惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Apple Machine Learning Research
Apple Machine Learning Research
AWS News Blog
AWS News Blog
Google DeepMind News
Google DeepMind News
U
Unit 42
博客园 - 叶小钗
博客园 - 聂微东
GbyAI
GbyAI
Stack Overflow Blog
Stack Overflow Blog
有赞技术团队
有赞技术团队
aimingoo的专栏
aimingoo的专栏
D
DataBreaches.Net
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
Jina AI
Jina AI
美团技术团队
The Cloudflare Blog
M
MIT News - Artificial intelligence
Microsoft Azure Blog
Microsoft Azure Blog
I
InfoQ
S
Schneier on Security
C
Check Point Blog
Project Zero
Project Zero
The Hacker News
The Hacker News
Scott Helme
Scott Helme
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
Cisco Talos Blog
Cisco Talos Blog
P
Privacy International News Feed
SecWiki News
SecWiki News
Latest news
Latest news
MongoDB | Blog
MongoDB | Blog
S
Secure Thoughts
Google Online Security Blog
Google Online Security Blog
F
Fortinet All Blogs
博客园 - 三生石上(FineUI控件)
H
Help Net Security
TaoSecurity Blog
TaoSecurity Blog
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
Last Week in AI
Last Week in AI
P
Privacy & Cybersecurity Law Blog
Forbes - Security
Forbes - Security
G
GRAHAM CLULEY
N
Netflix TechBlog - Medium
L
Lohrmann on Cybersecurity
A
About on SuperTechFans
T
The Exploit Database - CXSecurity.com
C
Cisco Blogs
PCI Perspectives
PCI Perspectives
大猫的无限游戏
大猫的无限游戏
T
Troy Hunt's Blog
H
Hacker News: Front Page
Vercel News
Vercel News

