Application security, Threat Management, Malware, Phishing

Phishing campaign spoofs security awareness training notifications

A phishing email attempts to convince employees to click on malicious links in order to complete their security awareness training. (Cofense)

That anti-phishing training email your employees just received may, ironically, actually be a phishing email, according to cyber threat analysts who recently uncovered a security awareness-themed online social engineering campaign.

In a blog post on Wednesday, experts at Cofense reported on a phishing campaign that sends emails purporting to be a notification urging employees to complete their training with cybersecurity awareness company KnowBe4. Clicking on the embedded links, however, takes email recipients to a phishing page designed to steal their Microsoft Outlook credentials and other personal information.

KnowBe4 originally reported on this same scheme in its own blog post earlier this month, noting that the scam "should serve as a reminder that no online company or brand is immune or impervious to being spoofed as part of a malicious email campaign. Online brands, sites, and services are all vulnerable to such attacks, and your users should be completely aware of this phenomenon."

The email warns employees that they have only one day left to complete their training before the program expires. Urgency is often a tool used by social engineers to trick victims into making hasty decisions without thinking about the consequences of their actions. And the fact that the attackers chose a cybersecurity theme is especially deceptive.

The emails also "discourage recipients from browsing directly to legitimate company training pages with the following statement," notes blog post co-authors Max Gannon and Brad Haas, Cofense threat intelligence analysts, by insisting that the training isn't available through the employee portal.

Cofense says the phishing kit is hosted on the domains of at least compromised web sites since mid-April 2020. Several of these sites also were found to have recently hosted a web shell called "Chips L MINI SHELL" that gives attackers the ability to upload and edit files.

So perhaps companies will now have to hold additional security awareness training to warn employees to look out for fake security awareness training.

Bradley Barth

As director of community content at CyberRisk Alliance, Bradley Barth develops content for SC Media online conferences and events, as well as video/multimedia projects. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.