CyberheistNews Vol 16 #25 | June 23rd, 2026
[The AI Tell] How To Expose Machine-Written Phishing Fast
By the KnowBe4 Threat Lab
Phishing has always been a game of impersonation. But for decades, the tell was in the details: a misspelled word here, an awkward sentence there, a logo that was just slightly off. Security awareness training built an entire doctrine around those cues. Spot the typo, avoid the trap.
That playbook is now obsolete.
KnowBe4's latest Phishing Trends Report found that 86% of phishing attacks observed in the last six months involved some level of AI assistance. The emails arriving in your employees' inboxes today are polished, correctly branded, grammatically flawless and highly personalized.
But here's what threat actors didn't account for: AI leaves fingerprints. And KnowBe4 Threat Lab analysts know what to look for.
The Threat Has Changed. Your Training Hasn't.
Before diving into the technical indicators, it's worth grounding the scale of what we're seeing. Phishing powered by AI isn't a niche or emerging threat.
It's the new baseline.
Industry data supports what KnowBe4 analysts are seeing in the wild. AI-generated phishing now achieves click-through rates of roughly 54%, compared to 12% for traditionally crafted campaigns. Cisco Talos' Q1 2026 IR Trends report found that phishing has surged back to become the #one vector for initial access, overtaking vulnerability exploitation.
Approximately two to four billion phishing emails are sent out globally every single day. The attack volume is only part of the story. What KnowBe4 Threat Lab set out to document isn't just that AI is being used.
It's about how it's being used, what it leaves behind and what that means for defenders.
Finding One: Identifying AI Traces and Fingerprints
One of the most revealing artifacts our analysts identified appeared in the very first line of an AI-generated extortion email. The message opened with:
"Here is the message formatted and divided into sections:"
[CONTINUED] on the KnowBe4 Blog with links and screenshots:
https://blog.knowbe4.com/what-ai-cant-hide-when-it-writes-a-phishing-email
Email & Messaging Security That Understands You
Email is your riskiest channel for attacks and data loss. Nearly 58,000 threats slip past traditional defenses every day. They're not occasional. They're persistent, high-volume and growing more sophisticated with AI.
See how you can stop up to 97% more attacks and uncover 10x more potential data breaches before they happen.
Join this live demo of KnowBe4’s Cloud Email Security to see how you can detect the full spectrum of inbound threats and outbound data loss, and coach your workforce in real time against every threat.
We will showcase:
- Self-Serve DLP Rule Builder: Easily build and manage custom rules to stop outbound data leaks.
- Misdirected Content Analysis: Smarter AI that understands context to catch errors before sensitive data goes to the wrong recipient.
- NEW! Microsoft Teams Messaging Security: Extending defense beyond the inbox to monitor external chats, block threats and harden collaboration settings.
- Teachable Security Moments: Real-time coaching that fixes risky user behavior in the moment.
Your defenses are only as strong as your weakest entry point. Don't let email be it.
Date/Time: THIS WEEK: Wednesday, June 24, @ 2:00 PM (ET)
Save My Spot:
https://info.knowbe4.com/ces-demo-3?partnerref=CHN2
[Watch Your Back] 4 Travel Scams Heating Up This Summer
By KnowBe4 CISO Advisor Erich Kron
When the weather starts to get warmer, it is a sign that summer is around the corner. But just as the weather heats up and travel plans get booked, scammers capitalize on the season by performing nefarious schemes to separate victims from their money and other valuables.
Recent McAfee research found that more than one in three Americans have experienced a travel-related cyberthreat, with 41% of those affected losing money, often costing victims over $500. Nothing will ruin your vacation faster than falling for a scam. These top four safety tips with some of the latest scams can help to better protect you and your family during the upcoming summer travel season.
Watch out for fake travel agents or event planners: Scammers will make themselves appear to be legitimate travel agents or event planners, collect deposits for the events, then disappear. This can be especially effective with events such as cruises where individuals can pay a deposit and finish paying for the rest of the trip later. By the time the victim realizes something is wrong, the scammer is long gone with the money.
Beware of SIM scams: Purchasing a physical local SIM card for a cell phone is common, especially when traveling internationally and when wishing to avoid roaming charges. Be careful who you purchase SIM cards from, especially when around airports or train stations, as they may have a very limited amount of data, may be close to expiration, or may be stolen or belong to someone else. If your phone supports it, purchasing an eSIM from a major reputable carrier is often a safer bet and can be done before you even start your trip.