Human Risk Management Blog

Trust, Verify, Protect: Modernizing Email Security for the Cloud Report: Social Engineering Remains a Central Part of AI-assisted Attacks ClickFix Social Engineering is Now the Leading Malware Delivery Method CyberheistNews Vol 16 #28 Your 2026 Phishing by Industry Benchmarks: The Findings on Human Risk Scammers Can Use AI Tools to Pinpoint Your Location Based on a Photo Report: Attackers Are Using AI to Automate Social Engineering Your KnowBe4 Fresh Compliance Plus Content Updates from June 2026 From Awareness to Digital Workforce Security Your KnowBe4 Fresh Content Updates from June 2026 Threat Actor Uses Phishing to Breach Orgs for Ransomware Gangs Invoice Phishing Attacks Are Abusing the Shop App Phishing Campaign Impersonates Interpol to Deliver Ransomware Prompt Injection and the Rise of Agentic Risk Hyper-Targeted Social Engineering Needs Real-Time Video Response Your Email is Protected. Is Your Teams Chat? CyberheistNews Vol 16 #27 [HOW TO] Your Cybersecurity Starts at Home on World Social Media Day 2026 Phishing by Industry Benchmarking Report: Findings on Human Risk Static DLP Is Leaving You in the Dark: Why It’s Time for Intelligent, Self-Serve Outbound DLP and Misdirected Content Analysis INC Ransomware Gang Targets the Legal Sector 5 Essential Cybersecurity Defenses for Cloud Email Security Cybercriminals Are Targeting the FIFA World Cup 2026 Why Bite-Sized Security Awareness Training Matters in an Age of TikTok and Digital Distraction Happy 3rd Birthday to Our KnowBe4 Community! Phishing Exposes Employee Data at 86% of Fortune 100 Companies Shadow AI Is Not Shadow IT With a Better Marketing Budget CyberheistNews Vol 16 #26 A New Extortion Scam Uses IT Impersonation to Breach Organizations Cybersecurity Starts At Home This World Social Media Day FTC Report: Americans Lost $3.5 Billion to Imposter Scams Last Year Report: Device Code Phishing is Surging Report: Online Shoppers Increasingly Ignore Scam Warning Signs Security Training Needs Google Maps, Not Christopher Columbus Extortion Gang Sends In-Person Attackers to Exfiltrate Data Attackers aren’t loyal to any collaboration channel CyberheistNews Vol 16 #25 [The AI Tell] How To Expose Machine-Written Phishing Fast Social Engineering Attacks Abuse Workplace Collaboration Tools New Extortion Brand Uses IT Impersonation to Breach Organizations APWG Report: Social Media Phishing is Surging Cybersecurity Awareness Training for AI: Key Focus Areas Americans Lost $900 Million to AI-Powered Scams Last Year What AI Can’t Hide When It Writes a Phishing Email Your AI Agents Are Eager to Please And Easy to Exploit From 1% to 26%: How AIDA Orchestration Fixes the Remedial Training Gap Best AI Agent Security Tools for SMB and Enterprise in 2026 4 Hot Summer Travel Tips To Avoid Scams CyberheistNews Vol 16 #24 [FBI Alert] Lock Down Your Microsoft 365 Device Code Flows Now The Role of Agentic AI in Phishing Security Training A Credit Score for Cyber Behavior Agentic AI Security in 2026: What to Know How to Secure AI Agents: 4 Best Practices An Overview of Email Compliance Regulations and Reporting Report: AI-Assisted Fraud is Surging Attackers Use Spoofed ChatGPT Site to Deliver Malware I Love Device-Bound Session Credentials, But They Are Still Phishable and Hackable Nearly Two-Thirds of CEOs Cite Cyberattacks as Their Top Concern A Look at Spam vs. Phishing: 4 Key Differences KnowBe4 Wins Multiple 2026 TrustRadius Top Rated Awards Cyber Insurance for Mid‑Market Organizations in Southeast Asia KnowBe4 Earns Multiple 2026 Buyer's Choice Awards from TrustRadius The New Frontier: Securing Japan’s Hybrid Digital Workforce (2026 & Beyond) CyberheistNews Vol 16 #23 Now Phishing Attacks Use Real Hotel Reservations to Target Travelers Report: AI-Enabled Social Engineering Attacks Are on the Rise Your KnowBe4 Fresh Compliance Plus Content Updates from May 2026 FBI: Kali365 Phishing Kit is Targeting Microsoft 365 Accounts KB4-CON - AI Is Everything How to Secure AI Adoption In Your Organization Your KnowBe4 Fresh Content Updates from May 2026 The Silent Invitation: A Deep Dive into Calendar Invite Phishing Cyber Insurance for Mid‑Market Organizations in Southeast Asia Chinese-Language Phishing Kits Are Growing More Advanced Phishing Attacks Are Using Real Hotel Reservation Info to Target Travelers Warning: Scammers are Exploiting Geopolitical Unrest Athletes Are Increasingly Targeted by Social Engineering Attacks AI Agent Governance Part 3 - Runtime Governance: The Hidden Performance Cost of Agentic AI AI Agent Governance Part 2 - What Good Looks Like: Governing AI Agents in Practice 8 Ways to Reduce False Positives in Email Security Ransomware Attacks Drive a Surge in Cyber Insurance Claims My Favorite 5 KnowBe4 Agents Perry Carpenter KB4-CON 2026 Q&A: Deepfakes & Deception Free Gift Fallacy: How Attackers Harvest Credit Cards via Fake Surveys When Global Conflict Becomes a Cyber Weapon: How Iran Tensions and Other Stressful Events Fuel Social Engineering Attacks CyberheistNews Vol 16 #21 [Heads Up] GitHub Breach Shows Developer Tools Are Social Engineering Targets Alert: Extortion Groups Are Using Phishing Kits to Automate Their Attacks Beyond the Chatbot: Why Your AI Agents are Your Newest (and Most Vulnerable) Colleagues Report: Adversarial Use of AI is Evolving
Turn Account Takeover Into Real-Time Security Coaching
Stuart Clark · 2026-06-25 · via Human Risk Management Blog

Account takeover is one of the most common ways organizations get breached and one of the hardest to train users on. Not because users don't care, but because usually training happens in unrealistic scenarios, long before or long after the moment it would actually matter.

Here's what most security teams don't realise: if you have KnowBe4’s Real-Time Coaching, SecurityCoach, connected to Microsoft 365, Google Workspace, or your identity provider, you already have everything you need to coach users in the moment an account takeover attempt is happening against them.

How Account Takeover Attacks Unfold.

It usually begins with a phishing email. A user clicks a link, lands on a convincing fake login page, and types in their credentials. Or increasingly they complete MFA perfectly, and an adversary-in-the-middle attack silently steals their session token anyway.

