CyberheistNews Vol 15 #45 [Under the Radar] Scammers Use Real Bodies, Fake Faces in Extortion Scams

[Under the Radar] Scammers Use Real Bodies, Fake Faces in Extortion Scams

A study from Malwarebytes has found that one in three mobile users has been targeted by an extortion scam, and one in five of these users has fallen victim. Additionally, one in six users has been targeted by sextortion, with a higher number of these attacks (38%) affecting Gen Z users.

“These personalized, high-pressure threats make extortion victims especially vulnerable, and while victims of all mobile scams suffer serious emotional, financial, and functional fallout at the hands of their scammers, extortion victims experience outsized impact,” Malwarebytes says.

Notably, AI has drastically improved the sophistication of these scams, particularly involving deepfakes in sextortion attacks.

“For victims of AI-driven scams, the fallout is even more extreme: 32% suffered reputation damage (vs. 21% for extortion victims overall), 29% suffered work or school consequences (vs. 11%), 24% had their personal information stolen (vs. 14%), and 21% had financial accounts opened in their name (vs. 13%), underscoring the threat of these evolving scams,” the researchers write.

Shahak Shalev, Malwarebytes’s Global Head of Scam and AI Research, stated, “AI has poured gasoline on extortion scams, making it easier than ever to target people with real or manipulated images or videos paired with real information about them from the dark web.

“These ruthless scams weaponize shame, exploiting our deepest fears to force quick decisions and fast payouts. I want to remove the shame associated with scams and instead encourage people to share their stories to help educate others.

If we can remove the stigma and silence around scams, I think we can help everyone take a step back and pause before acting on one of these threats.”

Over 70,000 organizations worldwide trust the KnowBe4 HRM+ platform to strengthen their security culture and reduce human risk.

Blog post with links:
https://blog.knowbe4.com/new-study-warns-of-ai-driven-extortion-attacks

[Live Demo] Ridiculously Easy AI-Powered Security Awareness Training and Phishing

Phishing and social engineering remain the #1 cyber threat to your organization, with 68% of data breaches caused by human error. Your security team needs an easy way to deliver personalized training—this is precisely what our AI Defense Agents provide.

Join us for a demo showcasing KnowBe4’s leading-edge approach to human risk management with agentic AI that delivers personalized, relevant and adaptive security awareness training with minimal admin effort.

See how easy it is to train and phish your users with KnowBe4’s HRM+ platform:

• SmartRisk Agent™ – Generate actionable data and metrics to help you lower your organization’s human risk score
• Template Generator Agent – Create convincing phishing simulations, including Callback Phishing, that mimic real threats. The Recommended Landing Pages Agent then suggests appropriate landing pages based on AI-generated templates
• Automated Training Agent – Automatically identify high-risk users and assign personalized training
• Knowledge Refresher Agent and Policy Quizzes Agent – Reinforce your security program and organizational policies.
• Enhanced Executive Reports – Track user activities, visualize trends, download widgets, and improve searching/sorting to provide deeper insights and streamline collaboration

See how these powerful AI-driven features work together to dramatically reduce your organization’s risk while saving your team valuable time.

Date/Time: TOMORROW, Wednesday, November 12 @ 2:00 PM (ET)

Save My Spot:
https://info.knowbe4.com/kmsat-demo-2?partnerref=CHN3

Verizon: ‘Human Error is Still a Top Contributor to Cyberattacks.’

Human error remains the primary exploitation vector in mobile security incidents, according to Verizon’s latest Mobile Security Index (MSI). “At 44%, user behavior is the top cited breach contributor, just ahead of app threats, network threats, and internet threats, which were each cited by 43% of survey respondents,” the report says.

“Verizon’s 2025 Data Breach Investigations Report found that around 60% of confirmed breaches involved a human element.”

The report also found that most respondents believe AI tools are dramatically improving the effectiveness of social engineering attacks targeting mobile users.

“AI is reshaping mobile threats in ways that draw concern from organizations surveyed,” the report says. “Of respondents, 34% say they fear that the increasing sophistication and scale of AI-powered attacks will significantly raise their exposure, and 38% say ransomware will become even more dangerous when powered by AI.

In addition, 77% of respondents believe AI-assisted attacks involving deepfakes; AI-generated media that mimic real people to deceive or impersonate them—and short message service (SMS) text phishing are likely to succeed.”

The researchers note that mobile devices offer threat actors an easy avenue for social engineering attacks, since users often use their phones for both work and personal matters.

“Mobile devices have become the most direct path between attackers and their victims,” the report says. “Always on and deeply personal, these devices offer cybercriminals a rich opportunity to leverage sophisticated social engineering techniques that traditional security tools cannot detect.

“With AI enhancing the effectiveness of smishing, executive impersonation, and multifactor authentication (MFA) token theft, individuals are now even more susceptible to these social engineering techniques.”

Fight fire with fire. AI-powered security awareness training can give your org an essential layer of defense against social engineering attacks.

Blog post with links:
https://blog.knowbe4.com/human-error-is-still-a-top-contributor-to-cyberattacks

Intelligent Email Defense: Automate, Remediate and Train from One Platform

It’s not a matter of if but when AI-powered attacks will breach your email defenses. Phishing attacks have surged 1,265% since 2022. With 31% of IT teams taking over 5 hours to respond, every delayed minute keeps active threats in your users’ inboxes.

During this demo, you’ll discover how PhishER Plus can help take control back from rising AI phishing risks by:

• NEW! Creating custom threat detection rules instantly using plain-English descriptions through AI-powered automation, no coding required
• Accelerating response times with AI-powered automation that reduces manual email review by 85-99%
• Providing comprehensive threat intelligence from a network of 13+ million global users and third-party integrations
• Removing threats automatically from all mailboxes with PhishRIP before users can interact with them
• Converting real attacks into targeted training opportunities with PhishFlip

Discover how PhishER Plus combines AI and human intelligence to transform your users from security risks into your most valuable defenders.

Date/Time: Wednesday, November 19 @ 2:00 PM (ET)

Save My Spot:
https://info.knowbe4.com/phisher-demo-2?partnerref=CHN

The Rapid Advancement of Malicious AI is Changing Cyberdefense Forevermore

By Roger Grimes

AI maturation is leading to more malicious hacking attacks.

Like thousands of cybersecurity thought leaders, I’ve been speaking about AI being used maliciously since OpenAI released ChatGPT in November 2022. I’m far from alone. The entire cybersecurity industry has been warning about it nonstop. We’ve known that as AI progresses, attackers would use those same productivity features, thereby harming us.

Until just a few months ago, when I spoke about the coming wave of AI attacks, I followed it up with, “Although AI attacks are coming, how you are likely to be compromised today will not include AI.” I changed that a few months ago, and I now say, “How likely are you to be attacked by AI, and by the end of 2026, most hacking attacks will be driven by AI.”

What changed my mind?

AI services have matured, and hackers have increasingly adopted those improvements into their own tools and methods. Today, most hacking tools and phishing kits are incorporating AI. And that AI will allow those hackers to be more pervasive, faster and successful.

Maturity of AI Over Time That Has Allowed Malicious Hacking To Accelerate

The maturity of AI has been far faster than any other industrial revolution. No previous industry transformation has ever been as fast and sweeping. Here are the crucial improvements in AI technology that have allowed malicious hacking to quickly accelerate over time.

[CONTINUED] at this blog post with links:
https://blog.knowbe4.com/the-rapid-advancement-of-malicious-ai-is-changing-cyberdefense-forevermore

You’re Invited: Happy Hour at Microsoft Ignite

Will you be at Microsoft Ignite? Join KnowBe4 for an exclusive happy hour gathering at Wine Down SF, located just steps from the Moscone Center. All you need to do is show up ready to connect with fellow attendees over great drinks and good food.

When: Wednesday, November 19, 7:00 – 9:00 PM PT

Where: Wine Down SF, 685 Folsom St, San Francisco, CA 9410

Join us to:

• Enjoy free food and an open bar with likeminded professionals
• Take a break from demos and sessions just steps from the event venue
• Network in a relaxed environment with other IT and cybersecurity professionals

We hope to see you there!

Save Your Spot
https://info.knowbe4.com/knowbe4-happy-hour-at-wine-down-sf

Let’s stay safe out there.

Warm regards,

Stu Sjouwerman, SACP
Executive Chairman
KnowBe4, Inc.

PS: [OCTOBER TOP BLOG POST] Securing the Human-AI Boundary: Why the Future of Cybersecurity Must Train People and AI Agents:
https://blog.knowbe4.com/securing-the-human-ai-boundary-why-the-future-of-cybersecurity-must-train-people-and-ai-agents

You can read CyberheistNews online at our Blog
https://blog.knowbe4.com/cyberheistnews-vol-15-45-under-the-radar-scammers-use-realodies-fake-faces-in-extortion-scams

Microsoft Help Desk Phishing Attempt

By Roger Grimes

I received this email the other day to my personal email account. It is a “Security Alert” from “Microsoft Helpdesk.” Oh, my!

Not only is Microsoft holding five emails headed to me, but my “subscription” is expiring on the same day. The “Unsubscribe” link was just a graphic, no URL. The URL to the main button, “Review All Held Messages results” was linked to the following path (shown in blog)

That is clearly not Microsoft or microsoft.com. I clicked on it. It took me a URL to that looked like a legitimate CAPTCHA message. I am not sure if it was “real” or not, but I answered it. This led to another fake “CAPTCHA” check.

I am not sure why I am getting this second CAPTCHA check, but it was the first time a phish has asked me to prove that I was human. Some of the programming code seemed to be exploring if I was fully patched, but it was changed faster than I could get a copy of it, and I was not shown it again when I visited the website again.

Answering the second (fake) CAPTCHA took me to the standard fake O365 login to get my 0365 credentials. Ultimately, this phishing attempt was mostly to steal 0365 credentials, one of the most popular phishing scams in existence.

I decided to write about this to share what happens with a large percentage of phishing emails, but also, whatever phishing list I am on, they appear to know that my private email domain is handled by Microsoft 0365 (or it could have been a random phishing connection).

I get so many fake 0365 login phishing emails to my personal account that I must be on some phishing list that sells or lists this particular attribute, but I am just speculating.

Blog post with screenshots:
https://blog.knowbe4.com/microsoft-help-desk-phish

Phishing Emails Use Invisible Hyphens to Avoid Detection

A phishing campaign is using invisible characters to evade security filters, according to Jan Kopriva at the SANS Internet Storm Center. The emails use soft hyphens to break up the subject line “Your Password is About to Expire” so the messages aren’t flagged as malicious.

The email client doesn’t render the hyphens, however, so the user sees a normal sentence. “Although soft hyphens aren’t – strictly speaking – invisible, Outlook as well as most other e-mail clients don’t render them as visible text in most cases,” Kopriva writes.

“The use of the soft hyphen character – combined with splitting the subject into multiple MIME encoded words – was clearly intended as an attempt at bypassing e-mail filtering mechanisms that are supposed to automatically detect potentially malicious messages.”

In addition to the subject line, the entire email body was littered with these invisible hyphens. While the user reads a normal message asking them to reset their password, automated security systems will see random letters separated by hyphens.

“[A]lthough the use of invisible characters in phishing e-mails in general (and of the use of the ‘shy’ character in particular) is quite common when it comes to making the contents of e-mail messages less readable to security solutions, it is quite unusual to see it also applied to the subject of a message,” Kopriva says.

If the user clicks the link in the email, they’ll be taken to a phony login page designed to steal their email account credentials. Attackers are always looking for ways to bypass technical security measures in order to target humans directly.

AI-powered security awareness training gives your organization an essential layer of defense against social engineering attacks. KnowBe4 empowers your workforce to make smarter security decisions every day.

Blog post with links:
https://blog.knowbe4.com/phishing-emails-use-invisible-hyphens-to-avoid-detection

What KnowBe4 Customers Say

“Hope all is well; we’ve been integrated with Defend for a while now and seen some great success on our end with regards to simulated and real phishing campaigns. We had strong results before the release of Defend (about 1.5% click rate around 2200 users) and with Defend now in place for all but 2 of our business units, this has steadied at around 0.5% – those clicks coming from the business units that do NOT have Defend.”

– B.K., Information Security Director

“Thank you for reaching out to check in on how things are going with the KnowBe4 platform. I’m happy to report that we are currently satisfied with the service. The platform has been instrumental in transforming the security culture here, and the decrease in our scores is a testament to its effectiveness. I would like to commend Ryan D., our Customer Success Manager, for his exceptional support. He has been incredibly helpful throughout our journey with KnowBe4.”

– H.M., UK Cyber Security Specialist