A creative phishing campaign is found using an email template that pretends to be a reminder to complete security awareness training from a well-known security company. With more awareness, threat actors need very creative baits to trick their target users into providing their login credentials. In this campaign, threat actors send emails that pretend to be from KnowBe4, an email security company which offers phishing training and simulation tests. The email reminds the users to log in and take their phishing training. These emails use the subject “Training Reminder: Due Date” and tell the recipient to log in to their “Security Awareness Training” before it expires within 24 hours. The email also warns that the link will not be on the standard phishing training platform but on an external site. This means, the attackers are trying to trick suspicious users again by making them feel informed. If a user clicks on the URL, they will be brought to a URL using the Russia .ru TLD that asks them to login with their Outlook credentials to supposedly begin the training. Once they login, they will be asked to enter further information such as their username, email, name, birthday, address, and once again, their password.
Now that the attackers have collected both the victim’s email address, password, and personal information, they can use it in further targeted attacks such as BEC scams or to access a victim’s network.