CyberheistNews Vol 2, #42
Editor's Corner
[caption id="attachment_1367" align="alignleft" width="150" caption="Stu"]
[/caption]
Scam Of The Week: "You Have Been Targeted For Assassination"
Yup, no kidding! Some of the cybercrime gangs have pulled out all the
stops and went into 'full threat mode'. They actually have been at this
for a while, and every month they must be sitting down and decide what
sort of stupid but scary threat they will cook up now to keep their scam
from "going stale".
The last few weeks, the Internet Crime Complaint Center (IC3) reported
they received complaints about the latest version of 'Hit Man Scam' which
now tells people via e-mail they have been targeted for assassination.
The complainers told IC3 that the email wants them to buy a security
alarm so they can use that if they see suspicious activity.
The e-mails were signed by Agent Bauer (remember "24" on TV?) of the fictional
International Intelligence Bureau. It is always surprising how many people
go into panic mode and start clicking on links to avoid a negative consequence.
While most people know such an email is a hoax, the scammers obviously find
enough people that respond to make it worthwhile for them keep the scam going.
For the full text of the email, here it is on the KnowBe4 Blog, and you
might want to warn your users that this kind of scam is doing the rounds
again:
http://blog.knowbe4.com/scam-of-the-week-you-have-been-targeted-for-assasination/
Please Forward This Newsletter To Your Friends
There are 40,000 people getting CyberheistNews every week, but
we need to get the word out to many more, to protect everyone's
network. Please forward this newsletter to people you know, that can
benefit. Here is the link to subscribe:
http://www.knowbe4.com/cyberheist-news/
Quotes of the Week
"Those who want the Government to regulate matters of the mind and spirit
are like men who are so afraid of being murdered that they commit suicide
to avoid assassination." - Harry S. Truman
"Demoralize the enemy from within by surprise, terror, sabotage, assassination.
This is the war of the future." - Adolf Hitler
Please tell your friends about CyberheistNews! They can subscribe here:
http://www.knowbe4.com/cyberheist-news/
Get Your Free FULL Copy Of 4-Star E-book 'Cyberheist'
Ben Rothke, an IT security specialist and author, recently reviewed my
book 'Cyberheist' and gave it 4 stars! He ended off with: “At under 200
pages, Cyberheist: The biggest financial threat facing American businesses
since the meltdown of 2008 is not the definitive text or the most
comprehensive one on the topic. But for those looking for a brief
and easy to read overview of the topic, with a lot of real-world
advice, Cyberheist: The biggest financial threat facing American
businesses since the meltdown of 2008 makes for a good read.”
Register Now For Your Free FULL Copy (instant PDF Download)
http://www.knowbe4.com/free-e-book/
'Microsoft Windows Update' Tries To Steal Email Passwords
Watch out for emails that supposedly come from privacy 'at' microsoft.com -
as these are scam emails trying to steal your AOL, Gmail, Yahoo or
Windows Live username and password.
At first glance, if you don't look too carefully, the emails entitled
"Microsoft Windows Update" may appear harmless enough. But the grammatical
errors and occasional odd language should raise alarms bells that the
emails may not really be from Microsoft. This is a screenshot of the
phishing email: (Hat Tip to Sophos.):
Non-Encrypted Stolen Devices Cause Big Fines
Marianne Kolbasuk at Healthcare Infosecurity reported that "The latest
updates to the federal tally of major health information breaches confirm
that the loss and theft of unencrypted devices continue to plague the
industry. Eight of the 10 incidents added to the tally in the past
month involved lost or stolen unencrypted computing devices, including
six laptop thefts. Since federal regulators began tracking major breaches
in September 2009, about 54 percent of incidents have stemmed from lost
or stolen unencrypted devices or storage media.
Many organizations have yet to encrypt all laptops containing patient
information because of misperceptions about the cost involved and the
potential impact on computer performance, some observers say. And device
thefts are often the result of carelessness or a lack of awareness of
security risks.
As federal authorities continue to ramp up HIPAA enforcement efforts
with hefty penalties for non-conformance, however, there is more pressure
on organizations to take more steps to protect patient data. More:
http://www.healthcareinfosecurity.com/stolen-devices-persistent-problem-a-5133?
Why Google Acquired VirusTotal
The NSS Labs keep track of the mean block rate for socially engineered
malware worldwide. This is a VERY interesting graph. MS Internet Explorer
crushes all the other browsers in a test like this. Why? They have the
'smartscreen' filter technology which is nothing more than a community
based reputation feed. The other browsers do not have this. Check out
the results at NSS:
https://www.nsslabs.com/reports/web-browser-group-test-socially-engineered-malware-q3-2011
Now, Google has always had a sharp nose for improving its product. VirusTotal
is a website with a scanning service that checks files for viruses and all
kinds of other malware. They use up to 44 antivirus scanners to check the
files uploaded by users. As you can imagine, the site has a massive database
of both malicious and benign files, which is constantly updated and basically
constitutes - you guessed it - a community based reputation feed. And what
does Google need to beef up its Chrome browser to match IE? Right.
Cracking Your PIN Code: Easy as 1-2-3-4
It continues to be true that people choose easy to guess passwords. This
is a major liability for your network security. It's even worse with PIN
codes.
Lisa Scherzer had the story at Yahoo Finance. "If you lost your ATM card
on the street, how easy would it be for someone to correctly guess your
PIN and proceed to clean out your savings account? Quite easy, according
to data scientist Nick Berry, founder of Data Genetics, a Seattle technology
consultancy.
Berry analyzed passwords from previously released and exposed tables and
security breaches, filtering the results to just those that were exactly
four digits long [0-9]. There are 10,000 possible combinations that the
digits 0-9 can be arranged into to form a four-digit code. Berry analyzed
those to find which are the least and most predictable. He speculates that,
if users select a four-digit password for an online account or other web
site, it's not a stretch to use the same number for their four-digit bank PIN codes.
What he found, he says, was a "staggering lack of imagination" when it
comes to selecting passwords. Nearly 11% of the 3.4 million four-digit
passwords he analyzed were 1234. The second most popular PIN in is 1111
(6% of passwords), followed by 0000 (2%). (Last year SplashData compiled
a list of the most common numerical and word-based passwords and found
that "password" and "123456" topped the list.)
Berry says a whopping 26.83% of all passwords could be guessed by attempting
just 20 combinations of four-digit numbers (see first table). "It's amazing
how predictable people are," he says. We don't like hard-to-remember numbers
and "no one thinks their wallet will get stolen," Berry says. More:
http://finance.yahoo.com/blogs/the-exchange/cracking-pin-code-easy-1-2-3-4-130143629.html
Prevent Email Phishing
Want to stop Phishing Security Breaches? Did you know that many of the
email addresses of your organization are exposed on the Internet and
easy to find for cybercriminals? With these addresses they can launch
spear-phishing attacks on your organization. This type of attack is
very hard to defend against, unless your users are highly ‘security
awareness’ trained. IT Security specialists call it your ‘phishing
attack surface‘. The more of your email addresses that are floating out
there, the bigger your attack footprint is, and the higher the risk is.
Find out now which of your email addresses are exposed with the free
Email Exposure Check (EEC). An example would be the email address and
password of one of your users on a crime site. Fill out the form and
we will email you back with the list of exposed addresses. The number
is usually higher than you think.
Sign Up For Your Free Email Exposure Check Now:
http://www.knowbe4.com/email-exposure-check/
Cyberheist 'FAVE' LINKS:
* This Week's Links We Like. Tips, Hints And Fun Stuff.
All Time SUPER FAVE. The Incredible Lego machine sorts and moves little
balls along an incredible path of robots and contraptions. It took over
2 years to build. OK, I'll admit I'm a nerd, but still this is unique:
http://www.flixxy.com/the-incredible-lego-machine.htm
Your 5-minute vacation this week: Timelapse video by German photographer
Martin Heck showcasing the amazing landscapes and skies of the Alps:
http://www.flixxy.com/timestorm-alps-timelapse.htm
When I was a kid we put people on the moon and you could fly from New
York to Paris in 3 hours. This very important development in aerospace
propulsion might get us back there and beyond:
http://www.flixxy.com/the-future-of-air-and-space-travel.htm
This 3-D Printer Can Generate Entire Rooms:
http://www.fastcoexist.com/1680576/this-3-d-printer-can-generate-entire-rooms
Magician Teller performs one of his magic illusions with an amazing ending:
http://www.flixxy.com/fish-bowl-illusion-by-magician-teller.htm
The best clips of birds helping themselves to some food from unsuspecting humans:
http://www.flixxy.com/hungry-birds.htm
Footage of a hippo rescuing a wildebeest calf and a zebra foal from drowning
in the strong-flowing Mara River in Tanzania caused a sensation worldwide:
http://www.flixxy.com/helpful-hippo-rescues-helpless-animals-from-river.htm
Extremely gifted mind reader reveals his 'gift'. Spoiler: It's an ad:
http://www.youtube.com/watch?v=F7pYHN9iC9I&sns;=em
Dave is an extremely gifted 'clairvoyant' who seems to know a lot about
others - even the most detailed financial information:
http://www.flixxy.com/the-magic-behind-the-magic.htm
