CyberheistNews #19



CyberheistNews Vol 1, #19







Editor's Corner



KnowBe4


[caption id="attachment_1367" align="alignleft" width="150" caption="Stu"]cybercrime[/caption]

We all know the expression 'sex sells'. It's not true though. Sex

draws the attention, but certainly does not 'sell' in the sense

that once attention has been drawn, there is follow-through and

an actual purchase. However, promising potential sex is a powerful

lure on the Net, and many people continue to fall for it. This

scam of the week is on the blogging site tumblr. Thousands of

logins for emo-blogging platform tumblr have been stolen in the

past week via a phishing attack that lured users to enter their

credentials in exchange for the promise of erotic content.







When someone promises adult content on the Internet, don't walk, RUN.

Imagine a cop that sternly states: "Step Away From The Keyboard!"

Here is how this scam worked:


http://consumerist.com/2011/06/erotic-phishing-attack-steals-thousands-of-tumblr-logins.html





Apologies For Last Issue.







Last newsletter had severe problems with the links at the end of each

article. The company that sends CyberheistNews had technical issues,

and the redirects did not work, causing any link that was clicked to

time out. Our apologies!







5 Tips To Get Budget Approval For Security Awareness Training







As a System- or Network Admin or IT Security Manager you know that

Security Awareness Training is a crucial part of ‘Defense-in-depth’

to keep your organization secure. Microsoft just reported that a

whopping 45% of malware infections are caused by social engineering.

But that same awareness has often not yet filtered up into top management,

who simply do not know the dangers of (spear-) phishing yet. So it can

be a challenge to get the approval and receive the budget to run a

security awareness program. Here are five helpful hints and tips to

get that approval:


http://www.knowbe4.com/getting-approval/







Quotes of the Week









"We do not take humor seriously enough." - Konrad Lorenz







Please tell your friends about CyberheistNews! They can subscribe here:


http://www.knowbe4.com/about-us/cyberheist-news/



KnowBe4






Loose Lips Still Sink Corporate Ships, Social Engineering As Lethal As Ever







Darlene Storm at ComputerWorld wrote: "Last year at DefCon, contestants

proved their social engineering schmooze was lethal to corporate America.

Even after all the lessons learned from this summer's high profile hacks,

many of which like HBGary were made possible by social engineering

attacks, the results from the 2nd annual social engineer Schmooze Strikes

Back contest were the same. Loose lips still sink corporate ships;

social engineering is no less lethal to companies. As the Social

Engineering Capture the Flag report states "in the end, all of the

companies would have received a failing mark in a real social engineering

penetration test." In the article there is a link to the Capture The

Flag report at the Social-Engineer website. Very interesting to say

the least:


http://cwonline.computerworld.com/t/7679225/987374514/538477/0/





KnowBe4






Are On-Screen Keyboards Really More Secure?







The built-in on-screen keyboard that comes with many operating systems

is designed to help people who are unable to use a physical keyboard

because of disabilities. Due to this, an on-screen keyboard behaves as

much like a real keyboard as possible and it's activity will most likely

be logged by a keylogger:


http://superuser.com/questions/29983/are-on-screen-keyboards-really-more-secure







On-screen keyboards specifically designed for security (on a bank's

website, for example) are a different story and are likely more secure

against keyloggers.


http://www.viruslist.com/en/analysis?pubid=204791931





KnowBe4






Fraud Intelligence Report Third Quarter 2011



MarkMonitor reports that the phish attack volume grew 7% from the

previous quarter to 103,702 attacks. Retail/Service phishing continued

to increase, growing 43% to 14,572 attacks. The Financial sector continued

to be the most phished industry, accounting for 44% of phish attacks,

while the Payment Services sector accounted for 20%. Social Networking

sector phish increased 33% from the second quarter to 4,767 attacks

and was 145% above its level from a year ago.







American brands remained in the top spot with 56% of phishing attacks,

China second, while British brands dropped to the number three position

with 12% of phishing attacks. Source:


https://www.markmonitor.com/download/report/Fraud_Report-Q3_2011.pdf





KnowBe4






Should I Change My Password?







2011, aka the 'year of the data breach', with hackers publishing tons

of stolen information online weekly. Now a new site called pwnedlist.com

lets you check to see if your email address or username may have been

compromised.







The site is the creation of Alen Puzic and Jasiel Spelman, two security

experts from DVLabs, a division of Hewlett Packard. Enter your email

address into the site, and it will look if it was found in any of the

recent published stolen data:


http://www.pwnedlist.com





KnowBe4






Cyberheist 'FAVE' LINKS:







* This Week's Links We Like. Tips, Hints And Fun Stuff.





“Stopover”, a 3 minute animated short film about spaceman, who makes

an unplanned pit stop leading to a close encounter of the third kind:


http://www.flixxy.com/alien-pit-stop-sci-fi-short-film.htm






And how close do ‘Blue Angels’ get to each other? This close!!!
http://www.flixxy.com/blue-angels-formation-flying.htm





Railroad tank car implosion experiment. Read the explanation:
http://www.flixxy.com/railroad-tank-car-vacuum-implosion.htm





Dog lays a stick by the statue of computer scientist Alan Turing and is

trying hard to get him to throw it for him:
http://www.flixxy.com/dog-wants-statue-to-throw-stick.htm





The World's first manned flight of an electric multicopter. I can’t wait

to get my own personal helicopter!:
http://www.flixxy.com/worlds-first-manned-flight-of-an-electric-multicopter.htm





Every magician likes to involve a pretty girl in his magic tricks but it's

not often that the pretty girl is also a magician herself:
http://www.flixxy.com/world-magic-awards-double-fantasy-duo.htm







The Chief Security Officer Website has a Daily Dashboard with a host

of very useful alerts and tips. Check it out here:
http://dashboard.csoonline.com/




Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews