CyberheistNews #15



CyberheistNews Vol 1, #15







Editor's Corner

KnowBe4


[caption id="attachment_1367" align="alignleft" width="150" caption="Stu"]cybercrime[/caption]

How You Get Spear-Phished





How do you think the bad guys do their spear-phishing attacks? They

do research about your organization on your website, any relevant

social networks, and then they do a deep search on the Net for any

and all email addresses with your domain name. Next, they craft an

email with a link or attachment that they hope as many employees

as possible will click on or open. The link or attachment infects

the workstation of the employee and allows the hackers in. Example:

Employees at RSA opened an infected Excel spreadsheet that was

called "2011 Recruitment Plan".







Now you can see for yourself how many of your organization's email

addresses are floating out there on the Net, free for the bad guys

to grab and attack. KnowBe4 is providing you with a FREE one-time

deep search with the addresses and where they were found. Most people

that ask for this are surprised with the results. Request your Email

Exposure Check now and see what the bad guys see:


http://www.knowbe4.com/eec/





'Enforcement Promotes Compliance'









Howard Anderson, Executive Editor at HealthcareInfoSecurity

interviewed Leon Rodrigues, The New HIPAA Enforcer.







Leon Rodriguez, the new director of the Department of Health and

Human Services' Office for Civil Rights, describes his HIPAA

enforcement agenda. Why you read about it here, is that he is

going to focus on education.







"As I've learned as a prosecutor and then as a defense lawyer,

enforcement promotes compliance," Rodriguez says. "The fact that

covered entities out there know that they are at risk for penalties

is something that, in fact, in many cases will promote compliance."

Nevertheless, Rodriguez stresses in an exclusive interview with

HealthcareInfoSecurity the need for also using education to help

boost compliance. "It's going to be important for us to make sure

that we do everything we can to assist those covered entities that

want to understand what the rules are. ... So we're also going to

be focused on outreach and education no less than on enforcement."







You can read the full article here, and also get it as a Podcast:


http://www.flixxy.com/tribute-for-steve-jobs-on-his-30th-birthday.htm





Quotes of the Week









"Optimism is essential to achievement and it is also the foundation

of courage and true progress."
- Nicholas Murray Butler







"The world of achievement has always belonged to the optimist." - J. Harold Wilkins







"A pessimist sees the difficulty in every opportunity; an optimist

sees the opportunity in every difficulty."
- Winston Churchill







Please tell your friends about CyberheistNews! They can subscribe here:


http://www.knowbe4.com/about-us/cyberheist-news/



KnowBe4






The State of Hacked (Email) Accounts







Commtouch’s research report on The State of Hacked Accounts presents

statistics on the theft, abuse and eventual recovery of Gmail, Yahoo,

Hotmail and Facebook accounts. The data reveals that most users get

hacked at high rates even when they do not think they are engaging

in risky behavior, with 62% unaware of how their accounts had been

compromised. The results presented in the report rely on a comprehensive

end-user survey together with data from Commtouch’s GlobalView™ Network,

which tracks and analyzes billions of Internet transactions daily.







Other highlights from the research include:





  • Less than one-third of users noticed their accounts had been

    compromised, with over 50% relying on friends to point out their

    stolen accounts.

  • 15% of users thought their credentials were stolen after they used

    a public Internet terminal or WiFi network.

  • One in eight hijacked accounts were used for a phony distress email

    scam that asks friends to wire funds to a foreign country, and over

    half of the accounts were used to send spam.









    KnowBe4






    Tell Users About The Next Android Banking Trojan







    Mobile devices with the Android Operating System have been found to

    get infected with a special version of the ZeuS trojan, and now there

    are reports that the SpyEye malware also has made the jump to Android.

    Online crime prevention vendor Trusteer reported that says that SpyEye

    masquerades as a security app and can intercept incoming SMS text

    messages. That allows SpyEye to bypass the mobile TAN system.









    Both Android and SpyEye attack the human, they try to social engineer

    the user to download and install the app. Trained users will not fall

    for a trick like this, so please tell your employees about this scam.









    KnowBe4






    "What's a Company's Biggest Security Risk? You."



    You may not have had the chance to read the article about social

    engineering in the Wall Street Journal where KnowBe4 is mentioned.

    We got a PDF version of it, which you can now read. See the full

    version by clicking on: 'Click Here To Read The Entire The Wall

    Street Journal Article":


    http://www.knowbe4.com/about-us/knowbe4-in-the-news/







  • KnowBe4






    Cyberheist 'FAVE' LINKS:







    * This Week's Links We Like. Tips, Hints And Fun Stuff.





    SUPER Fave: Leaving a trail of smoke, wingsuit formation flyers skim

    inches away from the mountain at a speed of over 100 mph:


    http://www.flixxy.com/wingsuit-formation-flying-alt.htm






    Thousands of rainbow popsicle sticks, layered together into an enormous

    exploding chain reaction. Can you explain how this giant popsicle stick

    wave works?
    http://www.flixxy.com/popsicle-stick-wave.htm





    Is this the most amazing time lapse video yet? (Spoiler: It is)
    http://www.flixxy.com/landscapes.htm





    A beautiful 3-minute movie by inspired by numbers, geometry and nature:
    http://www.flixxy.com/nature-by-numbers.htm





    Long before the iPod, iPhone or iPad, Steve Jobs was honored for his

    work on the Macintosh by his Apple coworkers, who created this

    never-before seen short film for his 30th birthday:
    http://www.flixxy.com/tribute-for-steve-jobs-on-his-30th-birthday.htm




    Subscribe to Our Blog


    Comprehensive Anti-Phishing Guide




    Get the latest about social engineering

    Subscribe to CyberheistNews