CyberheistNews Vol 15 #35 [Watch Out] Hackers Now Use AI to Write Better Phish

[Watch Out] Hackers Now Use AI to Write Better Phish

Cybercriminals are increasingly abusing AI-assisted website generators to quickly craft convincing phishing sites, according to researchers at Palo Alto Networks’ Unit 42.

In many cases, even when these services have safeguards in place to prevent abuse, criminals can bypass these measures in order to create phishing pages. Unit 42 tested a popular website generator to see how easy it was to spin up a spoofed website.

“The website builder only required a valid email address to establish a trial account and publish a page impersonating our company,” Unit 42 says.

“Since these pages are intended to quickly establish a web presence for a new company or organization, they lack the design elements that criminals would otherwise use to spoof a targeted brand. In our test, the website builder promised to generate a free AI website in 60 seconds, which is an accurate statement. Our only input was a brief description of the company for an initial text prompt.”

Additionally, the researchers found that approximately 40% of AI abuse by threat actors involved writing assistants or chatbots. These tools can help attackers write tailored phishing messages that are free from typos or grammatical errors.

“Text generation tools such as conversational, writing and meeting assistants can enhance productivity, content creation and customer interaction,” Unit 42 says. “However, attackers can manipulate them to generate convincing phishing content, spread misinformation or leak confidential data.”

AI tools are rapidly increasing in sophistication, and Unit 42 says misuse of these tools will keep pace. The researchers state, “Our telemetry reflects the growing adoption of GenAI applications and services, and we expect a corresponding increase in attacks that take advantage of GenAI as time passes.”

AI-powered security awareness training can give your organization an essential layer of defense against evolving social engineering attacks.

Use AI to fight AI. KnowBe4’s AIDA (Artificial Intelligence Defense Agents) are a suite of agents that up-levels your approach to human risk management.

Blog post with links:
https://blog.knowbe4.com/threat-actors-are-increasingly-abusing-generative-ai-tools-for-phishing

[Live Demo] Ridiculously Easy AI-Powered Security Awareness Training and Phishing

Phishing and social engineering remain the #1 cyber threat to your organization, with 68% of data breaches caused by human error. Your security team needs an easy way to deliver personalized training. This is precisely what our AI Defense Agents provide.

​Join us for a demo showcasing KnowBe4’s leading-edge approach to human risk management with agentic AI that delivers personalized, relevant and adaptive security awareness training with minimal admin effort.

See how easy it is to train and phish your users with KnowBe4′ HRM+ platform:

• SmartRisk Agent™ – Generate actionable data and metrics to help you lower your organization’s human risk score
• Template Generator Agent – Create convincing phishing simulations, including Callback Phishing, that mimic real threats. The Recommended Landing Pages Agent then suggests appropriate landing pages based on AI-generated templates
• Automated Training Agent – Automatically identify high-risk users and assign personalized training
• Knowledge Refresher Agent and Policy Quizzes Agent – Reinforce your security program and organizational policies.
• Enhanced Executive Reports – Track user activities, visualize trends, download widgets, and improve searching/sorting to provide deeper insights and streamline collaboration

See how these powerful AI-driven features work together to dramatically reduce your organization’s risk while saving your team valuable time.

Date/Time: Thursday, September 11 @ 2:00 PM (ET)

Save My Spot:
https://info.knowbe4.com/ksat-demo-3?partnerref=CHN2

Back to School: Cybersecurity Education for All Ages

By KnowBe4’s Chief Learning Officer John N Just, Ed.D. & Ben Syn

It’s that exhilarating time of year again! Summer is winding down, and the back-to-school season is in full swing—a truly fantastic time to focus on the power of education, not just in the traditional sense, but especially in the ever-evolving digital world.

At KnowBe4, recognized as the #1 Security Product and #2 Overall Software Product in G2’s 2025 Best Software Awards, we are passionately committed to transforming human risk and championing cutting-edge cybersecurity education for everyone, from our youngest digital explorers to seasoned college students and beyond.

