Monday, January 20, 2025

No, KnowBe4 Is Not Being Exploited


A few of our prospects are reporting “Menace Alerts” from Mimecast stating hackers have exploited KnowBe4 or KnowBe4 domains to ship e mail threats.

That is being despatched to Mimecast prospects and different non-customers who’re members of risk intelligence networks.

Typically, there’s an included hyperlink and it references KnowBe4 together with one other Mimecast competitor. The wording selection of the alert is poor and deceptive.

What they’re referencing is the truth that attackers generally ship phishing emails claiming to be from KnowBe4, normally hoping the potential sufferer clicks on the included malicious hyperlink. The included malicious hyperlink (and sending e mail tackle) will generally embody the phrase ‘knowbe4.com’ someplace in an try to trick the recipient.

No, KnowBe4 Has NOT Been Exploited!

The alert makes use of the phrase “exploiting KnowBe4’s authentic area”. Exploit is a time period generally used to point {that a} vulnerability was discovered and utilized by a hacker. On this case, Mimecast ought to have merely mentioned the attackers have been pretending to be from KnowBe4. It’s a little bit of a stretch to name a phishing e mail an exploitation. In our definition, that’s spoofing, not exploitation. This appears like a novice wrote the alert.

To be clear, in Mimecast’s alert, the domains with the time period Knowbe4 in them should not KnowBe4 domains. They’re easy look-alike “evil-twin” domains the attackers have created to trick unsuspecting potential victims.

We often see pretend KnowBe4 emails despatched as in the event that they have been actually despatched by our actual area (e.g., knowbe4.com), however once more, these are spoof e mail addresses they usually by no means move the conventional e mail checks (e.g., DMARC, SPF, and DKIM). All these messages, utilizing our actual area identify, will fail upon receipt and normally find yourself in folks’s Spam or Spam folders.

If you wish to be taught extra about DMARC, SPF, and DKIM, click on right here

It’s not uncommon for any well-known firm for use in a model impersonation phishing assault. It’s not uncommon for the world’s main human danger administration firm for use in phishing lures. Now we have been for years and think about it a form of badge of honor that hackers suppose we’re widespread sufficient for use in model impersonation. 

Even Mimecast has been the sufferer of brand name impersonation (see an instance under).

However we didn’t put out an “pressing risk alert” and declare Mimecast’s model or domains had been “exploited.” We imagine in honest competitors, and don’t resort to those ways.

Your human danger administration plan ought to embody an efficient safety consciousness coaching part that teaches customers about model impersonation, acknowledge it, and appropriately mitigate and report it.

It’s effectively understood that not each e mail is the place it claims to be from. Actually, we have now constructed a whole business round it.



Related Articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest Articles

PHP Code Snippets Powered By : XYZScripts.com