KnowB4 customers are some of the easiest to spearphish. This is just one example of why.

Their official instructions tell customers to setup filter bypasses that any attacker can also use. In the instructions, they include absolutely no cautionary info about it. 🤡 https://t.co/gmHSz6MS6i

Phish Sim like knowbe4 is very often executed horribly, like what is seen below. Most of the time, it’s used to send “gotcha” emails that are nothing like what actual attackers are sending. https://t.co/r01bn7nYO2

If anyone would like to validate the screenshot from my first post: https://t.co/hU4erBTXYY https://t.co/xRmzCrTPf4

It’s not like this is a secret. Knowbe4 just doesn’t care. They claim to have 30k customers. It’s easy to find them: https://t.co/rAsMYJF7yP

And as you can see, this isn’t the first time attention has been put on this. Knowbe4 just doesn’t care.

It’s their customers are quite literally the Last To Know thanks to KnowBe4’s docs & system design. https://t.co/yWX7lTntkv

The real poetry here is how this mirrors the impact of most phishsim programs when it comes to the education & psychology side. Most are teaching employees to take the bait of real attackers while wasting energy, time, & good faith that could have been used for positive change.

the irony https://t.co/seYhdfy0oa

It’s been going on for years. I really do mean it when I say KnowBe4 customers are the Last2Know. https://t.co/cdqFokKo0Q

Even if your phish sim isn’t opening a backdoor on your email system, it’s most likely opening a backdoor into user behavior.

Check out this study that just dropped

https://t.co/6YwHdCPEid https://t.co/reWFuROtPu