

"Attackers are also hosting phishing pages and multi-stage redirectors on Google Cloud Storage (GCS) - a fully trusted, HTTPS-served domain space," RavenMail says.

"Because many URL reputation systems treat cloud provider domains as benign, these links frequently evade detection. Separately, other campaigns have exploited Google platforms like Google Classroom and Google Forms to distribute phishing content at massive scale and avoid security filters that block unknown or low-reputation domains."

Blog post with links:
https://blog.knowbe4.com/phishing-campaign-abuses-googles-infrastructure-to-bypass-defenses

What KnowBe4 Customers Say

"Hi Bryan, yes, we're happy with KnowBe4 and its service. I'd like to offer a shoutout to Nicholas W. for being a great CSM. He is knowledgeable, easy to talk with, and has been accommodating throughout our implementation."

- D.L., Director of Information Technology

"I wanted to reach out to you again to express my sincere gratitude for KnowBe4’s amazing product and also for the fabulous Elise B. A couple of months ago, I’d mentioned to her during our monthly check-in call that we were having trouble with a different vendor that we’d been using for the past several years for secure code development training for our engineering team.

"Elise told me that if I wanted her to, I could send her the content descriptions we wanted for our secure code training, and she would work with the KnowBe4 team to identify similar content that would be included in our existing subscription.

"Fast forward to December 2025, and because of the help that Elise provided, we were able to terminate our contract with this other vendor, saving upwards of $18k/year. We couldn’t be happier with the excellent support that Elise and the KnowBe4 team have provided to us since we signed up. I will continue to sing your praises to anyone who will listen!"

- J.M., Audit and Compliance Manager

1. Facebook login thieves now using browser-in-browser trick:
   https://www.bleepingcomputer.com/news/security/facebook-login-thieves-now-using-browser-in-browser-trick/
   
   
2. BreachForums Breached, Exposing 324K Cybercriminals:
   https://www.darkreading.com/threat-intelligence/breachforums-breached-exposing-324k-cybercriminals
   
   
3. Senate passes a bill that would let nonconsensual deepfake victims sue:
   https://www.theverge.com/news/861531/defiance-act-senate-passage-deepfakes-grok
   
   
4. North Korean Hackers Exploit Code Repositories in "Contagious Interview" Campaign:
   https://gbhackers.com/contagious-interview/
   
   
5. Microsoft disrupts RedVDS cybercrime platform behind $40 million in scam losses:
   https://therecord.media/microsoft-redvds-cybercrime-scam
   
   
6. Poland says it repelled major cyberattack on power grid, blames Russia:
   https://therecord.media/poland-cyberattack-grid-russia
   
   
7. CISO Role Reaches "Inflexion Point" With Executive-Level Titles:
   https://www.infosecurity-magazine.com/news/ciso-role-inflexion-point/
   
   
8. China-linked phishing attacks are targeting U.S. officials with Venezuela-themed lures:
   https://www.reuters.com/business/media-telecom/chinese-linked-hackers-target-us-entities-with-venezuelan-themed-malware-2026-01-15/
   
   
9. Phishing attacks impersonate HR with anxiety-inducing lures:
   https://www.scworld.com/brief/phishing-scam-exploits-performance-review-anxiety-to-deploy-malware
   
   

• Virtual Vaca #1 The Spectacular Subterranean Canal Underneath Paris:
  https://youtu.be/8uFbPgFqeGI
  
  
• Virtual Vaca #2 BUSAN, SOUTH KOREA (2026) | 10 Best Things To Do In & Around Busan:
  https://youtu.be/cTRRbFtPViI
  
  
• Virtual Vaca #3 Little Big World - Tilt Shift in Paradise: Willemstad, Curaçao:
  https://youtu.be/n1edatVT-QA
  
  
• The Hidden Tricks of Disneyland:
  https://youtu.be/zSw_Jnvt7Ls
  
  
• [OLD] Vienna 1906 Streetcar/Tram Ride in Color [4K 60fps w/ Sound]:
  https://youtu.be/4TyTftQed90
  
  
• [NEW] New Monocycle Concept Test Drive at 2026 Expo:
  https://youtube.com/shorts/kg0_IqihST4
  
  
• Official Guinness World Record: 2026 Dubai 50,000 Drone Show Full Video:
  https://youtu.be/f62AFeJpgjw
  
  
• How BASE Jumpers Get to the Beach | Happy New Year:
  https://youtu.be/D5CNTlCwWqM
  
  
• Tesla Lithium Refinery ushers in energy independence for North America:
  https://www.youtube.com/watch?v=rxYTx6aj96k
  
  
• The €3 Million Hypercar That Hates Technology:
  https://youtu.be/jfc0ZXJeRI0
  
  
• This two-minute chain-reaction, using 85 parts from a Honda Accord, with each car part triggering off the next, demonstrates technical excellence and precision:
  https://www.flixxy.com/honda-accord-rube-goldberg.htm?utm_source=chn&utm_medium=email
  
  
• BMW's first electric M car is coming in 2027—with one motor per wheel:
  https://arstechnica.com/cars/2026/01/bmws-first-electric-m-car-is-coming-in-2027-with-one-motor-per-wheel/
  
  
• For Da Kids #1 - Amazing Dog In Norway Rescues Lost Dogs In The Woods:
  https://youtu.be/u_gl_g_muP0
  
  
• For Da Kids #2- Feisty Fox Protects Her Boyfriend At All Costs:
  https://youtu.be/5Bl9vZweCjY
  
  
• For Da Kids #3 - Snow Day, Happy Cat:
  https://youtube.com/shorts/FQ2ZvWz-9tc
  
  
• For Da Kids #4 - Meet Opal the sea otter at the Monterey Bay Aquarium:
  https://youtu.be/WnXmn7c1lkk
  
  
• For Da Kids #5 - Baby Orangutan Lost Mom At Days Old And Clung To Lady Instead:
  https://youtu.be/uz5SUDUpkrU