Key Takeaways from the KnowBe4 2025 Phishing Risk Tendencies Report

Our newest Phishing Risk Tendencies Report explores the evolving phishing panorama in 2025, from renewed techniques to rising assault strategies.

Ransomware could also be an “previous” risk, however new techniques are making individuals extra vulnerable than ever. On this version, we break down a extremely superior assault detected by KnowBe4 Defend that bypassed native safety and a safe e mail gateway (SEG)—and would have been practically unimaginable to cease if launched.

We additionally study how cybercriminals are utilizing AI for polymorphic phishing, infiltrating the hiring course of and evading conventional safety defenses.

Except in any other case cited, all statistics within the report have been generated utilizing information from KnowBe4 Defend, our built-in cloud e mail safety (ICES) answer that detects the complete spectrum of superior phishing assaults.

Learn the complete report which covers the next subjects:

• A Spike in Phishing
• AI-Polymorphic Phishing Campaigns
• Ransomware is As soon as Once more on the Rise
• Cybercriminals are Hijacking the Hiring Course of
• Bypassing Safe Electronic mail Gateways (SEGs)

To seek out out extra in regards to the newest Phishing Risk Tendencies, learn the complete report right here:

Weblog publish with hyperlinks and INFOGRAPHIC:
https://weblog.knowbe4.com/key-takeaways-from-the-2025-phishing-threat-trends-report

Ridiculously Simple AI-Powered Safety Consciousness Coaching and Phishing

Phishing and social engineering is the #1 cyber risk to your group. 68% of all information breaches are brought on by human error.

Be part of us for a reside demonstration of KnowBe4 in motion. See how we safeguard your group from refined social engineering threats utilizing probably the most complete human danger administration platform.

Get a have a look at THREE NEW FEATURES and see how simple it’s to coach and phish your customers.

• NEW! Synthetic Intelligence Protection Brokers lets you personalize safety coaching, cut back admin burden and elevate your human danger administration technique
• NEW! SmartRisk Agent gives actionable information and metrics that can assist you decrease your group’s human danger rating
• NEW! Particular person Leaderboards are a enjoyable method to assist enhance coaching engagement by encouraging pleasant competitors amongst your customers
• Good Teams lets you use workers’ habits and person attributes to tailor and automate phishing campaigns, coaching assignments, remedial studying and reporting
• Full Random Phishing routinely chooses completely different templates for every person, stopping customers from telling one another about an incoming phishing take a look at

Learn the way practically 70,000 organizations have mobilized their finish customers as their human firewall.

Date/Time: Wednesday, April 2, @ 2:00 PM (ET)

Save My Spot:
https://data.knowbe4.com/kmsat-demo-1?partnerref=CHN

Be Vigilant: BEC Assaults Are on the Rise

Enterprise e mail compromise (BEC) assaults rose 13% final month, with the typical requested wire switch rising to $39,315, in line with a brand new report from Fortra.

“The typical quantity requested from BEC wire switch attackers was $39,315 in February in comparison with $24,586 in January 2025, a rise of 60%,” the report says.

“In the course of the month of February, 25% of wire switch BEC assaults requested lower than $10,000, whereas 62% of wire switch BEC assaults requested between $10,000 and $50,000. For the opposite 12% of wire switch BEC assaults, 0% requested between $50,000 and $100,000, and 12% requested greater than $100,000.”

Most of those assaults abused reputable e mail providers, making them extra prone to evade detection by safety filters.

“73% of BEC assaults had been despatched from e mail addresses hosted on free webmail suppliers in comparison with 27% of assaults despatched from maliciously registered domains,” the researchers write. “The proportion of free webmail suppliers used decreased in February in comparison with 72% in January 2025.

“For February 2025, Google was the first webmail supplier utilized by actors to ship BEC campaigns, comprising 76% of the 1,036 free webmail accounts utilized by scammers. Different fashionable webmail suppliers included Microsoft and Verizon Media.”

The researchers warn that risk actors are placing extra effort into preparation in an effort to enhance the probability of a significant payoff. Fortra states, “Risk actors have intensified reconnaissance and profiling efforts, prioritizing bigger monetary targets and leveraging delayed fraud detection to extend operational success.”

