| Phishing Campaign Attempts to Bypass iOS Protections. [PROOF] Effective Security Awareness Training Really Does Reduce Data Breaches. | |
| CyberheistNews Vol 15 #04 | January 28th, 2025 | |
[HEADS UP] Bad Actors Abuse Google Translate to Craft Phishing Attacks Threat actors are abusing Google Translate's redirect feature to craft phishing links that appear to belong to Google, according to researchers at Abnormal Security. Users are more likely to trust links that end in Google's ".goog" domain, and security filters are less likely to flag these URLs as malicious. "When you enter a URL into Google Translate, it generates a new link, redirecting the user through its platform to the requested page," the researchers explain. "This allows users to seamlessly view translated content from other websites within the familiar Google Translate interface, keeping the user experience consistent. The way Google Translate creates these redirects is simple: it takes the original URL and appends it to a new domain (like translate[.]goog), along with some additional parameters. Unfortunately, this process also opens a door for attackers to exploit this redirection feature for malicious purposes." The researchers note that users can still thwart these attacks if they know what to look for. Even if a URL is hosted on a Google domain, receiving a Google Translate link is unusual and should raise red flags for users who have a healthy sense of suspicion. "Carefully examining URLs is the first line of defense," the researchers conclude. "Always take a moment to review the entire link before clicking, particularly looking out for encoded domains or odd usage of tools like Google Translate within the URL. If something feels off, it's better to err on the side of caution and avoid entering sensitive credentials on sites reached through unexpected redirects. "For organizations, it's important to configure email and web filters to thoroughly analyze full URL paths, including any redirects or encoded domains. Alongside this, invest in consistent employee training to raise awareness about how attackers may leverage trusted platforms, such as Google Translate, to facilitate phishing schemes." Blog post with links:
https://blog.knowbe4.com/threat-actors-abuse-google-translate-to-craft-phishing-links | | | [Live Demo] Ridiculously Easy AI Powered Security Awareness Training and Phishing Phishing and social engineering is the #1 cyber threat to your organization. 68% of all data breaches are caused by human error. Join us for a live demonstration of KnowBe4 in action. See how we safeguard your organization from sophisticated social engineering threats using the most comprehensive human risk management platform. Get a look at THREE NEW FEATURES and see how easy it is to train and phish your users. - NEW! Artificial Intelligence Defense Agents allows you to personalize security training, reduce admin burden and elevate your human risk management strategy
- NEW! SmartRisk Agent provides actionable data and metrics to help you lower your organization's human risk score
- NEW! Individual Leaderboards are a fun way to help increase training engagement by encouraging friendly competition among your users
- Smart Groups allows you to use employees' behavior and user attributes to tailor and automate phishing campaigns, training assignments, remedial learning and reporting
- Full Random Phishing automatically chooses different templates for each user, preventing users from telling each other about an incoming phishing test
Find out how nearly 70,000 organizations have mobilized their end users as their human firewall. Date/Time: Wednesday, February 5, @ 2:00 PM (ET) Save My Spot!
