In the ever-evolving landscape of cybersecurity threats, we've recently encountered a sophisticated phishing attempt targeting one of our valued KnowBe4 customers. This incident serves as a crucial reminder of the importance of remaining vigilant and maintaining robust email security measures.
Our customer received a suspicious email that closely mimicked KnowBe4's legitimate "Please Complete Assigned Training" notifications. At first glance, the email appeared authentic, demonstrating the increasing sophistication of phishing attacks.
Here's an example of what the phishing email looked like:
Fortunately, the customer's email security controls successfully blocked the malicious email as it failed DMARC authentication.
Key Indicators of the Phishing Attempt
-
Spoofed Sender Domain: Upon examining the email headers, it was discovered that the email was sent from a suspicious domain: [@]docusign[.]gr[.]com. This is a clear red flag, as legitimate KnowBe4 emails would never originate from a third-party domain.
-
Malicious URL: The email contained a link to concursolutions[.]us[.]com, which is not associated with KnowBe4. At the time of writing, this site has been taken down, but it was likely a phishing page designed to steal credentials or other sensitive information.
Lessons Learned and Best Practices
This incident highlights several important points:
-
Email Authentication is Crucial: The customer's DMARC implementation successfully caught this phishing attempt. We strongly recommend all organizations implement and maintain strict DMARC, SPF, and DKIM policies.
-
URL Inspection: Always hover over links to verify their destination before clicking. In this case, the URL clearly did not lead to a KnowBe4-owned domain.
-
Sender Verification: Check the full email address of the sender, not just the display name. Legitimate KnowBe4 emails will always come from a knowbe4.com domain.
-
Stay Informed: Cybercriminals are constantly updating their tactics. Regular security awareness training helps employees stay ahead of these evolving threats.
-
When in Doubt, Reach Out: If you're unsure about an email's legitimacy, contact your IT department or the supposed sender through a known, trusted channel.
We urge all our customers and partners to remain vigilant against these types of attacks. Cybercriminals are increasingly targeting security-aware organizations, hoping to catch even the most cautious users off guard.
