A new phishing campaign uses an email template that pretends to be a reminder to complete security awareness training from a well-known security company. The phishing email warns that the link will not be on the standard phishing training platform but on an external site. The attackers have collected both the victim’s email address, password, and personal information, they can use it in further targeted attacks such as BEC scams or to access a victim’s network. If something looks suspicious, employees should contact their network administrators to confirm the email’s authenticity.
Source: https://www.bleepingcomputer.com/news/security/this-security-awareness-training-email-is-actually-a-phishing-scam/