https://info.knowbe4.com/kmsat-demo-2?partnerref=CHN | | | Phishing Campaign Attempts to Bypass iOS Protections An SMS phishing (smishing) campaign is attempting to trick Apple device users into disabling measures designed to protect them against malicious links, BleepingComputer reports. "Apple iMessage automatically disables links in messages received from unknown senders, whether that be an email address or phone number," they explain. "However, Apple told BleepingComputer that if a user replies to that message or adds the sender to their contact list, the links will be enabled....Over the past couple of months, BleepingComputer has seen a surge in smishing attacks that attempt to trick users into replying to a text so that links are enabled again." The messages purport to be routine text notifications, such as package delivery updates or unpaid road toll notices. Unlike past smishing attempts, however, the messages contain instructing users, "Please reply Y, then exit the text message, reopen the text message activation link, or copy the link to Safari browser to open it." If a user follows these instructions, they'll be able to click on the phishing link. "As users have become used to typing STOP, Yes, or NO to confirm appointments or opt out of text messages, the threat actors are hoping this familiar act will lead the text recipient to reply to the text and enable the links," BleepingComputer notes. "Doing so will enable the links again and turn off iMessage's built-in phishing protection for this text. Even if a user doesn't click on the now-enabled link, the act of replying tells the threat actor that they now have a target that responds to phishing texts, making them a bigger target." Blog post with links:
https://blog.knowbe4.com/phishing-campaign-attempts-to-bypass-ios-protections | | | [Free Phish Alert Button] Give Your Employees a Safe Way to Report Phishing Attacks with One Click! Phishing attacks are increasing in sophistication, posing a severe threat to organizations. Users need a consistent process for reporting these emails, and InfoSec teams need one platform to manage the influx of reported emails. KnowBe4's Phish Alert Button (PAB) provides your users a safe way to report email threats to the security team for analysis, and automatically deletes the email from the user's inbox to prevent further exposure. Phish Alert Button Benefits: - Reinforces your organization's security culture
- Users can report suspicious emails with just one click
- Your Incident Response team gets early phishing alerts from users, creating a network of "sensors"
- Email is deleted from the user's inbox to prevent future exposure
- Easy deployment via MSI file for Outlook and G Suite deployment for Gmail (Chrome)
KnowBe4's PAB works across most Outlook and Google workspaces. Outlook users should leverage our new Microsoft Ribbon PAB for a frictionless experience! Get the Phish Alert Button Now:
https://info.knowbe4.com/free-phish-alert-chn | | | [PROOF] Effective Security Awareness Training Really Does Reduce Data Breaches By Roger Grimes In fact, if you add up all other causes for successful cyberattacks together, they do not come close to equaling the damage done by social engineering and phishing alone. We have previously shown in a white paper entitled, Data Confirms Value of Security Awareness Training and Simulated Phishing that an effective security awareness training (SAT) program including simulated phishing works well to reduce the percentage of people who will inappropriately respond to a simulated phishing exercise (what we call the Phish-prone PercentageTM or PPP), and that the more often SAT and simulated phishing are performed within an organization, the lower the PPP. We also have data, shown below, that proves that organizations that have a good SAT program (including frequent simulated phishing campaigns) significantly reduce real human risk and have fewer real-world compromises. And the more often you train and conduct simulated phishing campaigns, the lower the real human risk is. Note: KnowBe4 considers a good SAT program to include at least quarterly training and simulated phishing tests, although even more frequent training and simulated phishing are demonstrated to provide even more risk reduction. We consider an effective SAT program to be one where training is done at least monthly with simulated phishing campaigns done at least monthly as well, if not more frequently. The NEW Effective Security Awareness Training Really Does Reduce Breaches paper can be downloaded at this blog post. Blog post with links:
https://blog.knowbe4.com/effective-security-awareness-training-really-does-reduce-breaches | | | 10 Tips to Run a Successful Compliance Training Program Has compliance training been a continuous challenge to get right? You're not alone. Many organizations have struggled with implementing compliance training that is effective, easy to deliver and something that their users get excited about. In our whitepaper, KnowBe4 Chief Learning Officer John Just shares his top 10 tips to make compliance training easier for you and more effective for your organization. In this whitepaper you'll learn: - Common obstacles organizations run into with compliance training programs
- Ten tips you can apply to get the most out of your program
- Strategies your peers have implemented to improve their compliance training
Find out how to keep your users on their toes with compliance, risk and workplace safety top of mind! Download Now:
https://info.knowbe4.com/wp-10-tips-successful-compliance-training-program-chn
Let's stay safe out there. Warm regards,
Stu Sjouwerman, SACP
Founder and CEO
KnowBe4, Inc. PS: First Ever Magic Quadrant™ for Email Security Platforms by Gartner®:
https://blog.knowbe4.com/first-ever-magic-quadrant-for-email-security-platforms-by-gartner | | "The greatest discovery of my generation is that a human being can alter his life by altering his attitudes."
- William James - Philosopher (1842 - 1910) |
"Nobody can give you wiser advice than yourself."