Keep your items close: Consider keeping your wallet in a front pocket instead of a back pocket, or keep your purse worn across your body and zipped to discourage pickpockets and thieves. In busy areas, such as train stations or outside of airport secure areas, such as baggage claim areas, where bumping into others is not unusual, pickpockets are more common.
Use digital keys when possible: Criminals have been caught renting a room through a vacation rental service, copying the physical key, then entering the property when the next tenants go out to sightsee. When possible, rent a property that has a digital door code or lock that changes the number for each rental.
Cyber safety goes beyond the workplace, and everyone needs to be equipped with the knowledge to defend themselves against evolving online threats. That is why KnowBe4 introduced a program called Cyber Awareness Program for You (CAPY). It is a new, one-stop, free online hub providing cybersecurity training for the entire family, with key digital safety topics such as phishing and good password hygiene.
CAPY is our commitment to making security awareness accessible and appealing for everyone. The summer season reminds us that everyone needs to stay safe, especially with the busy upcoming travel season upon us.
It is easy to let your guard down on vacation, a time when you are meant to be more carefree. However, it is critical to keep these cybersecurity tips top of mind so your travel plans do not get ruined by a scam or other unfortunate circumstance. With this actionable knowledge, travelers can navigate today's digital landscape securely.
Blog post with links:
https://blog.knowbe4.com/4-hot-summer-travel-tips-to-avoid-scams
[Virtual Summit] Secure Every Human & AI Agent
Join us for the Workforce Security Summit on July 8 to see what securing both your humans and AI agents looks like in practice.
The workforce has changed; your security strategy needs to catch up. AI agents are proliferating across your organization. Attackers are weaponizing deepfakes and AI-powered social engineering against your people. The old playbook wasn't built for a workforce that is no longer purely human.
Here's what you'll walk away with:
- Look to the future of AI-native security: Join CEO Bryan Palma for a look at the future of digital workforce security and the innovation shaping what comes next
- Know your threat. Own your defense. Walk away confident you have the knowledge and tools to defend against the threats targeting your people and agents — deepfakes, AI-powered phishing, voice cloning and more
- See what’s coming on the KnowBe4 Platform roadmap and get an exclusive inside look at what’s next
Date/Time: Wednesday, July 8, @ 1:00-3:00 PM (ET)
Save My Spot:
https://www.knowbe4.com/webinar-library/workforce-summit-na?partnerref=CHN2
A Credit Score for Cyber Behavior
By KnowBe4 CEO Bryan Palma
You can add verified AI skills to your LinkedIn profile. Certifications proving you know how to use the latest tools. This shows progress, but it is only half the problem.
While we are getting very good at verifying what people know, we still have almost no way to verify how they behave.
In hiring, we obsess over experience while pondering cultural fit. We run background checks. We validate credentials. But when it comes to digital responsibility and those daily behaviors determining security risk, we are still guessing.
The Trust Gap in Hiring
KnowBe4 works with more than 70,000 organizations worldwide on digital workforce security. So, I see this pattern constantly: Employees complete simulations. They sit through awareness programs. Organizations test them on phishing, data handling and acceptable use.
And then they leave. When they move to a new job, their entire security track record disappears. The next employer starts from zero, with no visibility into how that person actually behaves when security gets inconvenient.
- Do they report suspicious emails or just delete them (or worse, click on them)?
- Do they follow data-handling protocols, or do they feed sensitive data into shadow AI tools to move faster?
- Do they respect guardrails or treat them as optional?
- These behaviors rarely show up in interview questions, but they determine whether someone protects your organization or puts it at risk.
Remote work, cloud access, and AI tools have dramatically expanded what a single employee can touch. One person's poor judgment can expose customer data, intellectual property, or financial systems. According to IBM's 2025 Cost of a Data Breach Report, the average phishing-related breach now costs organizations $4.8 million.
What Lending Figured Out in 1989
Before 1989, lending decisions were largely subjective. A bank officer would review a 20-page credit report and make a judgment call. The process was inconsistent, slow, and prone to bias. Then FICO changed everything. A single score, built on behavioral data, gave lenders a standardized way to evaluate risk.
It followed you from bank to bank. It worked. Today, 90% of top U.S. lenders use FICO scores to make credit decisions.
Cybersecurity behavior needs the same transformation. Right now, every organization evaluates employee risk differently. There is no standard. No portability. No way to distinguish someone with a decade of responsible behavior from someone who routinely ignores security protocols.
A FICO-style cyber Risk Score would aggregate patterns over time: how consistently someone reports phishing attempts, how they perform in simulations, and whether they respect data governance and security controls. Not a single mistake, but sustained behavior.
Someone who does the right thing consistently builds trust. Someone who routinely bypasses controls does not. That distinction matters. And it should not reset every time someone changes jobs.
From Compliance Tax to Personal Brand Building
Employees invest real time in security training. But this investment stays invisible. There is no credential, no portable proof they did the work and did it well.
What if good security behavior was something you owned? Something portable. Something that followed you throughout your career.
For roles with real fiduciary responsibility (finance leaders, executives and board members), this matters even more. A verified Risk Score becomes proof you take digital responsibility seriously. It does not replace skills or experience. It adds a dimension we currently do not see. When two candidates look identical on paper, trust becomes the differentiator.
Humans Are Not the Only Workforce Anymore
This conversation gets even more urgent as AI agents become part of the workforce. We already scope employee access based on role. A finance person does not need engineering systems. An HR manager does not need payroll data. AI agents should be treated the same way.
We need a consistent framework for evaluating risk, whether the "worker" is a human or an AI agent. The same principles apply: training, behavior and patterns over time. The workforce is no longer just people. Our trust models need to catch up.
Trust as Professional Currency
Technical skills age quickly. Tools change, and platforms evolve. Today’s hot AI skill will be obsolete sooner than most people expect. But a track record of responsible behavior compounds.
Every phishing attempt you report, every protocol you follow, every good decision you make when no one is watching. This is data. Over time, it becomes a reputation.
For years, security behavior has been invisible in hiring decisions. This is a missed opportunity. The professionals who take it seriously deserve a way to prove it.
The most valuable credential on your future resume may not be a degree or a certification. It may be proof you can be trusted.
Available at the KnowBe4 Blog:
https://blog.knowbe4.com/credit-score-for-cyber-behavior-risk-portability
KnowBe4 Earns Frost & Sullivan’s 2026 Global Customer Value Leadership Recognition
Email remains the most prevalent initial attack vector in modern cyber incidents, with cybercriminals now leveraging machine-speed AI to bypass legacy filters.
The evolving threat landscape, characterized by AI-generated phishing campaigns, impersonation attacks and compromised legitimate accounts, means moving beyond static detection models and signature-based approaches.
This report from Frost & Sullivan discusses the rapidly shifting email security landscape and details why KnowBe4 has been recognized with the 2026 Global Customer Value Leadership Award.
Download to discover:
- Why integrating attack simulation and training with automated threat identification is vital to stop advanced social engineering tactics before they disrupt your organization
- How the KnowBe4 Platform combines inbound threat detection, outbound data protection and automated incident response into a single ecosystem to eliminate overlapping tools and slash operational overhead
Download Your Copy Now:
https://info.knowbe4.com/2026-frost-sullivan-global-email-security-leader-report?utm_source=chn_email&utm_medium=email&utm_campaign=dg-ces-campaign-26&utm_content=2026-frost-and-sullivan-report
Let's stay safe out there.
Warm regards,
Stu Sjouwerman, SACP
Executive Chairman
KnowBe4, Inc.
PS: [Heads Up] Interpol report says phishing is the most damaging form of cybercrime:
https://www.interpol.int/News-and-Events/News/2026/New-INTERPOL-report-highlights-escalating-cyber-threats-across-Asia-and-South-Pacific
PPS: [Maybe Not Sci-Fi?] 2027: a Mythos-level open-source model triggers a ransomware wave:
https://europe2031.ai/summary/
- Russian proverb, popularized by Ronald Reagan - 40th U.S. President (1911-2004)
- Warren Buffett - investor, philanthropist, and CEO of Berkshire Hathaway (born 1930)
You can read CyberheistNews online at our Blog
https://blog.knowbe4.com/cyberheistnews-vol-16-25-the-ai-tell-how-to-expose-machine-written-phishing-fast
Americans Lost $900 Million to AI-Powered Scams Last Year
The U.S. Federal Bureau of Investigation (FBI) warns that Americans lost just under $900 million to AI-powered scams in 2025, Malwarebytes reports. Total reported losses to scams last year reached nearly $21 billion, a 26% increase from 2024. The researchers note that the true losses are likely much higher, since many attacks go unreported.
