A phishing email attempts to convince employees to click on malicious links in order to complete their security awareness training. (Cofense)That anti-phishing training email your employees just received may, ironically, actually be a phishing email, according to cyber threat analysts who recently uncovered a security awareness-themed online social engineering campaign.In a blog post on Wednesday, experts at Cofense reported on a phishing campaign that sends emails purporting to be a notification urging employees to complete their training with cybersecurity awareness company KnowBe4. Clicking on the embedded links, however, takes email recipients to a phishing page designed to steal their Microsoft Outlook credentials and other personal information.KnowBe4 originally reported on this same scheme in its own blog post earlier this month, noting that the scam "should serve as a reminder that no online company or brand is immune or impervious to being spoofed as part of a malicious email campaign. Online brands, sites, and services are all vulnerable to such attacks, and your users should be completely aware of this phenomenon."
The email warns employees that they have only one day left to complete their training before the program expires. Urgency is often a tool used by social engineers to trick victims into making hasty decisions without thinking about the consequences of their actions. And the fact that the attackers chose a cybersecurity theme is especially deceptive.The emails also "discourage recipients from browsing directly to legitimate company training pages with the following statement," notes blog post co-authors Max Gannon and Brad Haas, Cofense threat intelligence analysts, by insisting that the training isn't available through the employee portal.Cofense says the phishing kit is hosted on the domains of at least compromised web sites since mid-April 2020. Several of these sites also were found to have recently hosted a web shell called "Chips L MINI SHELL" that gives attackers the ability to upload and edit files.So perhaps companies will now have to hold additional security awareness training to warn employees to look out for fake security awareness training.
An In-Depth Guide to Application Security
Get essential knowledge and practical strategies to fortify your applications.
As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.
GitHub Action attack initially set sights on Coinbase Cybersecurity Dive reports that major U.S. cryptocurrency exchange Coinbase was disclosed by Palo Alto Networks Unit 42 and Wiz researchers to have been originally targeted by the supply chain compromise that was eventually aimed at the GitHub Action tj-actions/changed-files, tracked as CVE-2025-30066.
While nearly a third of such attempts involved vulnerability checks and system reconnaissance commands, almost 5% of the attacks have been launched to facilitate XMRig cryptocurrency miner delivery.