- Marcus Tullius Cicero - Orator and Statesman (106 - 43 BC) |
| Thanks for reading CyberheistNews You can read CyberheistNews online at our Blog
https://blog.knowbe4.com/cyberheistnews-vol-15-04-heads-up-bad-actors-abuse-google-translate-to-craft-phishing-attacks | | | Phishing is the Top Security Threat For Smartphone Users Phishing attacks are the most common security issue for smartphone users, according to a new study by Omdia. The survey found that nearly a quarter (24%) of respondents have fallen victim to a mobile phishing attack. The second most common mobile threat was malware, which is usually delivered via social engineering. The researchers note that phishing attacks reached all the smartphones assessed in the study, regardless of vendor. "In Omdia's recent assessment of leading premium smartphones, Google's Pixel 9 Pro and Samsung's Galaxy S24 outperformed Apple's iPhone 16 Pro and other Android-based devices, including the OnePlus 12, Xiaomi 14, and Honor Magic 6 Pro," the researchers write. "Anti-phishing protection proved to be a weak spot across all devices, as none successfully intercepted all phishing texts, calls and emails." Hollie Hennessy, Principal Analyst at Omdia, added that increased awareness is necessary to help users avoid falling for phishing attacks that bypass technical defenses. "Despite the latest protections in place by some manufacturers, it is difficult to protect 100% against phishing attempts, highlighting the severity of the issue and potential impact to consumers," Hennessy explained. "That said, smartphone manufacturers can (demonstrated by the more advanced phishing protection capabilities available) and should have a better baseline of phishing protection – such as voice call protection, and all Android devices making use of Google's Safe Browsing protections. "This needs to be paired with awareness activity from manufacturers and the wider industry to help consumers be vigilant and prepared." New-school security awareness training give your organization an essential layer of defense against phishing and other social engineering attacks. KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk. Blog post with links:
https://blog.knowbe4.com/phishing-is-the-top-security-threat-for-smartphone-users | | | [INFOGRAPHIC] 4 Ways to Mature Your Human Risk Management Program Human risk management (HRM) is now the primary approach to addressing the ongoing need for strong security cultures in organizations of all sizes. HRM focuses on more than just security awareness training (SAT) delivered at regular intervals. The goal is a positive security culture through: - Human risk assessment
- Tailored and relevant training
- Ongoing education on pertinent risks
Introducing KnowBe4 AIDA — Artificial Intelligence Defense Agents. AIDA is a suite of AI-powered agents that up-levels your HRM approach by leveraging multiple AI technologies to create personalized, adaptive and highly effective user training that actually changes behavior. Learn more about how AIDA can improve your HRM game with this infographic. Download full PDF from the blog:
https://blog.knowbe4.com/4-ways-to-mature-your-human-risk-management-program | | | What KnowBe4 Customers Say "Hello Ryan and Stu, I hope that you are well. Sonya A. is an absolute Rockstar in her knowledge and understanding of the KnowBe4 interface. Starting with my first meeting with her, she demonstrated a deep understanding of the product and a genuine eagerness to help us. She demonstrated features of KnowBe4 that I hadn't even discovered yet. She set it all up and now my users are much more engaged and the failure rates for all of my users have decreased dramatically. I even received compliments on the training mandated. You have a real gem in Sonya and a massive advocate for your product who displays deep understanding of your product and a genuine desire to help others." - K.M., IT Manager | | | The 10 Interesting News Items This Week | | | This Week's Links We Like, Tips, Hints and Fun Stuff | | | Copyright © 2014-2025 KnowBe4, Inc. All rights reserved. Privacy | Legal | Terms Unsubscribe Don't like to click? Email opt-out requests should be sent to opt-out@knowbe4.com | | | | |
Sidoarjo Perum Gedangan Indah asri Ketajen Gedangan Harga 300.000.000 mau ?? atau yang ini ajah?? https://rumahdijual.com/kota-lain/...
ARGENT PARC SIDOARJO New Flourishing Sidoarjo ARGENT PARC SIDOARJO Developed by PT Avila Prima Intra Makmur ARGENT PARC S...
Rumah BUMI SUKO INDAH | Click for more Transaksi Jual Rumah BUMI SUKO INDAH cari rumah dekat masjid ? Klik>> https:...
Apakah Anda ingin tahu lebih lanjut tentang Pi Network, Stellar, atau teknologi blockchain secara umum? Ya, ada hubungan yang cukup erat a...
DIJUAL citra harmoni rumah dijual bernuansa Bali di Sidoarjo Ukuran LT 9x18 (162 m2) LB - + 144 m2 ( 2 lantai ) Lantai GRANIT ATAP RAN...