We fundamentally believe that this people-centric approach goes beyond just checking a box, focusing instead on real, measurable behavior change to build a strong security culture against cyber threats.

For older students transitioning into the workforce or higher education, we’re proud to announce a significant milestone for our KnowBe4 Student Edition! We now have over 200 academic institutions offering our student-specific security awareness training to more than a million students!

This initiative was born from heartbreaking stories of students falling victim to phishing attacks and employment scams, and a clear need expressed by employers for more cyber-prepared graduates. For the past year, we’ve collaborated with a steering committee of esteemed institutions worldwide, including Bournemouth University, Nelson Mandela University, the University of Oklahoma, Hood College, and Nova Southeastern University, to develop highly relevant, customized, and actionable content for students aged 16 and over.

The impact goes beyond just training; it builds a true security culture. As Tina Rebello, an information security analyst at Bridgewater State University, shared with us, “The students were teaching each other the red flags of phishing messages and had a lot of fun picking them apart. It also brought our students together a little more, which was really exciting to see.”

The Student Edition tackles crucial topics like social engineering red flags, sextortion, secure online behavior, and avoiding online scams, preparing students to be cyber-ready in their future careers while also protecting them and their institutions from current attacks.

The pricing is set as a fraction of standard license costs, ensuring all students can access this essential content and contribute to building a future workforce of security champions within their communities.

[CONTINUED] with links and screenshots:
https://blog.knowbe4.com/back-to-school-a-cybersecurity-education-for-all-ages

A New Era of Email Defense: The Power of KnowBe4 and Microsoft Defender for Office 365

Discover how KnowBe4 and Microsoft Defender for Office 365 are transforming email security and explore the power of the new integration.

Join our live demo with Murali Natarajan, Principal Product Manager at Microsoft, and Stuart Clark, Vice President of Product Strategy at KnowBe4, to see how KnowBe4’s advanced threat detection capabilities and Microsoft’s Integrated Cloud Email Security (ICES) ecosystem work together to create an unmatched defense against today’s most sophisticated email threats.

During this session, you’ll learn how to:

• Seamlessly integrate KnowBe4 Defend with Microsoft’s security controls for unified quarantine, consistent policy enforcement and comprehensive visibility
• Leverage the combined strengths of KnowBe4’s specialized AI detection and Microsoft Defender, ensuring the strongest verdict always wins for superior threat prevention
• Simplify deployment, reduce complexity and eliminate separate quarantine systems through seamless integration with Microsoft tools
• Adopt Microsoft’s newest framework early, ensuring compatibility with future developments and unlocking co-marketing opportunities
• Enable your security teams to investigate, respond to and remediate threats through familiar Microsoft interfaces while harnessing KnowBe4’s advanced detection capabilities

Date/Time: Wednesday, September 10 @ 1:00 PM (ET)

Save My Spot:
https://info.knowbe4.com/knowbe4-microsoft-defender?partnerref=CHNP

New Phishing Kit Bypasses MFA to Steal Microsoft 365 Credentials

Attackers are using a newly discovered phishing-as-a-service (PhaaS) platform dubbed “Salty 2FA” to target a wide range of industries across North America and Europe, according to researchers at ANYRUN.

The phishing attacks are delivered via email and primarily attempt to steal Microsoft 365 credentials. Like many popular commodity phishing kits, Salty 2FA is designed to bypass a variety of multifactor authentication measures.

“With its ability to distribute phishing payloads at scale, maintain dynamic infrastructure, intercept and process most known 2FA authentication methods beyond simple credentials, and manage a complex communication model between phishing pages and C2 servers, Salty 2FA stands on par with the ‘major’ kits in today’s phishing landscape,” the researchers note.

Common phishing lures used by the kit relate to billing statements, payroll amendments, requests for proposals, or bid invitations. ANYRUN observed the attackers using the phishing kit to target a variety of sectors across the U.S., Canada, France, Germany, Greece, Italy, Spain, Switzerland and the United Kingdom. The attacks have also targeted the financial sector in Latin America and the metallurgy industry in the US and India.

