CyberheistNews Vol 15 #48 [New Deepfake Danger] 1 in 5 Biometric Attacks Are Now AI-Driven

[New Deepfake Danger] 1 in 5 Biometric Attacks Are Now AI-Driven

A new report from Entrust warns of an increase in deepfake attacks, which now account for one in five biometric fraud attempts. Additionally, instances of deepfaked selfies have increased by 58% over the past year.

“This rise in deepfakes is part of a broader trend of increasingly sophisticated injection attacks, which surged 40% year-over-year,” Entrust says.

“Injection attacks enable fraudsters to bypass live capture processes by feeding manipulated images or videos directly into verification systems. When combined with deepfakes, these sophisticated techniques can convincingly mimic users and live capture experiences, making detection difficult without robust, multi-layered fraud prevention.”

The report highlights how these attacks assist in social engineering tactics, particularly during employee onboarding processes.

“Fraud prevention systems are stronger than ever, but people remain the most vulnerable link in the chain,” the researchers write. “In 2025, indicators suggest that social engineering and coercion pose an increasing threat to identity verification during the onboarding process.

“Unlike technical fraud, these attacks manipulate victims into using their own real identity credentials. From phishing emails to romance scams and fake executives, fraudsters exploit human trust in ways that are extremely difficult for technology to block.

Coercion attacks are uniquely difficult to detect because victims use their own genuine documents and biometrics – only under pressure or instruction from someone else.”

The researchers are tracking dozens of organized criminal groups that operate like professional businesses to carry out fraud. Unskilled crooks can also buy platforms designed to automate their attacks.

“Attackers can now purchase ready-made kits, credential dumps, and AI-powered deepfake tools directly through encrypted messaging channels and dark web forums,” the researchers write.

“These platforms have made professional-grade fraud available to anyone with minimal technical skill, fueling a surge in volume and sophistication.”

Blog post with link to the Entrust report:
https://blog.knowbe4.com/report-deepfake-attacks-are-on-the-rise

[Live Demo] Ridiculously Easy AI-Powered Security Awareness Training and Phishing

Phishing and social engineering remain the #1 cyber threat to your organization, with 68% of data breaches caused by human error. Your security team needs an easy way to deliver personalized training—this is precisely what our AI Defense Agents provide.

Join us for a demo showcasing KnowBe4’s leading-edge approach to human risk management with agentic AI that delivers personalized, relevant and adaptive security awareness training with minimal admin effort.

See how easy it is to train and phish your users with KnowBe4’s HRM+ platform:

• SmartRisk Agent™ – Generate actionable data and metrics to help you lower your organization’s human risk score
• Template Generator Agent – Create convincing phishing simulations, including Callback Phishing, that mimic real threats. The Recommended Landing Pages Agent then suggests appropriate landing pages based on AI-generated templates
• Automated Training Agent – Automatically identify high-risk users and assign personalized training
• Knowledge Refresher Agent and Policy Quizzes Agent – Reinforce your security program and organizational policies.
• Enhanced Executive Reports – Track user activities, visualize trends, download widgets and improve searching/sorting to provide deeper insights and streamline collaboration

See how these powerful AI-driven features work together to dramatically reduce your organization’s risk while saving your team valuable time.

Date/Time: TOMORROW, Wednesday, December 3 @ 2:00 PM (ET)

Save My Spot:
https://info.knowbe4.com/ksat-demo-3?partnerref=CHN2

What Happens When Cybercriminals Compromise a Sportswear Giant?

From the KnowBe4 Threat Lab

Between 1:48pm ET on October 29 and 6:53pm ET on October 30, 2025, KnowBe4 threat analysts observed a high volume of phishing emails detected by KnowBe4 Defend that were sent from the legitimate domain of one of the world’s largest sportswear brands.

The phishing campaign showed how quickly attackers can leverage a compromised business email account to send further phishing emails in the hope of finding more victims. With phishing kits, templates and AI at their disposal, attackers have demonstrated how easy it is to develop and spread large phishing campaigns that use polymorphic elements to not only deceive the recipient but also slip past traditional email defenses.

This campaign used a wide variety of social engineering tactics, particularly impersonation, to manipulate its targets, as well as constantly changing the payload itself to bypass signature-based detection.

This example naturally stands out as it’s sent from the compromised (legitimate) domain of one of the world’s largest sportswear brands. While typically they might have more robust defenses in place, these large household names are attractive targets for cybercriminals. Compromising the domain belonging to one of these brands enables attackers to:

• Move laterally within the organization to compromise other systems and data, with potentially lucrative outcomes
• Extend their reach by using the compromised account to send further phishing attacks, socially engineering victims by leveraging the brand’s authority and using their domain to bypass some security measures
• Continue to impersonate the compromised brand even after the incident has ended, using tactics like domain spoofing

As seen in the spate of high-profile attacks against large retailers conducted by Scattered Spider and affiliated gangs, these attacks can be costly for the organization that’s been compromised and lead to impersonation campaigns lasting weeks or, even, months. You can read more about this in our Phishing Threat Trends Report.

Blog post with links:
https://blog.knowbe4.com/what-happens-when-cybercriminals-compromise-a-sportswear-giant

[NEW WEBINAR] AI & Quantum Attacks Exposed: Your Survival Guide for the Next-Gen Threat Era

Two technological forces are converging to reshape cybersecurity forever: AI and quantum computing. Most organizations are dangerously unprepared for what’s coming next.

These aren’t just buzzwords—they’re fundamentally changing how attacks happen, who can launch them, and which defenses will fail under pressure. While most security guidance offers surface-level awareness, attackers are already weaponizing these technologies against specific vulnerabilities in YOUR environment—from social engineering to ransomware to password cracking.

Join Roger A. Grimes, KnowBe4 CISO Advisor, for a no-nonsense deep dive into the specific threats you’re facing and the exact defenses you need now. Roger cuts through the hype to deliver actionable intelligence on how AI and quantum will impact each attack vector in your organization.

Discover:

• What AI actually is (and isn’t) and why that distinction matters for your security strategy
• The real quantum threats emerging now and which defenses become obsolete overnight
• Exactly how AI and quantum amplify social engineering, password cracking, ransomware and vulnerability exploitation against your systems
• How to protect against threats coming from AI and quantum while securing the AI and quantum tools you’re already deploying
• Specific changes to implement in your security program to counter these advanced threats effectively

Stop preparing for yesterday’s threats. Arm yourself with the precise intelligence and practical defenses that will actually protect your organization in the AI and quantum era, and earn CPE credit for attending!

Date/Time: Wednesday, December 10 @ 2:00 PM (ET)

Save My Spot:
https://info.knowbe4.com/quantum-ai-na?partnerref=CHN

Blurred Chats, Bigger Risks

By Javvad Malik

Think about your digital spaces. You’ve got your corporate email, which we all treat a bit like a high-security bank vault. We approach it with caution, we’re suspicious of unfamiliar senders, and we’re primed to spot a dodgy attachment.

Then, you have WhatsApp. That’s the digital equivalent of your living room. It’s comfy, familiar, and filled with people you (mostly) trust. Our guard is down. And, naturally, that’s precisely where the digital burglars are now trying to climb in.

A new piece of Android malware is doing the rounds, as recently reported by The Hacker News. It’s a nasty little “worm” that spreads itself through WhatsApp. Once it infects a phone, it automatically replies to incoming messages with a malicious link, often disguised as a “new feature” update.

Your mate messages you, “Are you free for the pub later?” and your phone, now infected by a digital gremlin, messages back, “Great! But first, check out this cool new WhatsApp video feature!”

It’s fiendishly effective. And it’s not because people are “stupid” or “gullible.” It’s because the attack brilliantly exploits a behavioral quirk that academics call “context collapse.”

“Context collapse” is the simple idea that on platforms like WhatsApp, all our different social circles—our family, our friends, our boss, the plumber—are flattened into a single, scrolling feed.

As the work of researchers like Danah Boyd has shown, we humans are built to segregate our audiences; we talk to our mom differently than we talk to our CEO. But in this digital living room, the contexts “collapse.” We lose the ability to mentally switch gears, applying the “mom-level” of trust to a message that really should have “CEO-level” scrutiny.

The malware doesn’t just knock on the front door; it gets your trusted friend to open it from the inside. We’ve spent fortunes building a fortress with 50-foot walls and titanium gates for our email, and the attackers have just strolled in via the cleaner, who they’ve convinced to hand over the keys.

This isn’t just a consumer problem. While many in the UK or US might see WhatsApp as purely social, in vast swathes of the world, it is the primary tool for business. In Latin America, Asia and Africa it’s the main channel for client communication, supplier negotiations, and internal updates.

Reports show that many users in these regions trust WhatsApp more than corporate email for its immediacy and personal feel.

When the digital living room is also the boardroom, a worm that steals credentials and intercepts SMS codes for two-factor authentication becomes a significant enterprise threat.

So, what can we actually do about it?

• Acknowledge the “Living Room” Office: Stop pretending critical business isn’t happening on these “social” apps. You can’t secure what you don’t admit you’re using. Have an honest conversation about what shadow IT is – business-critical IT.
• Train for the Context: Stop just showing screenshots of fake emails. Show examples of a suspicious WhatsApp. A dodgy Teams message. A weird LinkedIn request.
• Make Out-of-Bounds verification easy: Any unusual request on a chat app, especially for money, a download, or credentials must be verified on a different channel.

Context collapse isn’t just a clever phrase; it’s the attack surface. When your mom, mates and manager all share the same collapsed inbox, our instincts stop working properly. The answer isn’t banning the tools people actually use, it’s building better habits around them.

Treat WhatsApp, Teams and LinkedIn as real business channels, and make out‑of‑band verification normal. Security is less about spotting the dodgy email and more about pausing long enough to ask: “Does this make sense? And have I checked it somewhere else?”

Blog post with links:
https://blog.knowbe4.com/blurred-chats-bigger-risks

You can read CyberheistNews online at our Blog
https://blog.knowbe4.com/cyberheistnews-vol-15-48-new-deepfake-danger-1-in-5-biometric-attacks-are-now-ai-driven

Sophisticated Phishing Attack Targets Apple Users

An extremely convincing phishing campaign is using genuine support notifications to target Apple users, AppleInsider reports. A user named Eric Moret described the attack, stating that he first received multiple two-factor authentication prompts on his iPhone, iPad, and Mac computer.

One minute later, he received a phone call purporting to be an automated alert from Apple providing another 2FA code. At this point, Moret assumed someone was trying to hack into his Apple account, but he knew they wouldn’t be able to get in without the 2FA codes.

Several minutes later, Moret received another call, this time from a human informing him that someone from Apple would contact him shortly to help defend against an ongoing attack. Ten minutes later, another human called, impersonating Apple Support, and talked to Moret for 25 minutes.

Notably, during this phone call, the caller instructed Moret to go to his email and verify that he had received a confirmation message for an Apple Support case. The attackers had set up a real Apple Support request in Moret’s name so that Moret would receive a legitimate email from Apple that appeared to be referring to the phone call Moret was currently on.

This convinced Moret that the person on the phone was trustworthy, and he followed the attacker’s instructions, which involved resetting his password, clicking a link, and then entering a 2FA code. After entering this code, Moret received a real notification from Apple informing him that a device he didn’t own had signed into his Apple account.

Moret then realized he’d been phished. Fortunately, he was able to reset his password again before the attackers locked him out, thwarting the attack at the last moment.

This incident demonstrates how even technically proficient users can fall victim to social engineering attacks. KnowBe4 enables your workforce to make smarter security decisions every day.

Apple Insider has the story:
https://appleinsider.com/articles/25/11/19/an-ingenious-apple-service-hoax-is-convincing-users-their-account-is-under-attack

[AS USUAL] Scammers Are Exploiting the Holiday Shopping Season

Your users should be particularly wary of holiday-themed scams over the next few weeks, according to researchers at Malwarebytes.

“Mobile-first shopping has become second nature, and during the holidays, it’s faster and more frantic than ever,” Malwarebytes says. “Fifty-five percent of people get a scam text message weekly, while 27% are targeted daily.

Downloading new apps, checking delivery updates, or tapping limited-time offers all feel routine. Nearly 6 in 10 people say that downloading apps to buy products or engage with companies is now a way of life, and 39% admit they’re more likely to click a link on their phone than on their laptop.”

The researchers note that delivery tracking lures spike during the holiday season, since many users are already expecting to receive these notifications.

“Postal tracking scams are already mainstream, but the holidays invite particular risk,” the researchers write. “With shoppers checking delivery updates several times a day, it’s easy to click without thinking.

Around 4 in 10 people have encountered one of these scams (62%), and more than 8 in 10 track packages directly from their phones (83%), making mobile users a prime target. Again, younger shoppers are the most impacted, with 62% of victims being either Gen Z or Millennials (vs 57% of scam victims overall).

The messages look convincing: real courier logos, legitimate-sounding tracking numbers, and language that mirrors official updates.” The researchers also warn of an increase in malvertising attacks offering holiday sales deals.

“The hunt for flash sales, coupon codes, and last-minute deals can make shoppers more exposed to malicious ads and downloads,” Malwarebytes says. “More than half of people (58%) have encountered ad-related malware (or ‘adware,’ which is software that floods your screen with unwanted ads or tracks what you click to profit from your data), and over a quarter have fallen victim (27%).

Gen Z users who spend the most time online are the age bracket that is most susceptible to adware, at nearly 40%.”

Over 70,000 organizations worldwide trust the KnowBe4 HRM+ platform to strengthen their security culture and reduce human risk.

Malwarebytes has the story:
https://www.malwarebytes.com/blog/uncategorized/2025/11/holiday-scams-2025-these-common-shopping-habits-make-you-the-easiest-target

What KnowBe4 Customers Say

“Hi Bryan, thank you for reaching out to check in on how things are going with the KnowBe4 platform. I’m happy to report that we are currently satisfied with the service.

“The platform has been instrumental in transforming the security culture here, and the decrease in our scores is a testament to its effectiveness.

“I would like to commend Ryan D., our Customer Success Manager, for his exceptional support. He has been incredibly helpful throughout our journey with KnowBe4.”

– H.M., UK Cyber Security Specialist