From there, the attacker moves fast:

  • They sign in from a new location or device
  • They create a silent email forwarding rule so every email the user receives, including password reset links, goes to the attacker too
  • They start exploring, escalating, and eventually exfiltrating

The whole chain can unfold in hours. And the user has no idea any of it happened.

Where SecurityCoach Fits In

SecurityCoach monitors the signals your existing security tools are already generating: Microsoft 365, Entra ID, your endpoint protection, and then fires a personalized security tip when something happens that the user needs to know about.

That tip isn't a generic phishing awareness video. It's a short, targeted message about what just happened to them, what it means, and what to do right now.

Here's what that looks like across the account takeover chain:

When a User Clicks a Malicious Link in an Email

Before they've even closed the browser tab, SecurityCoach can reach them: "Did you know? You just clicked a link flagged as malicious. Modern phishing attacks can capture your session even after you've completed MFA. Contact IT security now here's the link."

When a Suspicious Sign-In Appears on Their Account

The morning after an attacker tests stolen credentials, the real user gets a tip: "Did you know? A sign-in to your account was detected from an unexpected location. Here's how to check your active sessions and sign out of any device you don't recognise."

When an Email Forwarding Rule is Created

One of the most reliable post-compromise signals and most users have no idea it's even possible: "Did you know? A forwarding rule was set up on your account that sends your emails to an external address. If you didn't create this rule, your account may be compromised. Here's how to find and delete it right now."

Each of these moments is a coaching opportunity that would never exist in a once-a-year training module. But they happen naturally because the attack is already generating signals in your security stack.

You Probably Already Have What You Need

If your organisation uses Microsoft 365, connecting it to SecurityCoach activates system detection rules covering the full account takeover chain from phishing delivery through to post-compromise persistence.

Add your identity provider Microsoft Entra ID, Okta, or Google IAM and you pick up the sign-in risk signals: impossible travel, logins from malicious IP addresses, anomalous account behaviour.

Most organisations already have these tools. SecurityCoach turns the signals they're already generating into real-time coaching moments their users will actually remember because the training arrives the moment it's relevant.

Getting started

Four steps to put this in place:

  1. Connect Microsoft 365 to the KnowBe4 Platform. Detection rules activate automatically once connected and Risk Score gets augmented with additional data points.
  2. Connect your identity provider. This is where the richest ATO signals live together with Microsoft 365, these integrations cover the full account takeover chain:

Integration

ATO detection rules activated

Microsoft 365

Creation of Email Forwarding or Redirect Rule, Suspicious Email Forwarding Activity, Suspicious Email Sending Patterns Detected, Escalation of Exchange Admin Privilege Detected, Malicious URL Clicks Detected

Microsoft Entra ID

Login from an Unexpected Location, Login from a Malicious IP Address, Unexpected User Behavior Detected, User Credentials Leaked

Microsoft Defender for Cloud Apps

Credentials Leak Detected, Password Spraying Attack Detected, Multiple Failed Login Attempts, Risky Login Detected, Suspicious Inbox Forwarding Detected

Okta

Invalid Credentials, Suspicious Account Activity Detected, Threat Detected

Google Workspace

Account Hijacked, Suspicious Login, Leaked Password, Login Failure, 2-Step Verification Disabled

If you use KnowBe4 PasswordIQ, connecting it surfaces Breached Password Detected, Shared Password Detected, and Weak Password Detected: three credential-exposure signals that fire before an attacker even attempts a login.

  1. Review your Detection Rules report. Once your integrations are connected, this shows you which rules are already firing across your user base, a practical way to prioritise which behaviours to focus your first coaching campaign on.
  2. Create a Real-Time Coaching Campaign. Detection rules log events but don't deliver anything on their own, the campaign is what connects a detected behaviour to a security tip. In the campaign you select which detection rules should trigger coaching, pick a SecurityTip from KnowBe4's pre-built content library (organised by topic, automatically localised to each user's language), and configure delivery method and frequency. You can customize the notification text to match your organisation's voice. Or you can create a custom security tip.

Security awareness works best when it meets users at the point of risk. With SecurityCoach, an account takeover attempt doesn't just become a security incident it becomes the most relevant Real-Time Coaching that a user will ever receive.