"The main drivers behind the rise in AI-powered scams are voice cloning, deepfake images and videos, and AI‑generated scripts," Malwarebytes says. "These tools have supercharged classic fraud schemes such as romance scams, kidnapping and extortion calls, fake influencers and government impersonation."
The FBI notes that AI tools have drastically lowered the bar for attackers to craft highly realistic fraudulent content.
"AI technology enables the creation of convincing synthetic content, such as social media profiles and personalized conversations, often in mass quantities," the Bureau says. "People have manipulated video and audio similarly for decades, but the widespread availability of this developing technology makes it possible to create high-quality content.
"AI-enabled synthetic content is becoming increasingly difficult to detect and easier to make, which allows criminal actors to potentially conduct successful fraud schemes against individuals, businesses and financial institutions." Malwarebytes concludes that these attacks will increase as AI tools improve and become more accessible.
"The FBI and financial institutions recommend verifying identities via official contact channels," Malwarebytes says. "One of their biggest concerns is government impersonation scams, which have evolved from crude IRS gift‑card phone calls into sophisticated, multi‑channel operations that combine spoofed caller ID, stolen agency logos, and AI‑generated audio and video of public officials.
"This report, and others like it, shows how AI is being weaponized to automate research on victims, generate convincing scripts and create highly believable deepfake personas at scale. AI is also increasingly used in business email compromise (BEC), romance scams and impersonation fraud. In BEC cases involving AI, losses have already reached tens of millions of dollars for businesses alone."
Blog post with links:
https://blog.knowbe4.com/ai-powered-scams-fbi-report-losses
Social Engineering Attacks Increasingly Abuse Workplace Collaboration Tools
Threat actors are increasingly abusing workplace collaboration tools like Microsoft Teams to launch social engineering attacks, according to researchers at Palo Alto Networks’ Unit 42.
Attackers are sending Teams messages that impersonate IT personnel, asking users to approve a multifactor authentication prompt. Both criminal and nation-state threat actors are using this social engineering technique to compromise organizations’ environments.
While Microsoft Teams has measures to warn users about potential attacks, the user can still be tricked into accepting the message. "These chat messages can appear directly in an employee’s feed," the researchers write. "Microsoft Teams has an impersonation protection feature that presents additional warnings to the chat recipient, but the onus is still on the user to decide whether to accept the message as legitimate.
"While Teams provides visual indicators that a sender is external, users may overlook these warnings when the sender appears to represent a known vendor, partner or internal support function. Threat actors count on this combination of visual and domain familiarity to impersonate trusted entities.
"This lowers user suspicion and increases the likelihood of successful social engineering." Unit 42 notes that workplace collaboration tools are a growing attack vector as organizations continue to rely on these tools for day-to-day activities.
"Threat actors have increasingly moved away from traditional phishing techniques toward trusted collaboration tools," the researchers write. "In the first four months of 2026, phishing alerts from collaboration tools represented 42% of all phishing alerts in Cortex, up from 30% of all phishing alerts in the preceding four months.
"Organizations continue to make progress in the effort to prevent email phishing. Email gateways are more intelligent. Awareness training and regular phishing simulations have conditioned users to be cautious with email, but far less so with collaboration tools.
"Using collaboration tools for malicious operations helps a threat actor blend in with legitimate operations. Threat actors know this and use collaboration tools for phishing, with Microsoft Teams being one of those tools."
AI-powered security awareness training gives your organization an essential layer of defense by teaching your employees to recognize evolving social engineering attacks. KnowBe4 empowers your workforce to make smarter security decisions every day.
Unit 42 has the story:
https://unit42.paloaltonetworks.com/microsoft-teams-phishing/
What KnowBe4 Customers Say
"I wanted to reach out to you real quick about Ashley F. The reason I am reaching out now is because I had an opportunity the other day to work with Jose in support, who was AWESOME!
"I was able to submit a review of that interaction, but that got me thinking, I need to do something for Ashley. I noticed she did not have anything in her signature line, so I asked her who I could send a quick note to.
"I have worked with Ashley for about three years in my role as Operations Manager, and every interaction with her is AMAZING! I come from a non-technical background, and from the first time I spoke with Ashley about KnowBe4 she put me at ease and has been both a wealth of knowledge and source of much laughter!
