CyberheistNews Vol 15 #22 | June 3rd, 2025

If I Had Only 20 Seconds To Teach People How To Avoid Scams

By Roger Grimes

Human risk management involves more than security awareness training, but training is a huge part of the mix.

How else are you going to best fight a cyberthreat that is responsible for 70% to 90% of all successful data breaches after already bypassing every technical cybersecurity defense you threw in its way?

At some point, a harmful scam message will make it to a user, and that user will be called upon to evaluate its importance and treatment. The user will be called upon to make a security decision that will impact their future happiness and maybe that of their employer.

Training people how to recognize and mitigate scams as effectively as possible isn't easy, especially in today's world, where anyone can use an AI-enabled deepfake to try to scam anyone else.

But if I had only 20 seconds to teach the most effective anti-scam lesson to everyone I could, it would be this:

If a message arrives unexpectedly and asks you to do something you've never done before (at least for that requestor), research the request using an alternate trusted method before performing.

Here's how I represent that statement graphically:

[CONTINUED] at the KnowBe4 Blog
https://blog.knowbe4.com/if-i-had-only-20-seconds-to-teach-people-how-to-avoid-scams

[Live Demo] How KnowBe4's AI Agents Reduce Your Security Risk

Phishing and social engineering remain the #1 cyber threat to your organization, with 68% of data breaches caused by human error. Your security team needs an easy way to deliver personalized training—this is precisely what our AI Defense Agents provide.

Join us for a demo showcasing KnowBe4's leading-edge approach to human risk management with agentic AI that delivers personalized, relevant and adaptive security awareness training with minimal admin effort.

See how easy it is to train and phish your users with KnowBe4's HRM+ platform:

• SmartRisk Agent™ - Generate actionable data and metrics to help you lower your organization's human risk score
• Template Generator Agent - Create convincing phishing simulations, including Callback Phishing, that mimic real threats. The Recommended Landing Pages Agent then suggests appropriate landing pages based on AI-generated templates
• Automated Training Agent - Automatically identify high-risk users and assign personalized training
• Knowledge Refresher Agent and Policy Quizzes Agent - Reinforce your security program and organizational policies.
• Enhanced Executive Reports - Track user activities, visualize trends, download widgets and improve searching/sorting to provide deeper insights and streamline collaboration

See how these powerful AI-driven features work together to dramatically reduce your organization's risk while saving your team valuable time.

Date/Time: TOMORROW, Wednesday, June 4, @ 2:00 PM (ET)

Save My Spot:
https://info.knowbe4.com/en-us/kmsat-demo-3?partnerref=CHN2

Capital One Customers Targeted by Credential Harvesting Phishing Campaign

The KnowBe4 Threat Lab has identified an active phishing campaign impersonating Capital One. The attacks are sent from compromised email accounts to help them evade reputation-based detection by native security and secure email gateways (SEGs).

Once delivered, the attacks use stylized HTML templates and brand impersonation to trick the recipient into believing the communications are legitimate.

Recipients who fall victim are directed to credential-harvesting websites. At this point, the campaign demonstrates significant infrastructure scale, operating across multiple domains with the capacity to rotate them to evade signature-based detection.

This campaign also ties into wider attack trends we've observed recently, including attackers prioritizing compromise of legitimate email accounts over the creation of fake ones; social engineering becoming more sophisticated and contextual; and the growing gap of what legacy detection tools can identify.

Phishing Attack Summary

• Vector and type: Email phishing
• Primary techniques: Brand impersonation, credential harvesting websites
• Targets: Organizations globally
• Platform: Microsoft 365
• Bypassed native and SEG detection: Yes

[CONTINUED] at KnowBe4 blog with links and screenshots
https://blog.knowbe4.com/capital-one-customers-targeted-by-credential-harvesting-phishing-campaign

[WEBINAR] Outsmart the Evolving Threat: Your Guide to Beating 2025's Phishing Epidemic

Your organization is facing a social engineering assault. Phishing emails evading secure email gateways surged 47% in 2024, while 33% of employees routinely interact with these threats. KnowBe4's analysis of 14.5 million users across 62,400 organizations reveals this perfect storm of sophisticated attacks targeting your most vulnerable assets—your people.

