Skip to content

At The Identity Organisation, we're here to help!

    Your privacy is important to us, and we want to communicate with you in a way which has your consent and which is in line with UK Law on data protection. As a result of a change in UK law on 25th May 2018, by providing us with your personal details you consent to us processing your data in line with current GDPR requirements.

    Here is where you can review our Privacy & GDPR Statement

    To remove consent at any time, please e-mail info@tidorg.com with the word "unsubscribe" as the subject.

    +44 (0) 1628 308038 info@tidorg.com

    CyberheistNews Vol 15 #21 I Got This Coinbase-Related Scam in My Personal Inbox Last Week

    I Got This Coinbase-Related Scam in My Personal Inbox Last WeekStu Sjouwerman SACP

    By Roger Grimes

    Coinbase is one of the world’s largest cryptocurrency exchange sites, listed on the NASDAQ. I’ve been a Coinbase member from the beginning, so this email got my attention. I was pretty skeptical from the start, and upon further exploration, it was definitely a scam.

    The scam works by sending this email to a large number of people, and some percentage of recipients are likely to be Coinbase users (like me). The scam is to convince potential Coinbase victims that a hacker has somehow broken into their Coinbase account and added a new wallet address, which can then be used to steal the member’s value stored with Coinbase.

    In this scam’s case, fake Coinbase tech support is claiming that someone else’s public wallet address has been inserted into the Coinbase user’s account as a place that can receive value from the involved user. If this were real, it would be a big deal, because it would mean the user’s Coinbase account was somehow compromised, and a thief had inserted their wallet address as a place where they could transfer (i.e., steal) the user’s Coinbase account value.

    [CONTINUED] with screenshots and links at the KnowBe4 blog:
    https://blog.knowbe4.com/beware-coinbase-scams

    How KnowBe4’s AI Agents Reduce Your Security Risk

    Phishing and social engineering remain the #1 cyber threat to your organization, with 68% of data breaches caused by human error. Your security team needs an easy way to deliver personalized training—this is precisely what our AI Defense Agents provide.

    Join us for a demo showcasing KnowBe4’s leading-edge approach to human risk management with agentic AI that delivers personalized, relevant and adaptive security awareness training with minimal admin effort.

    See how easy it is to train and phish your users with KnowBe4’ HRM+ platform:

    • SmartRisk Agent™ – Generate actionable data and metrics to help you lower your organization’s human risk score
    • Template Generator Agent – Create convincing phishing simulations, including Callback Phishing, that mimic real threats. The Recommended Landing Pages Agent then suggests appropriate landing pages based on AI-generated templates
    • Automated Training Agent – Automatically identify high-risk users and assign personalized training
    • Knowledge Refresher Agent and Policy Quizzes Agent – Reinforce your security program and organizational policies
    • Enhanced Executive Reports – Track user activities, visualize trends, download widgets, and improve searching/sorting to provide deeper insights and streamline collaboration

    See how these powerful AI-driven features work together to dramatically reduce your organization’s risk while saving your team valuable time.

    Date/Time: Wednesday, June 4, @ 2:00 PM (ET)

    Save My Spot:
    https://info.knowbe4.com/en-us/kmsat-demo-3?partnerref=CHN

    Impersonating Meta, Powered by AppSheet: A Rising Phishing Campaign Exploits Trusted Platforms to Evade Detection

    Since March 2025, the KnowBe4 Threat Labs team has observed a surge in phishing attacks that exploit Google’s AppSheet platform to launch a highly targeted, sophisticated campaign impersonating social media platform giant Meta.

    Utilizing state-of-the-art tactics such as polymorphic identifiers, advanced man‑in‑the‑middle proxy mechanisms and multi-factor authentication bypass techniques, the attackers aim to harvest credentials and two-factor authentication (2FA) codes, enabling real-time access to social media accounts.

    The largest spike since March occurred on April 20 2025, where 10.88% of all global phishing emails identified and neutralized by KnowBe4 Defend were sent from AppSheet. Of these, 98.23% impersonated Meta and the remaining 1.77% impersonated PayPal.

    Phishing Campaign Overview

    All attacks analyzed in this campaign were identified and neutralized by KnowBe4 Defend, with further investigation conducted by our Threat Labs team.

    Attackers exploited AppSheet, a trusted Google-owned platform, and its workflow automation to deliver phishing emails at scale, enabling large-scale, hands-free distribution. These emails originated from noreply@appsheet.com, a legitimate domain, enabling them to bypass Microsoft and Secure Email Gateways (SEGs) that rely on domain reputation and authentication checks (SPF, DKIM, DMARC).

    In addition to leveraging a legitimate domain, this campaign also impersonated Meta (Facebook), using forged branding and urgent language—such as warnings about account deletion—to pressure recipients into taking immediate action. The use of a trusted brand like Meta helps lower suspicion and increase user engagement, making the phishing emails and the subsequent credential harvesting site appear more credible.

    [CONTINUED] with screenshots and links at the KnowBe4 blog:
    https://blog.knowbe4.com/impersonating-meta-powered-by-appsheet-a-rising-phishing-campaign-exploits-trusted-platforms-to-evade-detection

    Next Gen AI Human Risk Management Powered by KnowBe4

    When it comes to AI and human risk management (HRM), not all AI is created equal. You need an approach that strengthens your security posture, integrates seamlessly with your existing processes and operates as an extension of your team. Ninety-two percent of polymorphic phishing attacks now weaponize AI technology against organizations like yours to achieve unprecedented scale and effectiveness.

    KnowBe4 has been leading the way in AI for almost a decade, and we’re not slowing down.

    Our HRM platform, HRM+, delivers clear, measurable value to your organization:

    • Superior Training Data: Our AI agents are trained on over a decade of real-world behavioral data from 13+ million users across 70,000+ organizations worldwide, making the data relevant and personalized for your organization
    • Battle-Tested AI: Not a demo toy, it’s production-ready and delivering measurable outcomes. You could see upwards of 83% reduction in Phish-prone™ Percentage within 12 months
    • Risk-Based Intelligence: All our AI decisions are based on reducing the Risk Score of your users through our SmartRisk Agent™
    • Human-AI Collaboration: The best AI works with human intelligence. Our AI works as an extension of your team and follows your guidelines and configurability to make the decisions on behalf of your organization

    Immediately manage and mitigate human risk more effectively with agentic AI security awareness training to stay ahead of evolving threats.

    Learn more about how agentic AI can transform your security awareness training.
    https://blog.knowbe4.com/knowbe4-leads-charge-against-cybersecurity-threats-with-ai-capabilities

    The Ransomware Threat: Still Alive and Kicking

    By Javvad Malik

    Many organizations, after a period of relative quiet, might believe the ransomware bubble has burst. The headlines may have shifted, and other emerging cyber threats might seem to dominate the news cycle, but recent data from Marsh’s 2024 UK cyber insurance claims report suggests otherwise.

    It paints a stark picture of an ongoing and evolving threat landscape. While claims decreased by 20% compared to 2023, they remained significantly higher than in previous years. This serves as a critical reminder that cybersecurity threats, particularly ransomware, continue to pose a serious risk to businesses across various sectors, regardless of size or industry.

    The persistence of ransomware attacks underscores the critical need for organizations to remain vigilant and proactive in their cybersecurity efforts. Simply believing that the threat has subsided is a mistake.

    Implementing robust controls, such as secure and regularly tested backups, advanced threat detection systems and comprehensive incident response plans that are periodically reviewed and updated, is essential in mitigating the impact of potential breaches. These measures are not just checkboxes to tick, but rather integral components of a layered security approach.

    One crucial aspect that often gets overlooked is the human element in cybersecurity. Social engineering tactics remain a primary vector for initiating breaches. Cybercriminals are adept at exploiting humans, leveraging trust, curiosity, fear and other heightened emotions to gain unauthorized access. This highlights the importance of focusing on employee awareness and training.

    By educating employees about the latest threats, providing simulated phishing tests and fostering a culture of security consciousness, organizations can significantly reduce their vulnerability to cyberattacks. Security awareness training should not be a one-off event, but rather an ongoing process that adapts to the evolving threat landscape.

    The Marsh report also reveals an interesting trend: fewer organizations are choosing to pay ransoms. This shift is attributed to a variety of factors, including improved backup systems, quicker threat detection and containment that minimizes damage and a changing perception of the reputational impact of ransomware attacks.

    [CONTINUED] with links at the KnowBe4 blog:
    https://blog.knowbe4.com/the-ransomware-threat-still-alive-and-kicking

    Identify Weak User Passwords In Your Organization With the Newly Enhanced Weak Password Test

    Cybercriminals never stop looking for ways to hack into your network, but if your users’ passwords can be guessed, they’ve made the bad actors’ jobs that much easier.

    Verizon’s Data Breach Investigations Report showed that 81% of hacking-related breaches use either stolen or weak passwords.

    The Weak Password Test (WPT) is a free tool to help IT administrators know which users have passwords that are easily guessed or susceptible to brute force attacks, allowing them to take action toward protecting their organization.

    Weak Password Test checks the Active Directory for several types of weak password-related threats and generates a report of users with weak passwords.

    Here’s how Weak Password Test works:

    • Connects to Active Directory to retrieve password table
    • Tests against 10 types of weak password related threats
    • Displays which users failed and why
    • Does not display or store the actual passwords
    • Just download, install and run. Results in a few minutes!

    Don’t let weak passwords be the downfall of your network security. Take advantage of KnowBe4’s Weak Password Test and gain invaluable insights into the strength of your password protocols.

    Sign Up to the TIO Intel Alerts!

    Back To Top