Phishing campaign spoofs security awareness training notifications

Phishing campaign spoofs security awareness training notifications

A phishing email attempts to convince employees to click on malicious links in order to complete their security awareness training. (Cofense)

That anti-phishing training email your employees just received may, ironically, actually be a phishing email, according to cyber threat analysts who recently uncovered a security awareness-themed online social engineering campaign.


In a blog post on Wednesday, experts at Cofense reported uncovering a phishing campaign that sends emails purporting to be a notification urging employees to complete their training with cybersecurity awareness company KnowBe4. Clicking on the embedded links, however, takes email recipients to a phishing page designed to steal their Microsoft Outlook credentials and other personal information.


The email warns employees that they have only one day left to complete their training before the program expires. Urgency is often a tool used by social engineers to trick victims into making hasty decisions without thinking about the consequences of their actions. And the fact that the attackers chose a cybersecurity theme is especially deceptive.


The emails also “discourage recipients from browsing directly to legitimate company training pages with the following statement,” notes blog post co-authors Max Gann ..

Support the originator by clicking the read the rest link below.