KnowBe4: Hackers love social media

Do you have an email in your inbox with LinkedIn in the subject line?

Clicking on it could increase the risk of a phishing attack, ransomware breach or other social engineering-related threat, warns Stu Sjouwerman, CEO of KnowBe4, a Clearwater cybersecurity firm.

Stu Sjouwerman, CEO, KnowBe4

KnowBe4, one of the fastest-growing companies in the Tampa Bay area, provides awareness training for recognizing red flags for phishing. Phishing emails are those in which someone is posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking and credit card details, and passwords.

“At the moment we find that bad guys are using existing platform like Dropbox or Office 365. They use the platform itself to steal someone’s user name or password. Using the platform itself makes it harder to spot and it also makes it harder for the security software to catch it,” Sjouwerman said. “Any email that has to do with or related to LinkedIn should be looked at with a healthy dose of skepticism.”

Simulated phishing tests that include “LinkedIn” in the subject line are clicked 50 percent of the time by users of the platform. It was the top-clicked phishing subject line in the first quarter 2019, KnowBe4 said.

LinkedIn and other social media give an all-access entry point into an organization because some social media accounts are tied to corporate email addresses, according to Sjouwerman. Instead of clicking on the email, he said users should go directly to the website that purports to have sent it.

That advice is the type of weapon KnowBe4 wants to give its customers to fight the bad guys trying to steal information on the internet. The company will provide those tools at the upcoming KB4-Con, a user conference designed to provide insight into risk management, phishing tactics, new developments on the Dark Web and more.

“It’s an ongoing challenge. It’s a game of chess or cat and mouse. The issue is that it’s an arms race on the internet, and the bad guys are extremely innovative, and they are always coming up with new tricks to scam users. Those users need to be continually kept on their toes,” Sjouwerman said. “We’re trying to give everyone enough ammo and tools so that they can keep building and strengthening the human firewall we are building.”

The user conference is the second one for KnowBe4, a rapidly growing company that provides awareness training for recognizing red flags for phishing. KnowBe4 had $64.5 million in revenue and 253 employees when it ranked No. 96 on the most recent Inc. 5000 list, published in August. The company just hit 700 employees and is occupying six floors in two buildings, said Sjouwerman.

KB4 attendance also is on the fast track.  Last year’s conference drew 250 people. More than 800 have registered for this year’s event.

“What they are there for are to learn the current threats on the internet, what do we see as future threats in our niche, the human side – and what kind of defenses do you need to put in place today and also in a couple of years,” Sjouwerman said.

The conference will kick off with a keynote from Apollo Robbins, who describes himself as one of the world’s leading experts on pickpockets. There’s a connection between pickpockets and other forms of deception and cybersecurity, Sjouwerman said.

“The link is the human. What we train people on is how to make smarter security decisions. That’s not necessarily not only don’t click on links and emails, but it’s also don’t let someone you don’t know tailgate into your office,” Sjouwerman, referring to the practice of allowing an unauthorized person to enter a restricted area simply by following an authorized person through an open door. “Robbins is able to take it from how do you deceive people to how do people get deceived, what are the mechanics of that. It’s a super fun segue into the conference.”

More information on KB4-Con is here.