The researchers believe Salty 2FA’s developers are still improving the platform, and organizations worldwide should be on the lookout for these phishing attacks.

Blog post with links:
https://blog.knowbe4.com/new-phishing-kit-bypasses-mfa-to-steal-microsoft-365-credentials

[FREE Resource Kit] The Cybersecurity Awareness Month Kit for 2025 is Now Available

Cybersecurity Awareness Month is around the corner, and we’ve got your back!

It’s dangerous out there, so you shouldn’t go alone. Take your users on an 8-bit journey across four levels of cyber sleuthing with our 80s arcade themed Cybersecurity Awareness Month resource kit! We’ve set you up with enough free training content to run a whole theme campaign throughout October.

This year, each themed week represents a new level for your users to explore. Along the way they’ll encounter baddies bursting out of the arcade cabinet representing the key cyber threats for each week.

Here is what you’ll get:

• Access to a curated collection of security awareness training videos and interactive modules straight from KnowBe4’s award-winning training library
• Resources to help you plan your activities, including your Cybersecurity Awareness Month User Guide and Cybersecurity Awareness Weekly Planner
• NEW! Four “Arcade Villain” character cards/posters, plus additional posters and digital signage assets available in multiple languages
• Free resources for you including our most popular on-demand webinar and whitepaper

This kit will help you and your users fight cyber crime this October and beyond.

Get Your Kit Now:
https://info.knowbe4.com/cyber-security-awareness-kit-chn

FBI says Salt Typhoon targeted more than 80 countries

The Wall Street Journal reports that the Chinese cyberespionage campaign known as “Salt Typhoon” targeted approximately 600 organizations across more than 80 countries. Brett Leatherman, the FBI’s Deputy Assistant Director for Cyber Ops, told the Journal that the campaign was “broader and more indiscriminate than x previously understood, and beyond what countries usually understand to be espionage.”

The FBI believes the hackers obtained more than a million call records and specifically targeted the phone calls and text messages of around 100 Americans.

The threat actors also compromised telecommunication providers in other countries, with varying degrees of access. Leatherman added, “If you are able to exfiltrate similar information globally you can start to aggregate that data and start to understand a much different intelligence picture than what you would get if you just targeted and compromised one country.” Yikes.

Allied spy agencies blame 3 Chinese tech companies for Salt Typhoon attacks:
https://therecord.media/allied-spy-agencies-blame-chinese-companies-salt-typhoon

Let’s stay safe out there.

Warm regards,

Stu Sjouwerman, SACP
Executive Chairman
KnowBe4, Inc.

PS: [Budget Ammo] By Yours Truly: Beyond the Prompt: “Building Trustworthy Agent Systems”
https://www.securityweek.com/beyond-the-prompt-building-trustworthy-agent-systems/

PPS: Your KnowBe4 Fresh Content Updates from August 2025:
https://blog.knowbe4.com/your-knowbe4-fresh-content-updates-from-august-2025

[BONUS LUNCH & LEARN] The $10 Trillion AI Revolution: Why It’s Bigger Than the Industrial Revolution:
https://youtu.be/yoycgOMq1tI?si=qgmFe1WkicPu7Y3i

You can read CyberheistNews online at our Blog
https://blog.knowbe4.com/cyberheistnews-vol-15-35-watch-out-hackers-now-use-ai-to-write-better-phish

Report: AI Can Now Automate Entire Attack Chains

Threat actors can now use AI tools to automate entire attack operations, according to a new report from Anthropic. The company says an attacker abused its Claude AI tool to create a hacking and extortion campaign that compromised at least seventeen organizations.

The attacker used Claude to conduct reconnaissance, initial access, malware development, data exfiltration, and extortion analysis.

“A cybercriminal used Claude Code to conduct a scaled data extortion operation across multiple international targets in a short timeframe,” the researchers write. “This threat actor leveraged Claude’s code execution environment to automate reconnaissance, credential harvesting, and network penetration at scale, potentially affecting at least 17 distinct organizations in just the last month across government, healthcare, emergency services, and religious institutions.”

