CyberheistNews #22



CyberheistNews Vol 1, #22







Editor's Corner



KnowBe4


[caption id="attachment_1367" align="alignleft" width="150" caption="Stu"]cybercrime[/caption]



Warn Your Users: 4 Spear-Phishing Hooks For The Holidays











Expect some of the typical phishing lures to be cast this year, but more

targeted 'spear-phishing' twists raise the potential for damage. The CSO

website warned about this: "Cybercriminals are increasingly abandoning

the technique of casting a wide net by blasting thousands of email

accounts with a phishing scam. That's not nearly as lucrative as a

spear-phishing attack, which might take more work, but has the potential

for a much bigger payoff, according to Rohyt Belani, CEO of

phishing-awareness-training company PhishMe.







"The kind of phishing attacks that are working now involve targeting

specific employees at an organization," said Belani. "Every major breach

we have heard about this year has been initiated by a targeted phishing

attack—be it RSA, Epsilon, numerous defense contractors, Oak Ridge

National Laboratory and on and on.







Here are the highlights, the details are in their story:







1) Kick off your holiday shopping with this 10% off coupon for any store

at [your local mall]"







2) "[Your company] thanks for your hard work this year and invites you

to enter our holiday raffle"







3) "A year-end inspection has turned up mold in offices in our building

at [your work address]"







4) "[Your company] is migrating its payroll system before the end of

the year. Please enter your updated information to avoid interruption

of your direct deposit."







More:


http://www.csoonline.com/article/693966/4-spear-phishing-hooks-for-the-holidays?







The State Of Phishing











This week, I have found three reports for you, that all give a much

deeper insight in the current state of phishing. Two of these are

very recent, and the third one took some digging to find, as I was

looking for the actual cost of a phishing attack to a company.







Luckily I was able to find a report that Cyveillance created a few

years ago that calculates the shocking cost if your company is on

the receiving end of a phishing attack. This is all great ammo if

you need to get budget approval for a security training program.




And then here are 5 tips to get approval for budget as well!

http://www.knowbe4.com/getting-approval/



Quotes of the Week









"You may delay, but time will not." - Benjamin Franklin









"A man cannot be comfortable without his own approval." – Mark Twain









"Diligence is the mother of good luck." - Benjamin Franklin









Please tell your friends about CyberheistNews! They can subscribe here:


http://www.knowbe4.com/about-us/cyberheist-news/



KnowBe4






"We Discovered A Serious Human Vulnerability"







"I'm a system administrator and we regularly get user's workstations

infected with malware. Then Microsoft reported that 45% of the infections

are caused by the users being 'social engineered', so we decided to test it

out for ourselves."







"First we did the Email Exposure Check. Out of our 197 users, 87 email

addresses were found on the Internet. Then we did the Phishing Security

Test, and sent these 87 a relatively simple simulated phishing attack,

that could have been sent by any bad guy."







"We were shocked to see that our spam filters and antivirus did not

catch the phishing email, and that 24 of these 87 clicked on the link.

We discovered a serious human vulnerability." -- P.H. System Admin







Find out for yourself how big this human security hole is in your

organization. Fill out this form, you will the results for free:




http://www.knowbe4.com/eec/





KnowBe4






Anti Phishing Working Group Phishing 2011 First Half Report







The Anti Phishing Working Group just released their first half 2011 report.

The full report is available via the PDF below. They started out with:

"Phishers are an ingenious lot, and the successful ones develop their

own specialties and business plans. For example, in this report we

describe how Chinese phishers are using resources outside of their

country to attack users and companies inside of China. And elsewhere,

phishers have taken an old hacking trick and used it to great advantage,

multiplying the number of phish they can deploy against their favorite

targets. These and other tactics have significant implications for

phishing targets, service providers, and antiphishing responders. MORE:


http://www.antiphishing.org/reports/APWG_GlobalPhishingSurvey_1H2011.pdf





KnowBe4






MarkMonitor Fraud Intelligence Report Third Quarter 2011







This is an interesting report, and it shows a host of detailed fraud

numbers. One section is on phishing attacks by industry: "The Financial

sector continued to be the most phished industry, accounting for 44%

of phish attacks, while the Payment Services sector accounted for 20%.

The Retail/Service sector increased again to include over 14% of

total phish last quarter. Auctions, Online Gaming and Social Networking

remained important sectors attracting 4 - 5% of total phish attacks.

Here is the whole report:


https://www.markmonitor.com/download/report/Fraud_Report-Q3_2011.pdf





KnowBe4






Cyveillance Report On True Cost Of Phishing



Cyveillance is one of the leading companies in cyber intelligence. A few

years ago they published a report that still holds water and provides

value, as it shows you how much phishing attacks really cost. That price

tag has not changed much, but the amount of attacks has.







"How much do phishing attacks really cost organizations? This question

has intrigued and frustrated the security industry since attacks began

to appear. According to Gartner study released in December 2007, phishing

attacks represent a staggering amount of fraud, costing organizations

more than 3 billion dollars annually. Even more shocking than this cost

is the fact that phishing is a steadily growing problem with no end in

sight.







This increase in phishing is hardly a surprise, as this form of online

fraud has grown into one of the most common and most profitable scams

for criminals. The schemes vary, but they typically involve using some

combination of spoofed junk email (spam), malicious software (malware),

and fake Web pages to harvest personal information from unwitting

consumers.







Customers of both well-known brands and lesser-known companies alike

have fallen victim to this pervasive form of online fraud. In fact,

over the past three years, Cyveillance, the world leader in cyber

intelligence, has detected phishing attacks against more than 2,000

brands across 30 countries.







Organizations often have a difficult time assessing how phishing affects

their finances, as there are numerous factors to take into account when

trying to measure the cost as well as the impact phishing has on

customers, productivity and reputation. In this document, Cyveillance’s

phishing experts explain the costs of phishing attacks, in a manner that

can be easily adjusted to any organization’s specific business model

or support process". More:


http://www.antiphishing.org/sponsors_technical_papers/WP_CostofPhishing_Cyveillance.pdf





KnowBe4






Cyberheist 'FAVE' LINKS:







* This Week's Links We Like. Tips, Hints And Fun Stuff.





Surfer rides a 90 foot wave and sets a new World Record:


http://www.flixxy.com/surfer-rides-90-foot-wave-world-record.htm






Dance breaks out at Dubai International Airport:
http://www.flixxy.com/dubai-airport-flash-mob.htm





Robin Williams has a tickle fight with a Gorilla:
http://www.flixxy.com/robin-williams-has-a-tickle-fight-with-a-gorilla.htm





National Geographic presents some amazing pictures and facts about our

planet in "Visions of Earth":
http://www.flixxy.com/visions-of-earth.htm





Modern Samurai Isao Machii shows his amazing skill with a Samurai sword:
http://www.flixxy.com/modern-samurai-isao-machii.htm





In 1995, during the making of his TV series "Triumph of the Nerds" about

the birth of the PC, Bob Cringely did a memorable hour-long interview with

Steve Jobs. Only a small portion of that interview was used and the rest

was lost, until just a few days ago when a copy was found in the director's

garage:
http://www.flixxy.com/steve-jobs-the-lost-interview.htm




Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews