CyberheistNews Vol 15 #45 [Under the Radar] Scammers Use Actual Our bodies, Faux Faces in Extortion Scams

[Under the Radar] Scammers Use Actual Our bodies, Faux Faces in Extortion Scams

A research from Malwarebytes has discovered that one in three cell customers has been focused by an extortion rip-off, and one in 5 of those customers has fallen sufferer. Moreover, one in six customers has been focused by sextortion, with a better variety of these assaults (38%) affecting Gen Z customers.

“These customized, high-pressure threats make extortion victims particularly weak, and whereas victims of all cell scams undergo critical emotional, monetary, and useful fallout by the hands of their scammers, extortion victims expertise outsized affect,” Malwarebytes says.

Notably, AI has drastically improved the sophistication of those scams, significantly involving deepfakes in sextortion assaults.

“For victims of AI-driven scams, the fallout is much more excessive: 32% suffered fame harm (vs. 21% for extortion victims total), 29% suffered work or faculty penalties (vs. 11%), 24% had their private data stolen (vs. 14%), and 21% had monetary accounts opened of their identify (vs. 13%), underscoring the specter of these evolving scams,” the researchers write.

Shahak Shalev, Malwarebytes’s International Head of Rip-off and AI Analysis, said, “AI has poured gasoline on extortion scams, making it simpler than ever to focus on individuals with actual or manipulated photos or movies paired with actual details about them from the darkish internet.

“These ruthless scams weaponize disgrace, exploiting our deepest fears to pressure fast selections and quick payouts. I wish to take away the disgrace related to scams and as a substitute encourage individuals to share their tales to assist educate others.

If we are able to take away the stigma and silence round scams, I believe we will help everybody take a step again and pause earlier than performing on certainly one of these threats.”

Over 70,000 organizations worldwide belief the KnowBe4 HRM+ platform to strengthen their safety tradition and cut back human threat.

Weblog publish with hyperlinks:
https://weblog.knowbe4.com/new-study-warns-of-ai-driven-extortion-attacks

[Live Demo] Ridiculously Straightforward AI-Powered Safety Consciousness Coaching and Phishing

Phishing and social engineering stay the #1 cyber risk to your group, with 68% of information breaches attributable to human error. Your safety staff wants a straightforward option to ship customized coaching—that is exactly what our AI Protection Brokers present.

Be a part of us for a demo showcasing KnowBe4’s modern method to human threat administration with agentic AI that delivers customized, related and adaptive safety consciousness coaching with minimal admin effort.

See how simple it’s to coach and phish your customers with KnowBe4’s HRM+ platform:

• SmartRisk Agent™ – Generate actionable knowledge and metrics that will help you decrease your group’s human threat rating
• Template Generator Agent – Create convincing phishing simulations, together with Callback Phishing, that mimic actual threats. The Really helpful Touchdown Pages Agent then suggests acceptable touchdown pages primarily based on AI-generated templates
• Automated Coaching Agent – Mechanically establish high-risk customers and assign customized coaching
• Information Refresher Agent and Coverage Quizzes Agent – Reinforce your safety program and organizational insurance policies.
• Enhanced Government Experiences – Monitor consumer actions, visualize tendencies, obtain widgets, and enhance looking/sorting to supply deeper insights and streamline collaboration

See how these highly effective AI-driven options work collectively to dramatically cut back your group’s threat whereas saving your staff helpful time.

Date/Time: TOMORROW, Wednesday, November 12 @ 2:00 PM (ET)

Save My Spot:
https://information.knowbe4.com/kmsat-demo-2?partnerref=CHN3

Verizon: ‘Human Error is Nonetheless a High Contributor to Cyberattacks.’

Human error stays the first exploitation vector in cell safety incidents, in line with Verizon’s newest Cellular Safety Index (MSI). “At 44%, consumer habits is the highest cited breach contributor, simply forward of app threats, community threats, and web threats, which had been every cited by 43% of survey respondents,” the report says.

“Verizon’s 2025 Information Breach Investigations Report discovered that round 60% of confirmed breaches concerned a human ingredient.”

The report additionally discovered that almost all respondents imagine AI instruments are dramatically enhancing the effectiveness of social engineering assaults concentrating on cell customers.

“AI is reshaping cell threats in ways in which draw concern from organizations surveyed,” the report says. “Of respondents, 34% say they worry that the growing sophistication and scale of AI-powered assaults will considerably increase their publicity, and 38% say ransomware will change into much more harmful when powered by AI.

As well as, 77% of respondents imagine AI-assisted assaults involving deepfakes; AI-generated media that mimic actual individuals to deceive or impersonate them—and brief message service (SMS) textual content phishing are prone to succeed.”

The researchers word that cell units provide risk actors a straightforward avenue for social engineering assaults, since customers usually use their telephones for each work and private issues.

“Cellular units have change into essentially the most direct path between attackers and their victims,” the report says. “All the time on and deeply private, these units provide cybercriminals a wealthy alternative to leverage refined social engineering strategies that conventional safety instruments can’t detect.

“With AI enhancing the effectiveness of smishing, government impersonation, and multifactor authentication (MFA) token theft, people are actually much more prone to those social engineering strategies.”

Combat hearth with hearth. AI-powered safety consciousness coaching can provide your org a vital layer of protection in opposition to social engineering assaults.

Weblog publish with hyperlinks:
https://weblog.knowbe4.com/human-error-is-still-a-top-contributor-to-cyberattacks

Clever E mail Protection: Automate, Remediate and Practice from One Platform

It is not a matter of if however when AI-powered assaults will breach your e mail defenses. Phishing assaults have surged 1,265% since 2022. With 31% of IT groups taking on 5 hours to reply, each delayed minute retains energetic threats in your customers’ inboxes.

Throughout this demo, you may uncover how PhishER Plus will help take management again from rising AI phishing dangers by:

• NEW! Creating customized risk detection guidelines immediately utilizing plain-English descriptions by way of AI-powered automation, no coding required
• Accelerating response instances with AI-powered automation that reduces handbook e mail overview by 85-99%
• Offering complete risk intelligence from a community of 13+ million international customers and third-party integrations
• Eradicating threats mechanically from all mailboxes with PhishRIP earlier than customers can work together with them
• Changing actual assaults into focused coaching alternatives with PhishFlip

Uncover how PhishER Plus combines AI and human intelligence to rework your customers from safety dangers into your most precious defenders.

Date/Time: Wednesday, November 19 @ 2:00 PM (ET)

Save My Spot:
https://information.knowbe4.com/phisher-demo-2?partnerref=CHN

The Fast Development of Malicious AI is Altering Cyberdefense Forevermore

By Roger Grimes

AI maturation is resulting in extra malicious hacking assaults.

Like 1000’s of cybersecurity thought leaders, I have been talking about AI getting used maliciously since OpenAI launched ChatGPT in November 2022. I am removed from alone. Your complete cybersecurity business has been warning about it nonstop. We have recognized that as AI progresses, attackers would use those self same productiveness options, thereby harming us.

Till just some months in the past, once I spoke in regards to the coming wave of AI assaults, I adopted it up with, “Though AI assaults are coming, how you’re prone to be compromised immediately is not going to embrace AI.” I modified that a couple of months in the past, and I now say, “How possible are you to be attacked by AI, and by the tip of 2026, most hacking assaults shall be pushed by AI.”

What modified my thoughts?

AI companies have matured, and hackers have more and more adopted these enhancements into their very own instruments and strategies. At this time, most hacking instruments and phishing kits are incorporating AI. And that AI will enable these hackers to be extra pervasive, quicker and profitable.

Maturity of AI Over Time That Has Allowed Malicious Hacking To Speed up

The maturity of AI has been far quicker than some other industrial revolution. No earlier business transformation has ever been as quick and sweeping. Listed here are the essential enhancements in AI expertise which have allowed malicious hacking to shortly speed up over time.

[CONTINUED] at this weblog publish with hyperlinks:
https://weblog.knowbe4.com/the-rapid-advancement-of-malicious-ai-is-changing-cyberdefense-forevermore

You’re Invited: Comfortable Hour at Microsoft Ignite

Will you be at Microsoft Ignite? Be a part of KnowBe4 for an unique completely satisfied hour gathering at Wine Down SF, positioned simply steps from the Moscone Heart. All you have to do is present up prepared to attach with fellow attendees over nice drinks and good meals.

When: Wednesday, November 19, 7:00 – 9:00 PM PT

The place: Wine Down SF, 685 Folsom St, San Francisco, CA 9410

Be a part of us to:

• Get pleasure from free meals and an open bar with likeminded professionals
• Take a break from demos and periods simply steps from the occasion venue
• Community in a relaxed setting with different IT and cybersecurity professionals

We hope to see you there!

Save Your Spot
https://information.knowbe4.com/knowbe4-happy-hour-at-wine-down-sf

Let’s keep secure on the market.

Heat regards,

Stu Sjouwerman, SACP
Government Chairman
KnowBe4, Inc.