Join us for this webinar where KnowBe4's Erich Kron, Security Awareness Advocate, and Jack Chapman, SVP of Threat Intelligence, will reveal powerful findings from our 2025 phishing research, including which industries face the highest risks and how cybercriminals are reviving old threats with dangerous new techniques.

They'll share insights, including:

• The sneaky tricks cybercriminals use to evade detection by SEGs and native security
• Latest insights on how AI is transforming the phishing landscape (and how you can fight fire with fire!)
• Detailed industry risk profiles—and whether yours is vulnerable
• The shocking reasons your employees are more vulnerable than ever in 2025
• Battle-tested strategies to fortify your human firewall against these evolving threats

Don't become another phishing statistic! Join us to learn how to transform your organization from easy prey into an impenetrable fortress, and earn CPE for attending!

Date/Time: Wednesday, June 11, @ 2:00 PM (ET)

Save My Spot:
https://info.knowbe4.com/pib-webinar-2025?partnerref=CHN

Scammers Exploit Uncertainty Surrounding U.S. Tariffs

Cybersecurity experts are warning that scammers are taking advantage of uncertainty surrounding the U.S. administration's tariff policies, CNBC reports.

Fraudsters may send texts or emails posing as retailers, delivery companies or government agencies, requesting tariff-related payments for purchases and deliveries.

James Lee, president of the Identity Theft Resource Center, noted that scammers frequently take advantage of new government policies to launch phishing attacks. In this case, Lee says the crooks "will use the fact that people don't know a lot about tariffs."

Researchers at BforeAI observed over 300 tariff-themed potential phishing sites during the first three months of 2025.

"PreCrime Labs analysis projects additional increases in domain registrations as the fallout from these political actions gains momentum," the researchers wrote. "This presents various avenues for exploitation, such as the rise of fraudulent businesses providing tariff-related services or educational resources on the new legislation.

"Therefore, it is strongly recommended that users thoroughly inspect newly formed consultancies, agencies, and cryptocurrency coins before engaging with them, as they may be designed to harvest personal information, further trapping users in financial scams."

Theresa Payton, CEO of Fortalice Solutions, told CNBC that users should be wary of emails, texts or social media ads that convey a sense of urgency related to tariff payments. Additionally, users should be on the lookout for phishing sites that impersonate retailers or government agencies.

Another red flag is a lack of transparency, according to Payton. Legitimate sellers will clearly label tariff-related fees.

New-school security awareness training can enable your employees to keep up with the evolving threat landscape. KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

Blog post with links:
https://blog.knowbe4.com/scammers-exploit-uncertainty-surrounding-us-tariffs

[Whitepaper]: Overcoming the Phishing Tsunami: A Game-Changing Strategy for Stopping Phishing

Phishing attacks often feel like an unrelenting tsunami, flooding your organization with a never-ending deluge of threats.

Traditional methods for analyzing and mitigating phishing attacks are manual, repetitive and error-prone. These workflows slow the speed at which you can mitigate a spear-phishing attack and increase the risk that phishing presents to your organization.

There is a better way. One that shifts the burden off your IT team to a unique, AI-powered system built from the ground up to automate the identification and prioritization of phishing threats and uses crowdsourced threat intelligence to improve accuracy and speed time to mitigation.

Read this whitepaper to learn:

• The five major challenges you'll face when manually reporting, analyzing and mitigating phishing attacks
• How the right SOAR product can provide finely-tuned, automated identification and mitigation of phishing emails
• Why the right SOAR product is crucial to your organization's incident response plan and supercharging your existing email security filters

Download Now:
https://info.knowbe4.com/wp-overcoming-the-phishing-tsunami-chn

Thanks for reading CyberheistNews

You can read CyberheistNews online at our Blog
https://blog.knowbe4.com/cyberheistnews-vol-15-22-if-i-had-only-20-seconds-to-teach-people-how-to-avoid-scams

French Users Targeted by Major Phishing Campaign

Researchers at IBM Security warn that a major phishing campaign is targeting users in France, incorporating leaked personal data to make the emails more convincing. IBM has observed seventeen waves of the campaign since March 2024, and at least 160,000 victims have clicked on the phishing link.

