Martin J. Kraemer

PHISHING ALERT: Attackers Exploiting Your Security Consciousness Against You KnowBe4 ThreatLabs has identified an active phishing campaign exploiting account security fears to harvest credentials from multiple platforms (Microsoft 365, Gmail, Adobe, and various other services). Analysis reveals stolen data is transmitted directly to Telegram bots, with infrastructure suggesting a Phishing-as-a-Service operation allowing Threat actors to configure their own Telegram bot tokens and chat IDs for credential collection. This platform-agnostic approach maximizes credential harvesting regardless of service type, prioritizing volume and versatility over targeted collection. IOC's Email Subjects: Email Suspension Notice Account Suspension Notice Email account deletion and suspension notice URL's: hXXps://cooperative-dog-answer.glitch[.]me/?email= hXXps://graceful-lace-scene.glitch[.]me/?email= hXXps://balanced-spotty-bulb.glitch[.]me/?email= hXXps://obtainable-lacy-concrete.glitch[.]me/?email= hXXps://gleaming-prickle-editor.glitch[.]me/# hXXps://bafkreigf4lbjar6kblfuw5vtxosdaa2cg5ntv7sl2a3fhl47xangdqmiba.ipfs.dweb[.]link/# hXXps://bloomdesign[.]biz/apps/thumbnail_tempiattee.php hXXps://local-rhinestone-burglar.glitch[.]me/# (Adobe creds harvesting) hXXps://saber-grove-agustinia.glitch[.]me/?email= hXXps://telling-winter-banjo.glitch[.]me/?email= hXXps://uttermost-protective-frame.glitch[.]me/?email= hXXps://victorious-capable-math.glitch[.]me/# hXXps://vine-lean-bathtub.glitch[.]me/?email= #PhishingAlert #TelegramExfiltration #PhaaS #CredentialTheft #ThreatIntel #PhishingKits

Worth my first post in a long time. We now have a dedicated account to publish threat intel. Check out @Kb4Threatlabs @KnowBe4 #humanriskmanagement #cybersecurity

Security advocate Martin Kraemer supports Australia's proposed social media age bans for teens, emphasising the need for strong enforcement and better education for parents and schools. #SocialMedia #Australia #TeensOnlineSafety techday.com.au/story/security…

📢‼️ Weltweit kommt es derzeit zu IT-Ausfällen in zahlreichen Branchen. Auch in 🇩🇪 gibt es betroffene Unternehmen, darunter Betreiber Kritischer Infrastrukturen. Nach aktuellem Erkenntnisstand gibt es keine Hinweise auf einen Cyberangriff. 👉 bsi.bund.de/dok/1116846

Check out my latest article: Why people cannot be the 'weakest' link in cybersecurity linkedin.com/pulse/why-peop… via @LinkedIn

A simple question for all of you working in #securityawareness and #humanrisk. 𝗧𝗵𝗲 𝘀𝗸𝗶𝗹𝗹𝘀 𝗻𝗲𝗲𝗱𝗲𝗱 𝗮𝘀 𝗮 𝘀𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗮𝘄𝗮𝗿𝗲𝗻𝗲𝘀𝘀 / 𝗵𝘂𝗺𝗮𝗻 𝗿𝗶𝘀𝗸 𝗽𝗿𝗼𝗳𝗲𝘀𝘀𝗶𝗼𝗻𝗮𝗹 𝗶𝗻 𝟮𝟬𝟯𝟬 𝗮𝗿𝗲 𝘁𝗵𝗲 𝘀𝗮𝗺𝗲 𝘀𝗸𝗶𝗹𝗹𝘀 𝗻𝗲𝗲𝗱𝗲𝗱 𝘁𝗼𝗱𝗮𝘆.

Check out the latest article in my newsletter: Real or Not, Here I Come, You Can't Hide linkedin.com/pulse/real-her… via @LinkedIn

@roepkix @EuroUsec @IngolfBecker @RWTH @gameandlearning That all sounds really interesting. Thanks for sharing! Looking forward to reading both papers

@EuroUsec @IngolfBecker Looking forward to read the paper 🤗 Together with my colleagues at @RWTH we developed an educational game with a similar idea. It was presented at #GaLA2022 doi.org/10.1007/978-3-…. Follow up work will be available at #GaLA2023 @gameandlearning. Stay tuned!

We have more on #phishing at #EuroUSEC2023 🎣 Conventional phishing awareness training does not seem to help people enough to avoid getting phished. Sarah Zeng and @IngolfBecker devised an adversarial training in which participants write phishing e-mails themselves. 👀 Curious?!

Loving the focus of these positions as they promise much needed research insights. How AI mediates social dynamics matters in everyday life as much as at work and in any other place. Would love to see a lot more focus on these topics.

it-sa 2023 - Besuchen Sie den Vortrag von Martin Kraemer, Security Awareness Advocate bei KnowBe4. Martin wird zeigen, wie Sie Daten zum Return-on-Security-Investment nutzen können, um den Aufbau Ihres Security-Awareness-Programms zu rechtfertigen. bit.ly/3PgLXEZ #itsa

Desinformation, die wahre Gefahr generativer KI für die IT-Sicherheit in Unternehmen? Jetzt gleich im Thought Leadership Beitrag bei IT-Daily um 14:30 Uhr (GMT+2). it-daily.net/konferenz-thou…

Join us at the forefront of scam prevention at the 4th Global Anti-Scam Summit 18 October in Lisbon.@markraemer will join industry leaders as they navigate the intricacies of the digital age. We hope to see you there! #GASS2023 bit.ly/3PKJBQ9

A trust crisis is amplified by the emergence of generative AI. It must concern organizations and society alike. linkedin.com/posts/martinkr…

Im Webinar der KnowBe4 GmbH vermittelt @markraemer Know-how „von der Sensibilisierungskampagne zu sicheren Verhaltensweisen". Interessierte Teilnehmende der ACS dürfen exklusiv kostenfrei teilnehmen: allianz-fuer-cybersicherheit.de/dok/1093458 #digitalundsicher #DeutschlandDigitalSicherBSI

Besuchen Sie den Vortrag von Dr. Martin Kraemer, Security Awareness Advocate bei KnowBe4, auf der it-sa. Martin wird erörtern, wie Sie Security Awareness nutzen, um Ihre Sicherheitskultur nachhaltig zu fördern. bit.ly/44WlaUd #itsa

🤖📊Excited to announce our new paper “Artificially Intelligent Opinion Polling” -arxiv.org/abs/2309.06029. Powered by social-media and LLMs, AI Polling drastically reduces costs and increases availability of precise, high-frequency, sub-national estimates of preferences...

Some bits for researchers and professionals alike. Why does the sound of voices matter for #cybersecurity? I did some digging. Read how we perceive voices, accents, and language. linkedin.com/feed/update/ur… #hci #ai @KnowBe4 @knowbe4germany

This paper has long been in the making. I'm proud to finally present one of the main contributions of my PhD thesis. Thanks to @ICOnews for the research grant and to @EPSRC for funding me.

New paper: “It becomes more of an abstract idea, this privacy” We explore familial use of smarthome technologies to inform the design for communal privacy experiences. With @georgechalhoub, Helena Webb, and Ivan Flechais. @Ox_CyberSec @CompSciOxford sciencedirect.com/science/articl…