"Ashley is always quick to respond when I reach out, and more than willing to help. There are plenty of other vendor reps I work with every week, and some I actively try to avoid, LOL! But none of them have made working with them a pleasure the way Ashley has. In my opinion she really is the best!"
- G.L., Operations Manager
- Phishing attacks have exposed data at 86% of Fortune 100 companies:
https://www.globenewswire.com/news-release/2026/06/17/3313726/0/en/SpyCloud-Report-Finds-Phishing-Attacks-Surge-as-Employee-Data-Is-Exposed-at-86-of-Fortune-100-Companies.html - FBI: Fraudsters use couriers to steal money in crypto scams:
https://www.ic3.gov/PSA/2026/PSA260615 - How Millions of Digital Home Devices Are Secretly Powering Cyberattacks:
https://www.wsj.com/tech/cybersecurity/how-millions-of-digital-home-devices-are-secretly-powering-cyberattacks-8fd73584 - EU Sets Rules Roadmap for Deepfake, AI Content Labels:
https://www.eweek.com/news/eu-ai-content-labelling-code/ - EU grants Ukraine access to cybersecurity reserve for major attacks:
https://therecord.media/ukraine-access-eu-cybersecurity-reserve - Hackers Use Reporter Impersonation to Target C-Suite Executives in Social Engineering Attacks:
https://gbhackers.com/reporter-impersonation-to-target-c-suite/amp/ - North Korean Hiring Fraud Runs on AI and US Laptop Farms:
https://www.infosecurity-magazine.com/news/north-korea-it-worker-fraud-ai/ - Fresh Phish: How to Stay a Step Ahead of the Latest QR Code Phishing Scam:
https://www.inky.com/en/blog/fresh-phish-how-to-stay-a-step-ahead-of-the-latest-qr-code-phishing-scam - The EvilTokens phishing kit targets Microsoft 365 accounts:
https://www.welivesecurity.com/en/cybercrime/eviltokens-phishing-doesnt-steal-password/ - New Android malware targets over 200 banking apps:
https://www.helpnetsecurity.com/2026/06/17/rokarolla-android-banking-trojan-device-takeover/
- Virtual Vaca #1 - CAPE WINELANDS, SOUTH AFRICA (2026) | Travel Guide to Paarl, Stellenbosch, Franschhoek & Tulbagh:
https://youtu.be/erboddQd1yM - Virtual Vaca #2 - Exploring Canyonlands Needles District – Utah's Desert Wonderland [Amazing Places 4K]:
https://youtu.be/-2ZoG6rsnFo - Wingsuit Flying to a Remote Alpine Beach:
https://youtu.be/0j4Ie6fnbXA - The Cavorite X7: No Ground Charging Required. I want one!:
https://youtu.be/v_uTxBNRCrQ - World’s First 6x6 Ferrari Testarossa:
https://youtu.be/jthox--XomY - He asks for the most difficult piece ever and SHOCKS everyone with his pan flute:
https://youtube.com/shorts/DDVXibCrKiY - 1920s Berlin | Rare Film Restored to Life in 4K Color with Sound:
https://youtu.be/qNew73kLae8 - The €7BN Mega-Canal That Will Reshape Europe:
https://youtu.be/VdWQQ1OCUPo - Soccer Skills & Trick Shots | World Cup IRL:
https://www.youtube.com/watch?v=VQVO1_dgoJs - Invictus Games flag delivery by Gravity Jet Suit | Richard Browning flies ashore to deliver the flag:
https://youtu.be/lkkeZvWcN-s - A Doo-Wop Dream: Waking Up in 1956. I am in love:
https://www.flixxy.com/i-woke-up-in-1956-and-fell-in-love-with-the-past.htm?utm_source=chn&utm_medium=email - For Da Kids #1 - Wild Swans Keep Bringing Their Babies to This Home Every Year:
https://youtu.be/IDw0RmBtOho - For Da Kids #2 - Baby Yak Demands Cuddles:
https://youtu.be/ILbQuQik2yY - For Da Kids #3 - Can’t adopt a dog right now? Try this instead:
https://youtu.be/D3_ik3x5Vyg - For Da Kids #4 - Man discovers squirrels hug and kiss loved ones in privacy of their homes:
https://youtu.be/4lcP3JgCRL0 - For Da Kids #5 - Rescue dog thinks she's being 'abandoned' when family leaves home:
https://youtu.be/wrkcN9sZ-rw
