Strengthen Email Security Through Strategic Integration

Microsoft & KnowBe4 Collab: Strengthen Email Security Through Strategic Integration

Bad actors never rest. But you can rely on the powerful partnership between KnowBe4 and Microsoft to bolster your cybersecurity. Combine Microsoft Defender for Office 365’s robust email and collaboration security with KnowBe4’s expertise in human risk management and advanced threat detection.

Now you have a layered defense that maximizes the strengths of both platforms. This “better together” approach delivers a seamless, effective solution to protect you from sophisticated email threats.

Microsoft Defender for Office 365 equips you with a comprehensive security framework, leveraging AI, global threat intelligence and insights into attack infrastructure. Yet, modern threats like business email compromise, zero-day exploits, and spear-phishing require specialized defenses.

KnowBe4 Defend enhances Microsoft’s protections with Agentic AI-driven threat detection, strengthening your security without disrupting your existing M365 setup.

This integration allows Defend to automatically quarantine suspicious messages within Microsoft’s workflows, streamlining your operations and giving you full visibility in one familiar interface.

This unified experience simplifies your security management, freeing you to focus on protection rather than juggling multiple tools. The defense-in-depth strategy merges Microsoft’s machine learning with KnowBe4’s targeted algorithms, creating overlapping layers of protection that shrink your attack surface.

This ensures threats that slip past one system are caught by another, speeding up your detection and response.

Beyond technical advantages, this partnership gives you flexibility and maximizes your ROI by enhancing your current infrastructure. As part of Microsoft’s ICES (Integrated Cloud Email Security) ecosystem, this collaboration sets a model for future partnerships, focusing on complementary strengths to tackle complex cybersecurity challenges.

The KnowBe4-Microsoft integration provides you with a streamlined, powerful solution, blending proven infrastructure with specialized capabilities. If you need robust email security, this partnership delivers unmatched protection and efficiency.

Blog post with links:
https://blog.knowbe4.com/knowbe4-collaborates-with-microsoft-strengthening-email-security-through-strategic-integration

New: KnowBe4 Defend Integrates with Microsoft Defender for Office 365

This collaboration marks the launch of Microsoft’s new ICES (Integrated Cloud Email Security) vendor ecosystem, with KnowBe4 as one of only two launch partners, and revolutionizes how your organization defends against sophisticated email threats.

Why This Matters
As the threat landscape continues to evolve, a single security solution, regardless of how advanced, may not catch every threat variation or attack vector. KnowBe4 Defend complements Microsoft 365’s existing email security with agentic AI approaches and advanced inbound threat detection capabilities. This integration allows you to maintain your Microsoft security investments while adding specialized threat detection and response.

What This Means For You

• Seamless Integration – When Defend identifies potentially malicious messages, they’ll automatically move to Microsoft’s quarantine using your existing policies
• Unified Management – Manage all threats from a single, familiar Microsoft interface with complete visibility into KnowBe4 Defend’s decisions
• Enhanced Protection – Get multiple layers of specialized detection that catch sophisticated attacks including BEC, APTs and targeted spear-phishing
• Maximized Investment – Leverage your existing Microsoft security infrastructure while adding KnowBe4’s specialized capabilities
• Reduced Complexity – Eliminate friction between security tools and streamline your security operations

This “better together” approach combines Microsoft’s robust email security infrastructure with KnowBe4’s leadership in human risk management and threat detection, creating overlapping fields of protection that dramatically reduce your attack surface.

Ready to transform your email security? Check out KnowBe4 Defend today.

See Defend in Action
https://www.knowbe4.com/products/defend-demo

*Must have Microsoft Defender for Office 365 Plan 2 or Microsoft 365 E5

Warning: Voice Deepfakes Continue to Improve

AI-generated voice deepfakes present an urgent threat to organizations, according to researchers at Pindrop.

The researchers warn that speech generation tools can create realistic-sounding cloned voices in near real-time, allowing attackers to hold live conversations with victims while imitating someone the victim knows.

Additionally, these tools can now convincingly imitate human emotions, making social engineering attacks even more persuasive. “Advances in synthetic speech have enabled [text-to-speech] voices to convey emotions like joy, anger, empathy, and sadness,” the researchers write.

“AI models can now learn and imitate emotional tones from human speech, making these synthetic voices even more convincing.” These tools are readily available for anyone to use, allowing even unskilled attackers to launch sophisticated social engineering attacks.

“Fraudsters are turning to voice modulation, manipulating their pitch, cadence, tone, and volume to imitate others or confuse agents,” the researchers write. “With easy access to voice-changing apps on mobile platforms, it’s now simpler to mask their identity.

For instance, a major U.S. retailer reported a surge in attackers posing as virtual legal assistants requesting account closures on behalf of customers. The rise of open-source AI platforms has dramatically lowered the barrier to creating realistic deepfakes.

In 2024 alone, Hugging Face hosted more than 2,400 TTS models and over 1,800 text-to-audio models. While these tools serve legitimate developer use cases, they’re also readily accessible to fraudsters.”

The researchers note, “Strengthening authentication protocols, implementing real-time risk analysis, and continuously training contact center representatives to recognize evolving fraud tactics remain critical defenses against these increasingly skilled adversaries.”

KnowBe4’s human risk management platform gives your organization an essential layer of defense against social engineering attacks.

Blog post with links:
https://blog.knowbe4.com/warning-voice-deepfakes-continue-to-improve

[Live Demo] Ridiculously Easy AI-Powered Security Awareness Training and Phishing

Phishing and social engineering remain the #1 cyber threat to your organization, with 68% of data breaches caused by human error. Your security team needs an easy way to deliver personalized training—this is precisely what our AI Defense Agents provide.

Join us for a demo showcasing KnowBe4’s leading-edge approach to human risk management with agentic AI that delivers personalized, relevant, and adaptive security awareness training with minimal admin effort.

See how easy it is to train and phish your users with KnowBe4′ HRM+ platform:

• SmartRisk Agent™ – Generate actionable data and metrics to help you lower your organization’s human risk score
• Template Generator Agent – Create convincing phishing simulations, including Callback Phishing, that mimic real threats. The Recommended Landing Pages Agent then suggests appropriate landing pages based on AI-generated templates
• Automated Training Agent – Automatically identify high-risk users and assign personalized training
• Knowledge Refresher Agent and Policy Quizzes Agent – Reinforce your security program and organizational policies.
• Enhanced Executive Reports – Track user activities, visualize trends, download widgets, and improve searching/sorting to provide deeper insights and streamline collaboration

See how these powerful AI-driven features work together to dramatically reduce your organization’s risk while saving your team valuable time.

Date/Time: Wednesday, July 9, @ 2:00 PM (ET)

Save My Spot:
https://info.knowbe4.com/kmsat-demo-1?partnerref=CHN

Google Report Outlines the Latest Scam Trends

Researchers at Google have published a report on the latest scam trends, noting an increase in travel-themed scams targeting people preparing for their summer vacations.

“Ahead of the summer vacation season, our teams have observed a spike in travel scams,” the researchers write. “Fake travel websites lure users into booking travel with a promise of ‘too good to be true’ prices, experiences, or discounts.

“These deceptive sites often imitate well-known hotels or pose as legitimate travel agencies, a tactic particularly prevalent during holidays and major events when people book travel via messaging apps or phone.”

Threat actors are also using commodity phishing kits to launch waves of package delivery scams that trick people into sending money or visiting malicious websites.

“Package tracking scams exploit the widespread use of online shopping and package delivery services by sending fraudulent messages that appear to be from legitimate delivery companies,” the researchers write. “These scams often trick users into paying additional ‘fees’ that real delivery services would never request.

“Our teams have observed these scams impersonating a wide array of global brands. A key tactic is how quickly scammers adapt their websites and messages, often changing content based on when the link is sent to a user. They achieve this rapid deployment using phishing kits like Darcula and Xiu Gou, which mimic legitimate websites and brands almost instantly.”

Blog post with links:
https://blog.knowbe4.com/google-report-outlines-the-latest-scam-trends

[Free Phish Alert Button] Give Your Employees a Safe Way to Report Phishing Attacks with One Click!

Phishing attacks are increasing in sophistication, posing a severe threat to organizations.

Users need a consistent process for reporting these emails, and InfoSec teams need one platform to manage the influx of reported emails.

KnowBe4’s Phish Alert Button (PAB) provides your users a safe way to report email threats to the security team for analysis, and automatically deletes the email from the user’s inbox to prevent further exposure.

Phish Alert Button Benefits:

• Reinforces your organization’s security culture
• Users can report suspicious emails with just one click
• Your Incident Response team gets early phishing alerts from users, creating a network of “sensors”
• Email is deleted from the user’s inbox to prevent future exposure
• Easy deployment via MSI file for Outlook and G Suite deployment for Gmail (Chrome)

KnowBe4’s PAB works across most Outlook and Google workspaces. Outlook users should leverage our Microsoft Ribbon PAB for a frictionless experience!

Get your Phish Alert Button Now:
https://info.knowbe4.com/free-phish-alert-chn

[MUST WATCH] Andrej Karpathy: “Software Is Changing (Again)”

This week Karpathy released a fantastic video with his big-picture vision of AI. (He was the AI chief for Tesla for a long time.) It is less than 40 minutes, so great for a lunch and learn. He goes from Software 1.0 to 2.0 and now 3.0, but the most interesting thing is that he positions AI as the new operating system: https://youtu.be/LCEmiRjPEtQ?si=D6cyWkhKJvT7RLoQ

And then I found this brand-new Google video and guess what they are showing? Here’s how Gemini 2.5 Flash-Lite writes the code for an OS-like UI and its contents based solely on the context of what appears in the previous screen — all in the time it takes to click a button. Fascinating and scary: https://x.com/i/status/1935719933075177764

Let’s stay safe out there.

Warm regards,

Stu Sjouwerman, SACP
Founder and Exec Chair
KnowBe4, Inc.

PS: [BUDGET AMMO]: Mitigating AI Threats: Bridging the Gap Between AI and Legacy Security:
https://www.securityweek.com/mitigating-ai-threats-bridging-the-gap-between-ai-and-legacy-security/

You can read CyberheistNews online at our Blog
https://blog.knowbe4.com/cyberheistnews-vol-15-25-microsoft-and-knowbe4-collab-strengthen-email-security-through-strategic-integration

Russian Threat Actor Uses Social Engineering to Compromise Google Accounts

Researchers at Google observed a Russian state-sponsored phishing campaign that attempted to compromise users’ Google accounts by tricking them into handing over application-specific passwords. The attackers built trust by conversing with the victims before initiating the attack.

“In cooperation with external partners, Google Threat Intelligence Group (GTIG) observed a Russian state-sponsored cyber threat actor impersonating the U.S. Department of State,” the researchers write.

“From at least April through early June 2025, this actor targeted prominent academics and critics of Russia, often using extensive rapport building and tailored lures to convince the target to set up application-specific passwords (ASPs). Once the target shares the ASP passcode, the attackers establish persistent access to the victim’s mailbox.”

ASPs are legitimate features included with Google accounts, but many users are unfamiliar with them and may inadvertently fall for this attack.

“Targets who responded received an email with a benign PDF lure attached. The State Department themed lure is customized to the target and contains instructions to securely access a fake Department of State cloud environment.

“This included directing victims to go to https://account[.]google[.]com and create an Application Specific Password (ASP) or ‘app passwords.’ ASPs are randomly generated 16-character passcodes that allow third-party applications to access your Google Account, intended for applications and devices that do not support features like 2-step verification (2SV). To use an ASP you must set it up and provide a name for the application.”

Google notes that setting up an ASP isn’t recommended and usually isn’t necessary. Users should avoid this feature unless they know what they’re doing, and you should be very suspicious if a third party asks you to set up one of these passwords.

“Users have complete control over their ASPs and may create or revoke them on demand,” Google explains. “Upon creation, Google sends a notification to the corresponding account Gmail, recovery email address, and any device signed in with that Google account to ensure the user intended to enable this form of authentication.”

KnowBe4 enables your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 Human Risk Management platform to strengthen their security culture and reduce human risk.

Google has the story:
https://cloud.google.com/blog/topics/threat-intelligence/creative-phishing-academics-critics-of-russia

Europol Warns of Social Engineering Attacks

Social engineering remains a primary initial access vector for cybercriminals, according to a new report from Europol.

“Social engineering, which exploits human error to gain access to systems or personal information, stands out as a prominent technique used by criminal actors in this context,” Europol says. “Initial Access Brokers (IABs) have been increasingly focused on using such techniques for the acquisition of valid account credentials as an entry point to the victims’ systems.

“This initial access can then be leveraged in a multitude of ways by criminal actors. For example, access credentials for remote services are widely used by ransomware groups and their affiliates to compromise corporate networks, which can lead to data theft (exfiltration) and the deployment of ransomware.”

The report also warns of a surge in infostealer malware, allowing criminals to gather information that can be used in future attacks.

“Phishing techniques are the main vector for the distribution of infostealers,” Europol says. “Criminals use a variety of methods to achieve this, including sending emails, text messages, or messages on social media that contain malicious attachments or URLs which introduce malware into the victim’s system.

“Malicious websites are also propagated through search engine advertising tools and search engine optimization (SEO) poisoning. In the latter case, criminals manipulate web search results to lead users to websites containing malware.”

Europol also notes that AI tools have increased the effectiveness of social engineering attacks, enabling threat actors to easily generate convincing lures. “The efficacy of many of the aforementioned social engineering techniques has been improved by the wider adoption of LLMs and other forms of generative artificial intelligence (genAI),” the researchers write.

“Phishing texts and scripts, generated to incorporate the language and cultural nuances of the victims’ location, can improve the efficacy of campaigns. Recent research on the topic indicates that phishing messages generated by LLMs have a significantly higher click-through rate than those likely written by humans.”

Europol has the story:
https://www.europol.europa.eu/media-press/newsroom/news/steal-deal-repeat-cybercriminals-cash-in-your-data

What KnowBe4 Customers Say

“I wanted to let you know what a positive experience it has been having Eniz as my sales rep and especially, Travis as my KnowBe4 customer success / implementation partner.

Travis is very knowledgeable, flexible, and explains everything very clearly. Always keen and ready to help, he’s been instrumental in getting my org launched with your SAT. I appreciate that he understands that given the many demands in a start-upish company.

I would also like to say that while I haven’t yet had the chance to learn all about intricacies of the platform, it does seem impressive and the whole process of responding to my request for a sales call and getting the signing done with Eniz was great.

I look forward to working further with Travis and implementing more of your platform and content.”

J.L. – Director of Finance