CyberheistNews Vol 5 #8 | Two Disgusting Scams Of The Week: Death And Taxes




 
                                                                                                                
                                                                           
                                                                                                                                       

Scam Of The Week #1: Death In The Family

Cybercrime is innovating on a known and disgusting scam; preying on people that have recently suffered a loss. Used to be that old time scam artists read the obituary notices in the paper, dress in black and show up to  freeload at funerals. Well, here is the modern equivalent and it's much worse. Keep in mind that over 2.4 million Americans die in accidents every year, and over 1 million of these are sudden.

Unfortunately, the Internet allows crime to scale, so a new criminal  industry of death has developed. These criminals scan the Internet for a  death in the family and start social engineering the immediate family  members via email or social media by claiming the deceased left them a  confidential message that must be kept secret. They insist on strict  confidentiality and after a few emails it turns out they want $2,500  in exchange for 3 DVDs and other "very important documents". How deep  can these people sink? You'd wish for them to be six feet under themselves.

I would send your users something like the following. Feel free to edit:

"By now you are used to seeing spam and phishing emails in your inbox, but cunning cybercriminals are constantly coming up with new ways to find victims. Unfortunately, the direction that this is going is more  and more targeted. That means cybercrime can directly target YOU because  they have information specifically related to your personal data or events.

"At the moment, cyber criminals scan for deaths in your family (2,4  million Americans die every year, and over 1 million of these are sudden) and then try to scam you by claiming the deceased has left them very confidential information that needs to be kept secret from the rest  of the family. They demand you transfer money for DVDs and "very  important documents". Don't fall for it. It is a shame if you  suffer a major loss that you also need to be on your guard for  criminals like this, but they prey on you when you are at your  most vulnerable. Keep an eye out for this when something like this  happens in your family or a friend's!  Here is a link to the blog post:
http://blog.knowbe4.com/scam-of-the-week-death-in-the-family

Scam Of The Week #2: The IRS is Suing You

Feb 20, 2015 at 8am I received a robo-call at the house in a female voice  that said the following: "We have been trying to reach you. This call  is officially a final notice from IRS, the internal revenue service.  The reason of this call is to inform you that the IRS is filing lawsuit  against you. To get more information about this case file, please call  immediately on our department number 360-362-4254"

The area code 360 is very cleverly western Washington outside of Seattle,  but it looks official when you see the "Washington" caller ID. First thing  I thought was "wrong mark!" and of course I got really interested to see  if I could call them back and mess with them, but the line was busy.  Too bad, that would have been fun but don't try this at home. 

However, this is another heads-up that these social engineering attacks  are happening all the time and are targeting your employees at the house.  I would send an email to your users with something like this:

"It's tax season and cybercriminals are trying to make money off this opportunity. At the moment, massive amounts of robo-calls are being made to people at the house claiming that the IRS is suing you, with a callback number in Washington. The same is happening with IRS phishing emails. Don't  try to call the number, and delete the emails. These scammers use high  pressure tactics to extort your money. Remember to never give out personal  information to anyone unless YOU have initiated the contact."

Here is a link to the blog post:
http://blog.knowbe4.com/just-got-a-social-engineering-call-that-the-irs-is-suing-me


Warm Regards,
Stu Sjouwerman



Quotes Of The Week

 

Quotes of the Week:

" The fear of death follows from the fear of life. A man who lives fully  is prepared to die at any time.  "  - Mark Twain

" The only difference between death and taxes is that death doesn't get  worse every time Congress meets. "  - Will Rogers

 


 

Thanks for reading CyberheistNews!

 

 

Security News

 

Which Employees Are Most Likely To Fall For Phishing Attacks?

Did you know that 91% of successful data breaches started with a  spear-phishing attack... but who clicked?

Take the first step now to significantly improve your organization’s  defenses against cybercrime. You will be able to immediately start  your Free Phishing Security Test (PST). No need to talk to anyone.  The PST allows you to find out what percentage of your users is  Phish-prone. Start here. Did we say this is free?
http://www.knowbe4.com/phishing-security-test/

Most Vulnerable Operating Systems And Applications In 2014

Christian Florian at GFI wrote a great blog post. Here is a short extract but I suggest you read the whole thing at their site.

An average of 19 vulnerabilities per day were reported in 2014, according  o the data from the National Vulnerability Database (NVD). The NVD provides  a comprehensive list of software security vulnerabilities. In this article,  I look at some of the trends and key findings for 2014 based on the NVD’s  database. Some of the questions asked are:

  • What are the latest vulnerability trends? Are we seeing an increase or  a decrease in the number of vulnerabilities?
  • What percentage of these vulnerabilities are rated as critical? (e.g.  high security impact – like allowing remote code execution – and thus  easy to exploit)
  • In which areas do we see the most vulnerabilities? Are operating systems,  third-party applications or network devices such as routers, switches,  access points or printers most at risk?
  • Which operating systems and applications are listed with most  vulnerabilities? This data is important because the products which are  on top get the most frequent security updates. To maintain an IT  infrastructure secure, sysadmins need to continually monitor these  operating systems and applications for the latest updates and ensure  they are always fully patched.

7,038 new security vulnerabilities were added to the NVD database in  2014. This means an average of 19 new vulnerabilities per day. The number  is significantly higher than in 2013 and continues the ascending trend  over the past few years. Read the post and see the trends:
http://www.gfi.com/blog/most-vulnerable-operating-systems-and-applications-in-2014/

New Details About $1 Billion Crime Ring

In an exclusive interview with Tracy Kitten, Sergey Golonvanov, a threat  researcher at Kaspersky Lab, explains how a highly sophisticated and  well-funded crime ring based in Russia, which made headlines over the  weekend for successfully defrauding up to $1 billion from banks in  Europe, the U.S. and elsewhere, was able to fly under the radar of  detection for nearly a year. The ring used a string of seemingly  unrelated malware attacks aimed at compromising everything from ATMs  and money-transfers to retail point-of-sale systems.

The group, which Kaspersky calls Carbanak, is one the White House, the  Federal Bureau of Investigation, Interpol and Europol, as well as  numerous security firms, have been keen to learn more about, Golonvanov  says. More at:
http://www.bankinfosecurity.com/interviews/new-details-about-1-billion-crime-ring-i-2582?

 

Purikura refers to Japanese photo booths that heavily edit your picture and print an instant version of a "perfect you" on a sticker. Armed with  heavy makeup, Canadian native Micaela Braithwaite experiments:
https://aplus.com/a/purikura-experiment-japan-photobooths

WATCH: Magnetic silly putty eats a magnet. Weird, scary and there are  more videos with magnetic putty fun:
https://boingboing.net/2015/02/20/watch-magnetic-silly-putty-ea.html

                                                                   
                                           



Subscribe To Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews