Phishing Alert: Cybercriminals Impersonating KnowBe4 Coaching Emails

Within the ever-evolving panorama of cybersecurity threats, we have lately encountered a complicated phishing try focusing on one among our valued KnowBe4 prospects. This incident serves as a vital reminder of the significance of remaining vigilant and sustaining sturdy electronic mail safety measures.

Our buyer obtained a suspicious electronic mail that carefully mimicked KnowBe4’s respectable “Please Complete Assigned Training” notifications. At first look, the e-mail appeared genuine, demonstrating the rising sophistication of phishing assaults.

Here is an instance of what the phishing electronic mail appeared like:

Screenshot 2024-10-31 at 1.39.13 PM

Fortuitously, the shopper’s electronic mail safety controls efficiently blocked the malicious electronic mail because it failed DMARC  authentication.

Key Indicators of the Phishing Try

  1. Spoofed Sender Area: Upon analyzing the e-mail headers, it was found that the e-mail was despatched from a suspicious area: [@]docusign[.]gr[.]com. This can be a clear pink flag, as respectable KnowBe4 emails would by no means originate from a third-party area.

  2. Malicious URL: The e-mail contained a hyperlink to concursolutions[.]us[.]com, which isn’t related to KnowBe4. On the time of writing, this website has been taken down, however it was probably a phishing web page designed to steal credentials or different delicate data.

Classes Discovered and Finest Practices

This incident highlights a number of vital factors:

  1. E mail Authentication is Essential: The shopper’s DMARC implementation efficiently caught this phishing try. We strongly advocate all organizations implement and keep strict DMARC, SPF, and DKIM insurance policies.

  2. URL Inspection: At all times hover over hyperlinks to confirm their vacation spot earlier than clicking. On this case, the URL clearly didn’t result in a KnowBe4-owned area.

  3. Sender Verification: Examine the complete electronic mail tackle of the sender, not simply the show title. Reputable KnowBe4 emails will all the time come from a knowbe4.com area.

  4. Keep Knowledgeable: Cybercriminals are continuously updating their techniques. Common safety consciousness coaching helps staff keep forward of those evolving threats.

  5. When in Doubt, Attain Out: For those who’re uncertain about an electronic mail’s legitimacy, contact your IT division or the supposed sender by way of a recognized, trusted channel.

We urge all our prospects and companions to stay vigilant in opposition to these kind of assaults. Cybercriminals are more and more focusing on security-aware organizations, hoping to catch even probably the most cautious customers off guard.

KnowBe4 empowers your workforce to make smarter safety choices each day. Over 70,000 organizations worldwide belief the KnowBe4 platform to strengthen their safety tradition and scale back human danger.

Recent articles