Security Awareness Training Blog

Keeping You Informed. Keeping You Aware.

Two New KnowBe4 Phishing Categories: Scam Of The Week and Reported Phishes of the Week

KnowBe4's Templates Mistress Katie has added two new categories to the System Templates:
1) SCAM OF THE WEEK - this will act as an optional weekly newsletter for you to send to your users. Similar to Security Hints and Tips but updated weekly, it will contain Stu's "blurb to send to your employees, friends and family" that he includes as part of his blog or CyberheistNews (mostly) each week.   See FAQ: How to set up a "Scam of the Week" email newsletter for your users:
2) REPORTED PHISHES OF THE WEEK -  This category will contain copies of the Top 10 actual Phish Alert Button-reported phishing emails. You will have fresh templates each week which represent real-life phishing attacks.

IT Security Is A Protoscience, Think 19th Century Chemistry

So I get the Andreessen Horowitz newsletter. It has a topic called "Security is a protoscience (and more on 'so you want to work in security') - Michal Zalewski" I'm intrigued so I click on it and I get a short blog post that lays it out pretty clearly. This is a cross-post of what he states, and I have to admit what Michal states rings true. You can discuss it on his blog. 

KnowBe4's Field Guide to Macro Warning Screens

Earlier this week today we assisted several companies that were hit by ransomware. Although companies and organizations hit by ransomware can usually pinpoint the source or employee responsible for a ransomware infestation, they often cannot identify the precise attack vector used to compromise the victim's PC. In the two cases we just handled, however, the attack vector used by the bad guys was identified: macro-laden Word documents delivered through phishing emails.

Ransomware & Voicemail Notifications, Redux

Several days ago we posted about a new ransomware campaign pushing Cerber through malicious ZIP files attached to voicemail-themed phishing emails. Fast on the heels of that campaign comes yet another voicemail-themed ransomware campaign, only this one is pushing Zepto ransomware through zipped .WSF files.

Here is a Real DDoS Plus Ransomware Extortion Attack

One of our customers received the following email today. It's a clear extortion attempt, they are threatening to execute a combined DDoS and Cerber ransomware attack. These bad guys claim to be the Armada Collective, but the original gang was arrested and are no longer in the running. However, there are copycats that have taken the Armada approach, and send this type of extortion emails to people:

Heads-up! Voice message notification email warning could be ransomware


Don't play voicemail messages from suspicious sources. Example displayed in MS Outlook. Image credit: SANS ISC.

Xavier Mertens at the SANS Internet Storm Center had a great item that we have been warning against for a while now.

He started out with: "Bad guys need to constantly find new ways to lure their victims. If billing notifications were very common for a while, not all people in a company are working with such kind of documents. Which types of notification do they have in common? All of them have a phone number and with modern communication channels... everybody can receive a mail with a voice mail notification. Even residential systems can deliver voice message notifications."

How Highly Personalized Ransomware Attacks Are Getting

CyberheistNews Subscriber Stuart Sanders sent me this: "A friend of mine in Melbourne Australia has been whacked by several crypto attacks on his clients in the last week. He supports accountants, just accountants nothing else."

Here is an example 2-stage attack which shows how highly personalized these attacks are getting. Note the language is getting better, but is not perfect. 

Scam Of The Week: FTC Refund Phishing Phraud

There is a new Scam Of The Week where bad guys are trying to trick people into clicking on phishing links to receive an FTC refund, with the twist that the refund is actually real.

The FTC first took action against J. K. Publications, Inc in 1998.  These scammers purchased access to the credit card account numbers of more than three million Visa and MasterCard holders from a California bank with the pretext to confirm that the customers had valid credit cards and debit cards.

However, back at the ranch, they made illegal charges on the cards for X-rated Websites. Quite a few of the people who had been fraudulently charged didn't even own a PC at that time!

The FTC was able to quickly shut down the scam, but J.K. Publications and the people involved in the scam managed to hide millions of the fraudulently obtained dollars in off-shore banks. It took the FTC a very long time to get the money back but they are at the moment mailing 322,000 checks to victims of this scam. 

Subscribe To Our Blog

Phish Your Users

Posts By Topic

View All

Get the latest about social engineering

Subscribe to CyberheistNews