"The phishing emails inform recipients that their Amazon Prime subscription will automatically renew at a cost of 480 Euros per year," IBM explains. "The emails contain personalized information such as the victim's IBAN, BIC, first name, last name, and full address, making the message appear authentic.

"The email includes a 'cancel subscription' button, which links to a convincing replica of the Amazon Prime login page. When users enter their credentials in an attempt to cancel the subscription, their information is captured by the attackers. Some variations of the attack ask for the victims' full credit card information."

The campaign is ongoing and has increased in intensity over the past few weeks. Nearly all the victims are located in France. "At the end of March and early April, the phishing campaigns were already very effective, drawing hundreds or even thousands of victims per hour to malicious sites," the researchers write.

"However, visits to these phishing sites were still sporadic, with large gaps in activity between campaigns. As April 8th approached, we began to observe constant traffic to the phishing sites. Fast forward to the end of April, we began seeing the move to constant hourly traffic.

"The traffic is so predictable during the time period between April 22 and April 24 that the night and day differences can be seen, with spikes in the morning and low traffic at night."

IBM concludes, "This spear phishing campaign illustrates a dangerous evolution in cyber crime, leveraging leaked personal data to increase the efficacy of social engineering tactics. As the digital landscape continues to evolve, it's crucial for both organizations and individuals to stay vigilant and adapt their security measures accordingly."

IBM has the story:
https://www.ibm.com/think/x-force/spear-fishing-campaign-targets-users-in-france

Extortion Gang Targets Law Firms with Social Engineering Attacks

The FBI is warning that the Silent Ransom Group (SRG) is targeting law firms with IT-themed social engineering attacks and callback phishing emails.

SRG is a cybercriminal gang that demands ransoms in exchange for not leaking stolen data. "SRG has been operating since 2022 and has primarily been known for their callback phishing emails, masquerading as well-known businesses who offer subscription plans," the FBI explains. "Typically, SRG phishing emails purport to charge small amounts of 'subscription fees' as they are less likely to generate immediate suspicion.

In order to cancel the fake subscription, the victim is instructed to call the threat actor who emails a link which downloads remote access software giving the actor access to their device or system. Once the actor has established persistent access, the threat actors will seek to identify valuable information to exfiltrate, before sending a ransom notice to the victim threatening to share the victim's data if a ransom is not paid."

The gang recently began impersonating IT departments to target employees, a technique that the FBI says "has been highly effective and resulted in multiple compromises."

"As of March 2025, SRG was observed changing their tactics to calling individuals and posing as an employee from their company's IT department," the Bureau writes. "SRG will then direct the employee to join a remote access session, either through an email sent to them, or navigating to a web page. Once the employee grants access to their device, they are told that work needs to be done overnight."

The FBI offers the following advice to help organizations thwart these attacks:

• "Conduct staff training on resisting phishing attempts
• Develop and communicate policies surrounding when and how company's IT will authenticate themselves with employees
• Maintain regular backups of company data
• Implement two-factor authentication for all employees"

The FBI has the story:
https://www.ic3.gov/CSA/2025/250523.pdf

What KnowBe4 Customers Say

"I wanted to let you know what a positive experience it has been having Eniz as my sales rep and especially Travis as my KnowBe4 customer success / implementation partner.

"Travis is very knowledgeable, flexible and explains everything very clearly. Always keen and ready to help, he's been instrumental in getting my organization launched with your SAT. I appreciate that he understands that given the many demands in a start-upish company.

"Knowing Travis is only an email or call away gives me the confidence that my organization will make the most of the subscription and that we will be well trained.

