A few of our prospects are reporting “Risk Alerts” from Mimecast stating hackers have exploited KnowBe4 or KnowBe4 domains to ship e mail threats.
That is being despatched to Mimecast prospects and different non-customers who’re members of risk intelligence networks.
Generally, there’s an included hyperlink and it references KnowBe4 together with one other Mimecast competitor. The wording selection of the alert is poor and deceptive.
What they’re referencing is the truth that attackers generally ship phishing emails claiming to be from KnowBe4, normally hoping the potential sufferer clicks on the included malicious hyperlink. The included malicious hyperlink (and sending e mail handle) will generally embrace the phrase ‘knowbe4.com’ someplace in an try and trick the recipient.
No, KnowBe4 Has NOT Been Exploited!
The alert makes use of the phrase “exploiting KnowBe4’s respectable area”. Exploit is a time period generally used to point {that a} vulnerability was discovered and utilized by a hacker. On this case, Mimecast ought to have merely mentioned the attackers had been pretending to be from KnowBe4. It’s a little bit of a stretch to name a phishing e mail an exploitation. In our definition, that’s spoofing, not exploitation. This appears to be like like a novice wrote the alert.
To be clear, in Mimecast’s alert, the domains with the time period Knowbe4 in them will not be KnowBe4 domains. They’re easy look-alike “evil-twin” domains the attackers have created to trick unsuspecting potential victims.
We sometimes see faux KnowBe4 emails despatched as in the event that they had been actually despatched by our actual area (e.g., knowbe4.com), however once more, these are spoof e mail addresses and so they by no means move the conventional e mail checks (e.g., DMARC, SPF, and DKIM). These kinds of messages, utilizing our actual area identify, will fail upon receipt and normally find yourself in folks’s Spam or Unsolicited mail folders.
If you wish to study extra about DMARC, SPF, and DKIM, click on right here.
It’s not uncommon for any well-known firm for use in a model impersonation phishing assault. It’s not uncommon for the world’s main human threat administration firm for use in phishing lures. We’ve got been for years and contemplate it a kind of badge of honor that hackers assume we’re fashionable sufficient for use in model impersonation.
Even Mimecast has been the sufferer of brand name impersonation (see an instance under).
However we didn’t put out an “pressing risk alert” and declare Mimecast’s model or domains had been “exploited.” We consider in honest competitors, and don’t resort to those techniques.
Your human threat administration plan ought to embrace an efficient safety consciousness coaching element that teaches customers about model impersonation, find out how to acknowledge it, and find out how to appropriately mitigate and report it.
It’s properly understood that not each e mail is the place it claims to be from. In actual fact, we’ve got constructed a complete trade round it.