KnowBe4 empowers your workforce to make smarter safety selections day by day. Over 70,000 organizations worldwide belief the KnowBe4 platform to strengthen their safety tradition and cut back human danger.

Weblog publish with hyperlinks:
https://weblog.knowbe4.com/be-vigilant-bec-attacks-are-on-the-rise

Meet AIDA: The KnowBe4 Strategy to Human Danger Administration

AI-powered scams are actually dangerously refined, outpacing conventional safety consciousness coaching at each flip.

It is time to combat AI with AI. Meet KnowBe4 AIDA — Synthetic Intelligence Protection Brokers. AIDA transforms your human danger administration method, delivering adaptive, customized coaching that truly modifications habits.

Obtain this whitepaper to discover how AIDA’s capabilities empower you to:

• Automate tailor-made coaching assignments primarily based on roles and danger scores
• Generate reasonable, multi-lingual phishing simulations at scale
• Reinforce studying with AI-powered data refreshers
• Guarantee comprehension of key insurance policies by means of AI-generated quizzes

Get an in-depth have a look at AIDA’s first 4 brokers and preview future brokers that can enable you to construct your workers into an unshakable final line of protection.

Obtain Now:
https://data.knowbe4.com/sources/whitepapers-and-ebooks/meet-aida-knowbe4-human-risk-management-chn

Agentic AI: Why Cyber Defenders Lastly Have the Higher Hand

By Roger Grimes.

My two earlier current postings on AI lined “Agentic AI” and the way that impacts cybersecurity and the eventual emergence of malicious agentic AI malware.

Each of these articles began to the touch on the concept of automated agentic AI defenses. This posting goes into a little bit extra element on what agentic AI defenses may imply.

It begins with agentic AI, which is a group of automated applications (i.e., bots or brokers) working towards a typical purpose. Agentic AI considerably comes out of a machine-learning idea referred to as a Combination of Consultants, which has been round for over 4 a long time.

As a substitute of making a single program that does a bunch of issues, you create a group of separate cooperating specialists who’re extra specialised and higher at what they do.

For a real-world instance allegory, take into consideration how we construct most homes and buildings. One individual often doesn’t do all of it. You will have individuals who do the architecting, surveying, landscaping, creating the inspiration, pouring concrete, increase the picket or metal framing, individuals who put up the partitions, home windows, and roofing. You will have separate individuals who do electrical, plumbing, drywall, flooring and portray.

You often have a normal contractor or development supervisor overseeing the entire thing. Every of those particular person specialists is probably going higher at what they do than if one individual knew and tried to do all of it. There are exceptions, after all, however within the grand scheme of issues, most societies construct their houses and buildings with groups of cooperating laborers who’re every an professional of their discipline.

It’s the similar general idea with agentic AI, however it’s performed utilizing particular person software program parts. Right now’s software program and providers are often made up of 1 central program/service that tries to do all of it. There may very well be dozens to a whole bunch of information supporting that program, however they’re all a part of that program and couldn’t operate standalone. They’re referred to as with one executable launching level. And so they all begin and finish execution primarily based on the general program beginning and stopping.

The way forward for software program and providers is agentic AI — groups of cooperating AI applications. The assorted parts, like constructing subcontractors, are specialists at what they do and may operate standalone. They take enter from the development supervisor (referred to as the orchestrator agent in AI vernacular) and return professional output to realize a typical, bigger purpose.

CONTINUED on the KnowBe4 weblog:
https://weblog.knowbe4.com/emergent-agentic-ai-defense

How Susceptible is Your Community In opposition to Ransomware and Cryptomining Assaults?

Dangerous actors are consistently popping out with new variations of ransomware strains to evade detection. Is your community efficient in blocking ransomware when workers fall for social engineering assaults?

KnowBe4’s Ransomware Simulator “RanSim” offers you a fast have a look at the effectiveness of your present community safety. RanSim will simulate 24 ransomware an infection situations and 1 cryptomining an infection situation to indicate you if a workstation is weak.

This is how RanSim works:

• 100% innocent simulation of actual ransomware and cryptomining infections
• Doesn’t use any of your personal information
• Exams 25 sorts of an infection situations
• Simply obtain the installer and run it
• Ends in a couple of minutes!

That is complimentary and can take you 5 minutes max. RanSim could offer you some insights about your endpoint safety you by no means anticipated!

Obtain RanSim Now!
https://data.knowbe4.com/ransomware-simulator-tool-1chn

Phishing Assaults Abuse Microsoft 365 to Bypass Safety Filters

Risk actors are abusing Microsoft’s infrastructure to launch phishing assaults that may bypass safety measures, in line with researchers at Guardz.

The attackers compromise a number of Microsoft 365 tenants in an effort to generate reputable transaction notifications that comprise phishing messages.

“This assault exploits reputable Microsoft providers to create a trusted supply mechanism for phishing content material, making it troublesome for each technical controls and human recipients to detect,” the researchers write.

“Not like conventional phishing, which depends on lookalike domains or e mail spoofing, this methodology operates fully inside Microsoft’s ecosystem, bypassing safety measures and person skepticism by leveraging native M365 infrastructure to ship phishing lures that seem genuine and mix in seamlessly.”

The attackers use Microsoft 365’s built-in tenant show identify function to show the phishing message slightly than inserting it within the e mail physique. In a single case, for instance, the attackers set the show identify to the next: “(Microsoft Company) Your subscription has been efficiently bought for 689.89 USD utilizing your checking account. For those who didn’t authorize this transaction, please name 1(888) 651-4716 to request a refund.”

The researchers clarify, “The attacker weaponizes the tenant’s group identify discipline to inject a phishing lure straight into the e-mail. As a substitute of embedding malicious hyperlinks, the message instructs victims to name a fraudulent assist quantity, resulting in a social engineering assault designed to lure the sufferer to put in a stealer (malware) / steal monetary info or creds.”

The attackers are utilizing this method to hold out enterprise e mail compromise (BEC) assaults. Guardz notes that for the reason that messages inform the sufferer to name a cellphone quantity, the rip-off is much less prone to be stopped by technical safety measures.

Weblog publish with hyperlinks:
https://weblog.knowbe4.com/phishing-attacks-abuse-microsoft-365-to-bypass-security-filters

Let’s keep secure on the market.

Heat Regards,

Stu Sjouwerman, SACP
Founder and CEO
KnowBe4, Inc.

[BUDGET AMMO #1] How agentic AI will drive the way forward for malware:
https://www.scworld.com/perspective/how-agentic-ai-will-drive-the-future-of-malware

[BUDGET AMMO #2] From comfort to compromise: The rising risk of quishing scams:
https://www.fastcompany.com/91302057/from-convenience-to-compromise-the-rising-threat-of-quishing-scams

[BUDGET AMMO #3] How a Poisonous Work Tradition Can Amplify Safety Threats:
https://www.inc.com/stu-sjouwerman/how-a-toxic-work-culture-can-amplify-security-threats/91164281

You may learn CyberheistNews on-line at our Weblog
https://weblog.knowbe4.com/cyberheistnews-vol-15-12-key-takeaways-from-the-knowbe4-2025-phishing-threat-trends-report

The Cybersecurity Confidence Hole: Are Your Staff as Safe as They Assume?

By Anna Collard

Our current analysis reveals a regarding discrepancy between workers’ confidence of their capability to establish social engineering makes an attempt and their precise vulnerability to those assaults.

Whereas 86% of respondents consider they’ll confidently establish phishing emails, practically half have fallen for scams prior to now. This disconnect between perceived competence and demonstrated vulnerability, the “confidence hole,” poses a considerable danger to organizations.

The Hazard of Overconfidence

The survey analysis, titled “Safety Approaches Across the Globe: The Confidence Hole,” surveyed 12,037 professionals throughout the UK, USA, Germany, France, Netherlands and South Africa. It discovered that South Africa leads in each excessive confidence and excessive rip-off victimization charges.

That is according to our current Africa Cybersecurity Consciousness 2025 survey which revealed that whereas 83% of African respondents are assured of their capability to acknowledge cyber threats, greater than half (53%) don’t perceive what ransomware is and 35% have misplaced cash to scams.

These figures recommend that the Dunning-Kruger impact, which is a cognitive bias the place individuals overestimate their capability, is alive and nicely in cybersecurity. Overconfidence can create a false sense of safety, making workers extra vulnerable to superior cyber threats.

Key Findings

• 86% of workers consider they’ll confidently establish phishing emails
• 24% have fallen for phishing assaults
• 12% have been tricked by deepfake scams
• 68% of South African respondents reported falling for scams—the best victimization fee

Past Coaching: Fostering a Safety Tradition

The report highlights the significance of fostering a clear safety tradition. Whereas 56% of workers really feel “very comfy” reporting safety issues, 1 in 10 nonetheless hesitate as a result of concern or uncertainty. Curiously, South Africans felt most comfy: 97% of South African respondents expressed some stage of consolation in reporting their issues, displaying a stage of belief of their safety organizations.

Overconfidence fosters a harmful blind spot—workers assume they’re scam-savvy when, in actuality, cybercriminals can exploit greater than 30 susceptibility elements, together with psychological and cognitive biases, situational consciousness gaps, behavioral tendencies and even demographic traits.

Leverage the “Prevalence Impact”

To fight the overconfidence lure in cybersecurity consciousness, organizations ought to leverage the “prevalence impact” by sustaining a gentle and significant publicity to phishing simulations. The prevalence impact is predicated on analysis which signifies that when phishing makes an attempt are uncommon, customers develop into much less adept at recognizing them, resulting in decreased detection capability.

By often exposing customers to simulated phishing assaults, organizations can improve detection expertise, reinforce vigilance and mitigate the dangers related to overconfidence of their capability to identify threats.

To fight this, organizations want:

• Palms-on, scenario-based coaching: To counteract misplaced confidence
• Steady training: To maintain up with evolving cyber threats
• Prevalence impact: Expose customers to phishing simulation assessments as often as doable
• Foster an adaptive safety mindset: To reply successfully to new threats

The Backside Line

The survey findings emphasize the vital want for efficient human danger administration. Personalised, related and adaptive coaching that caters to workers’ particular person wants must be carried out whereas additionally contemplating regional influences and evolving cyber techniques. Within the battle towards digital deception, probably the most harmful mistake workers could make is assuming they’re immune.

“Safety Approaches Across the Globe: The Confidence Hole,” is on the market for obtain on the KnowBe4 weblog:
https://weblog.knowbe4.com/the-cybersecurity-confidence-gap-are-your-employees-as-secure-as-they-think

A whole lot of Malicious Android Apps Acquired 60 Million Downloads

Bitdefender warns {that a} main advert fraud marketing campaign within the Google Play Retailer resulted in additional than 60 million downloads of malicious apps.

The attackers managed to position at the least 331 malicious apps within the Play Retailer. Along with displaying full-screen adverts, among the apps additionally directed customers to phishing websites designed to reap their credentials.

“Most functions first grew to become lively on Google Play in Q3 2024,” Bitdefender says. “After additional evaluation, we noticed that older ones that had been revealed earlier had been initially benign and didn’t comprise malware parts. The malicious habits was added afterward, beginning with variations from the start of Q3.

“To be clear, that is an lively marketing campaign. The most recent malware revealed within the Google Play Retailer went reside within the first week of March, 2025. After we completed the investigation, per week later, 15 functions had been nonetheless obtainable for obtain on Google Play.”

The apps posed as fashionable utility providers, corresponding to QR scanners, funds planners, well being apps and lots of others. “One approach to hold a malicious app hidden from the person is to cover the icon – a habits that’s now not allowed within the Android OS,” the researchers write.

“We discover that attackers used a number of approaches to unravel this downside. The most well-liked and fascinating one can be probably probably the most environment friendly. The app comes with the Launcher Exercise (e.g., that the person sees and clicks on) disabled by default.

“Afterwards, by abusing the startup mechanism offered by the content material supplier, the samples use native code to allow the launcher, which is probably going carried out as an extra approach to evade detection.”

Weblog publish with hyperlinks:
https://weblog.knowbe4.com/hundreds-of-malicious-android-apps-received-60-million-downloads

What KnowBe4 Prospects Say

“Whats up Stu, I’m a really completely satisfied camper — issues are going fairly nicely with our KnowBe4 implementation. Our Buyer Success consultant Aariel F. has been an incredible assist with getting us in control rapidly. We’re seeing very constructive outcomes from our coaching and phishing campaigns.”

– S.Okay., Assist Crew Lead