Threat Watch

Threat Actors Send Fake Phishing Training

A new phishing campaign has been spotted by email security company KnowBe4 that is trying to lure victims in with a warning to complete their security awareness training within 24 hours. The email is designed to appear as if it was sent by KnowBe4 and even tells victims that the training is not available on the normal portal to ease concerns of the suspicious link. Clicking on the link in the phishing messages redirects the victim to what appears to be a compromised WordPress site with a .ru domain. The site hosts a fake Outlook Web App, which, after asking for credentials will then ask for their username, email, birthday, address and to confirm their password.

ANALYST NOTES

Organizations that use KnowBe4 for phishing training should be aware that the official domain is knowbe4.com. If an email seems suspicious, report it to your organization’s security team so filters can be created to block it. In a case like this where the email warns about completing security awareness training, a direct manager should know if training links are being sent. If you do click on a link, pay attention to the full address in your browser’s address bar a think about the reason behind the email. A training portal from a third-party company should not redirect to a .ru domain and should not be asking for Outlook credentials.

Source: https://www.bleepingcomputer.com/news/security/this-security-awareness-training-email-is-actually-a-phishing-scam/