DEV Community

Dave
Dave

Posted on

That time a KnowBe4 phish test caught the wrong person

My employer pays KnowBe4 to randomly conduct phishing tests on all employees, and not so long ago, I got an email that looked (at first glance) legit, from "LinkedIn Security."

The first thing that peaked my interest, was that I have a LinkedIn account, but not associated to the email address that their "Security" team were talking to me about. Since I'm now interested, I paid closer attention to the sender address, and they were missing an E in "LinkedIn" - bingo, it's 100% bogus.

So, following corporate policy, I kick a ticket at our First Line staff along the lines of "hey, if this isn't a KnowBe4 test, consider blacklisting the domain."

A while later the reply came back, saying that they were blacklisting the domain. I replied, with a screenshot of the host command demonstrating that the host in the "click me" link is a CNAME'd alias for KnowBe4.

KnowBe4 targetting is off a little, but they definitely caught someone that needs training!

Discussion (0)