Security Tip of the Week – Training Notifications from KnowBe4’s Evil Twin

by Carissa

Keller Schroeder Security Solutions Group LogoIn early September, a phishing attack surfaced that imitates one of KnowBe4’s security awareness training email notifications. The phishing email comes from their evil twin (the cybercriminals behind this attack) and claims that your training assignment will expire within 24 hours. You are directed to click a link to complete your training.

The link in the email shows the name of your training platform, but if you hover over this link with your mouse, you’ll see that the destination domain is actually “msk.turbolider.ru”. Clicking on this disguised phishing link takes you to a phony Microsoft Outlook login page. If you enter information on this page, it will be sent directly to the bad guys.

How do you tell if an email came from the good twin or the evil twin? Follow these tips:

  • Remember that any site, brand, or service can be spoofed. Always think before you click, especially if you were not expecting the email.
  • Before you click, always hover over a link to preview the destination—even if you think the email is legitimate. Pay close attention to URL misspellings or unusual domain names.
  • If you are suspicious of an email that claims to be a training notification, reach out to your manager or training coordinator for help. They can find out if the notification is legitimate.

Stop, Look, and Think. Don’t be fooled.


KnowBe4 Logo - Keller Schroeder Vendor PartnerKnowBe4 is the world’s most popular integrated platform for awareness training combined with simulated phishing attacks. Let Keller Schroeder show you how KnowBe4 has helped thousands of organizations just like yours manage the continuing problem of social engineering. Contact us today to learn more.


DISCLAIMER : Any non-technical views expressed are not necessarily those of Keller Schroeder or its employee-owners.

Top