The attacker was able to steal “healthcare data, financial information, government credentials, and other sensitive information, with direct ransom demands occasionally exceeding $500,000.”

Anthropic also observed a Chinese state-sponsored APT abusing Claude to assist in a successful espionage campaign targeting Vietnamese critical infrastructure.

“The actor integrated Claude as an assistant across 12 of 14 MITRE ATT&CK tactics, using it as a technical advisor, code developer, security analyst, and operational consultant throughout their campaign,” the researchers write. “The actor appears to have compromised major Vietnamese telecommunications providers, government databases, and agricultural management systems.”

Additionally, the researchers observed AI-assisted attacks launched by North Korean and Russian APTs, as well as ransomware gangs, romance scammers, and malware developers.

Anthropic has banned the accounts associated with this activity and is working on ways to prevent such abuse in the future. However, organizations should expect attackers to continue to leverage AI in their operations, and these attacks will only grow more sophisticated as the technology improves.

KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 HRM+ platform to strengthen their security culture and reduce human risk.

Anthropic has the story:
https://www.anthropic.com/news/detecting-countering-misuse-aug-2025

Report: Cybercriminals are Hiring Social Engineering Talent

ReliaQuest has published a report on the cybercriminal recruitment ecosystem, finding that fluent English speakers with social engineering skills are highly sought-after.

“Among the most in-demand skills is English-speaking social engineering, with job posts more than doubling from 2024 to 2025,” the researchers write. “Recruiters account for 87% of these postings, indicating strong demand, likely fueled by the success of groups like ‘Scattered Spider’ in leveraging this skill for initial access attacks.”

The researchers note that deepfake technology can add another layer of sophistication to social engineering attacks. Accordingly, crooks are also looking to hire individuals with AI expertise.

“Looking ahead, once deepfake technology enables adversaries to remove language barriers in real time, it will present an even greater threat,” ReliaQuest says. “Attackers could target organizations across multiple languages, significantly expanding their reach.

What’s more, with recruitment for English-speaking social engineers already at an all-time high, real-time deepfake technology offers an alternative to traditional methods. As such, social engineering attacks will almost certainly become more prevalent.”

ReliaQuest also notes a surge of activity related to the newly popular ClickFix social engineering tactic, which tricks victims into running malicious commands on their computers.

“The cybercriminal job market is a key driver in accelerating the adoption of emerging attack techniques, as demonstrated by the rise of ClickFix malware execution. Between late 2024 and early 2025, ClickFix activity surged by an alarming 850%, with a 200% spike occurring within just one month of targeted recruitment posts appearing.

This rapid escalation highlights how demand for specific expertise directly fuels the deployment of new methods, making it essential for organizations to monitor these shifts and proactively strengthen defenses.”

Blog post with links:
https://blog.knowbe4.com/report-cybercriminals-are-hiring-social-engineering-talent

[Tool of the Week] Turn Your Messy Prompts Into Gold

OpenAI launched something worth your coffee break. It’s called the Prompt Optimizer, and it’s a free tool inside the ChatGPT Playground that quietly levels up your AI game.

Here’s how it works: You write a vague or clumsy prompt. Hit “Optimize.” And boom—out comes a polished, structured version that GPT‑5 understands better. Think of it as spellcheck for prompts—except it also teaches you why your original was weak.

Why does this matter? Because sharper prompts lead to sharper results. You’ll instantly see better responses from ChatGPT just by feeding it better input. It’s like giving a chef a recipe instead of a grocery bag and hoping for dinner.

Better still, the tool shows you what it changed, and why. So while you’re getting work done, you’re also learning how to prompt like a pro. That makes it both useful and educational.

Where to try it: https://platform.openai.com/playground

You need to familiarize yourself with the UI. It’s a bit more technical and gets updated frequently, find and use the Optimize function.

AI is only as smart as the instructions you give it. This tool helps you sound like you know what you’re doing—even if you’re winging it. 😀

The 10 Interesting News Items This Week

Cyberheist ‘Fave’ Links