"I would also like to say that while I haven't yet had the chance to learn all about intricacies of the platform, it does seem impressive and the whole process of responding to my request for a sales call (where I wasn't pushed to some third-party provider and received a demo and had all my questions answered) and getting the signing done with Eniz was great.

"I look forward to working further with Travis and implementing more of your platform and content."

- J.L., Director of Finance

1. New Russian cyberespionage actor targets Europe and the US with spear phishing attacks:
   https://therecord.media/laundry-bear-void-blizzard-russia-hackers-netherlands
2. How Can We Solve the 'Insane' Deepfake Video Problem?:
   https://www.bankinfosecurity.com/blogs/how-we-solve-insane-deepfake-video-problem-p-3877
3. Mandiant flags fake AI video generators laced with malware:
   https://cyberscoop.com/ai-video-generator-malware-mandiant-unc5032-vietnam/
4. Russian Laundry Bear cyberspies linked to Dutch Police hack:
   https://www.bleepingcomputer.com/news/security/russian-void-blizzard-cyberspies-linked-to-dutch-police-breach/
5. Police takes down AVCheck site used by cybercriminals to scan malware:
   https://www.bleepingcomputer.com/news/security/police-takes-down-avcheck-antivirus-site-used-by-cybercriminals/
6. New Browser Exploit Technique Undermines Phishing Detection:
   https://www.infosecurity-magazine.com/news/browser-exploit-technique/
7. Chinese APT41 Exploits Google Calendar for Malware Command-and-Control Operations:
   https://thehackernews.com/2025/05/chinese-apt41-exploits-google-calendar.html
8. More than 90% of top email domains are vulnerable to spoofing:
   https://www.infosecurity-magazine.com/news/infosec2025-email-domains-spoofing/
9. Fake Bitdefender website used to spread infostealer malware:
   https://therecord.media/fake-bitdefender-website-venomrat-infostealer
10. FBI reveals infrastructure and IoCs associated with investment scams:
    https://www.ic3.gov/CSA/2025/250529.pdf

This Week's Links We Like, Tips, Hints and Fun Stuff

• Virtual Vaca #1 - My Trip to Zambia, Victoria Falls & Safari:
  https://youtu.be/81WdRlLAfmw
• Virtual Vaca #2 - Siddhachal Rock-Cut Jain Temple Caves, Gwalior, India:
  https://youtu.be/L2iIMU49UCw
• Virtual Vaca #3 - Best Things to do Outside Colorado Springs with HoverAir:
  https://youtu.be/2nc6YlzD9GI
• Flying through a Waterfall - Wingsuit Base Jump in Switzerland:
  https://youtu.be/TjwpIksRbvo
• LockPickingLawyer picks a Strange Soviet Dual Custody Padlock:
  https://youtu.be/swmBE0SI2Uk
• Top Robotics Highlights at IEEE ICRA 2025:
  https://www.youtube.com/watch?v=uL0TpKLLJeI
• China has held the world's first robot martial arts tournament. What could possibly go wrong?:
  https://youtu.be/3TVDpo8M058
• Meet the ATMO Robot that Transforms in Midair for Ground Mobility:
  https://newatlas.com/robotics/atmo-flying-wheeled-morphing-robot/?
• [CLASSIC] Leap Of Faith: Damien Walters Backflip Over Speeding Formula E Car:
  https://youtu.be/EF9bbY3-lQU
• For Da Kids #1 - Injured Coyote Rescued from the Side of the Road:
  https://youtu.be/jp9iVG0wzNE
• For Da Kids #2 - Man Approaches Trapped Wild Civet:
  https://youtu.be/NC1x7zErrbA
• For Da Kids #3 - Watch Her Go From Stray Cat To Water Glass Princess:
  https://youtu.be/TVIUIv315Is
• For Da Kids #4 - Dog's Hilariously Honest Adoption Post Helps Him Find Forever Home:
  https://youtu.be/q8oc6j3wsRw
• For Da Kids #5 - Horse Had Almost Given Up Until He Found a New Family:
  https://youtu.be/sfsR3t00334