PS: [OCTOBER TOP BLOG POST] Securing the Human-AI Boundary: Why the Way forward for Cybersecurity Should Practice Folks and AI Brokers:
https://weblog.knowbe4.com/securing-the-human-ai-boundary-why-the-future-of-cybersecurity-must-train-people-and-ai-agents

You possibly can learn CyberheistNews on-line at our Weblog
https://weblog.knowbe4.com/cyberheistnews-vol-15-45-under-the-radar-scammers-use-realodies-fake-faces-in-extortion-scams

Microsoft Assist Desk Phishing Try

By Roger Grimes

I acquired this e mail the opposite day to my private e mail account. It’s a “Safety Alert” from “Microsoft Helpdesk.” Oh, my!

Not solely is Microsoft holding 5 emails headed to me, however my “subscription” is expiring on the identical day. The “Unsubscribe” hyperlink was only a graphic, no URL. The URL to the primary button, “Evaluate All Held Messages outcomes” was linked to the next path (proven in weblog)

That’s clearly not Microsoft or microsoft.com. I clicked on it. It took me a URL to that appeared like a reliable CAPTCHA message. I’m not certain if it was “actual” or not, however I answered it. This led to a different faux “CAPTCHA” examine.

I’m not certain why I get this second CAPTCHA examine, nevertheless it was the primary time a phish has requested me to show that I used to be human. Among the programming code appeared to be exploring if I used to be totally patched, nevertheless it was modified quicker than I might get a replica of it, and I used to be not proven it once more once I visited the web site once more.

Answering the second (faux) CAPTCHA took me to the usual faux O365 login to get my 0365 credentials. In the end, this phishing try was principally to steal 0365 credentials, some of the common phishing scams in existence.

I made a decision to jot down about this to share what occurs with a big share of phishing emails, but in addition, no matter phishing checklist I’m on, they seem to know that my non-public e mail area is dealt with by Microsoft 0365 (or it might have been a random phishing connection).

I get so many faux 0365 login phishing emails to my private account that I should be on some phishing checklist that sells or lists this explicit attribute, however I’m simply speculating.

Weblog publish with screenshots:
https://weblog.knowbe4.com/microsoft-help-desk-phish

Phishing Emails Use Invisible Hyphens to Keep away from Detection

A phishing marketing campaign is utilizing invisible characters to evade safety filters, in line with Jan Kopriva on the SANS Web Storm Heart. The emails use smooth hyphens to interrupt up the topic line “Your Password is About to Expire” so the messages aren’t flagged as malicious.

The e-mail shopper would not render the hyphens, nonetheless, so the consumer sees a standard sentence. “Though smooth hyphens aren’t – strictly talking – invisible, Outlook in addition to most different e-mail shoppers do not render them as seen textual content generally,” Kopriva writes.

“The usage of the smooth hyphen character – mixed with splitting the topic into a number of MIME encoded phrases – was clearly supposed as an try at bypassing e-mail filtering mechanisms which are alleged to mechanically detect probably malicious messages.”

Along with the topic line, your complete e mail physique was plagued by these invisible hyphens. Whereas the consumer reads a standard message asking them to reset their password, automated safety techniques will see random letters separated by hyphens.

“[A]lthough the usage of invisible characters in phishing e-mails on the whole (and of the usage of the ‘shy’ character specifically) is sort of widespread with regards to making the contents of e-mail messages much less readable to safety options, it’s fairly uncommon to see it additionally utilized to the topic of a message,” Kopriva says.

If the consumer clicks the hyperlink within the e mail, they will be taken to a phony login web page designed to steal their e mail account credentials. Attackers are at all times on the lookout for methods to bypass technical safety measures with a purpose to goal people straight.

AI-powered safety consciousness coaching offers your group a vital layer of protection in opposition to social engineering assaults. KnowBe4 empowers your workforce to make smarter safety selections on daily basis.

Weblog publish with hyperlinks:
https://weblog.knowbe4.com/phishing-emails-use-invisible-hyphens-to-avoid-detection

What KnowBe4 Clients Say

“Hope all is properly; we’ve been built-in with Defend for some time now and seen some nice success on our finish almost about simulated and actual phishing campaigns. We had sturdy outcomes earlier than the discharge of Defend (about 1.5% click on charge round 2200 customers) and with Defend now in place for all however 2 of our enterprise models, this has steadied at round 0.5% – these clicks coming from the enterprise models that do NOT have Defend.”

– B.Okay., Info Safety Director

“Thanks for reaching out to examine in on how issues are going with the KnowBe4 platform. I am completely satisfied to report that we’re at present glad with the service. The platform has been instrumental in reworking the safety tradition right here, and the lower in our scores is a testomony to its effectiveness. I wish to commend Ryan D., our Buyer Success Supervisor, for his distinctive assist. He has been extremely useful all through our journey with KnowBe4.”

– H.M., UK Cyber Safety Specialist