CyberheistNews Vol 2, #49
Editor's Corner
[caption id="attachment_1367" align="alignleft" width="150" caption="Stu"]
[/caption]
The 2012 Top 10 Holiday Scams
We recommend you send this to your employees as the bad guys are coming out
in full force this holiday season and will try to trick and scam users both
at the office and at their house.
Number 10
'The Charity Tricksters'. The holidays are traditionally the time for giving.
It's also the time that cyber criminals try to pry money out of people that mean well.
But making donations to the wrong site could mean you are funding cybercrime or even
terrorism. So, watch out for any communications from charities that ask for your contribution,
(phone, email, text, tweets, snail mail and even people ringing your door bell) and make sure
they are legit and show their ID. It is safest to only donate to charities you already know,
and refuse all the rest.
Number 9
'The Grinch E-Card Greetings'. Happy Holidays! Your email has an attachment that looks
like an e-greeting card, pretty pictures and all. You think that this must be from a friend.
Nope, not so. Malicious e-cards are sent by the millions, and especially at the office, never
open these things as they might infect your workstation.
Number 8
'The Fake Gift Card Trick'. Internet crooks promote a fake gift card through social media
but what they really are after is your information, which they then sell to other cyber
criminals who use it for identity theft. Here is an example: A recent Facebook scam offered a
free $1,000 Best Buy gift card to the first 20,000 people who signed up for a Best Buy fan page,
which was a malicious copy of the original.
Number 7
'The Copied Site'. Bad guys build complete copies of well-known sites, send you emails
promoting great deals, sell products, take the credit card, but never deliver the goods.
These sites live only a few days and the money usually goes abroad. Your credit card company
will refund the purchase, but apart from not getting your gift(s) your card number is now
compromised and will be sold and used by cyber criminals. Always check for the
https:// rather than just http:// .
Number 6
'The DM-Scam'. You tweet about a holiday gift you are trying to find, and you get a direct
message (DM) from another twitter user offering to sell you one. Stop - Look - Think, because
this could very well be a sophisticated scam. If you do not know that person, be -very- careful
before you continue and never pay up front.
Number 5
'The Extra Holiday-money Fraud'. You always need some extra money during this season,
so cyber fraudsters are offering work-from-home scams. The most innocent of these make you
fill out a form where you give out confidential information like your Social Security number
which will get your identity stolen. The worst of them offer you work where you unwittingly launder money
from a cyberheist which can get you into major trouble.
Number 4
'The Fake Recession Relief'. Internet swindlers target people that are vulnerable due to
the recession with pay-in-advance scams and credit offers. Spam emails advertise "prequalified,
super low-interest" credit cards and loans if you pay a processing fee, which goes straight
into the scammers pocket.
Number 3
'The Search Term Trap'. Bad guys do their research and find out what people want. They
then build a site that professes to have the item. They push that site high onto the search
engines and you might click on that link. But the site contains malware and will infect your
PC. Make sure that your web-browser is fully updated, and will warn you if it sees that the
site is unsafe.
Number 2
'The Evil Wi-Fi Twin'. You bring your laptop and go to the mall to scout for gifts. Then you
check if you get it cheaper somewhere online. But the bad guys are there too, shopping for your
credit card number! They put out a Wi-Fi signal that looks just like a free one you always use.
Choose the wrong Wi-Fi and the hacker now sits in the middle and steals your credit card data
while you buy online. When you use a Wi-Fi connection in a public place, it is better not to
use your credit card.
Number 1
'The Black Friday Racket'. Black Friday is the start of great holiday shopping deals, unless
they are too good to be true and you get tricked into buying an iPad for a 90% discount. Be extra
careful with online buying starting the day after Thanksgiving!
This Top 10 is also available as a post at the KnowBe4 Blog:
http://blog.knowbe4.com/the-2012-top-10-holiday-scams/
Happy and Safe holidays !
Quotes of the Week
"All the world is made of faith, and trust, and pixie dust." - J.M. Barrie, Peter Pan
"Trust starts with truth and ends with truth." - Santosh Kalwar
"Only the individual can think, and thereby create new values for
societynay, even set up new moral standards to which the life of
the community conforms." - Albert Einstein
Please tell your friends about CyberheistNews! They can subscribe here:
http://www.knowbe4.com/cyberheist-news/
Prevent Email Phishing
Want to stop Phishing Security Breaches? Did you know that many of the
email addresses of your organization are exposed on the Internet and
easy to find for cybercriminals? With these addresses they can launch
spear-phishing attacks on your organization. This type of attack is
very hard to defend against, unless your users are highly security
awareness trained. IT Security specialists call it your phishing
attack surface. The more of your email addresses that are floating out
there, the bigger your attack footprint is, and the higher the risk is.
Find out now which of your email addresses are exposed with the free
Email Exposure Check (EEC). An example would be the email address and
password of one of your users on a crime site. Fill out the form and
we will email you back with the list of exposed addresses. The number
is usually higher than you think.
Sign Up For Your Free Email Exposure Check Now:
http://www.knowbe4.com/email-exposure-check/
IT Briefcase Exclusive Interview: Security Awareness Training
A Modern Necessity, with Stu Sjouwerman, KnowBe4
The editors of IT Briefcase interviewed me and had several very good
questions about security awareness training. You can read the full
interview here, will take just a minute and has some good ammo if you
need security budget:
http://www.itbriefcase.net/it-briefcase-interview-security-awareness-training
A New Term: QRishing
From the GFI Blog: "QRishing may probably be a new term to our ears,
but concerns of this threat have been expressed by individuals some
years before. It is a term we can associate with a phishing tactic
initiated with Quality Response (QR) codes.
A few days ago, experts from the Carnegie Mellon University released
a whitepaper entitled QRishing: The Susceptibility of Smartphone
Users to QR Code Phishing Attacks. In there, they have detailed
the outcome of two experiments they conducted that aimed to prove
the viability of QRishing. From the Abstract: In one experiment
we visually monitored user interactions with QR codes; primarily to
observe the proportion of users who scan a QR code but elect not to
visit the associated website. In a second experiment, we distributed
posters containing QR codes across 139 different locations to observe
the broader application of QR codes for phishing.. More:
http://www.gfi.com/blog/qrishing/
Many Gadgets, Many Risks
Monday Nov 12th the Wall Street Journal came out with an article that
illustrates the risks of BYOD: "Small companies are giving their employees
a lot of leeway with gadgets. And that could mean major security risks.
All told, about half of companies with fewer than 500 employees allow
personally owned devices, compared with 35% of larger enterprises,
according to the Ponemon Institute LLC." Forwarding this research to
management might help you create more understanding about the risks of BYOD:
http://online.wsj.com/article/SB10001424052970204840504578087311857039762.html
Ransomware Crooks Make Millions From Porn-Shaming Scams
Symantec put out a report last week that focused on the increase of
a particularly nasty type of ransomware scam. It started 6 years ago
in Eastern Europe. The code has been perfected over that time, with
more reliable payment mechanism and stronger encryption that
completely locks up the PC and shames the victim with on-screen porn.
It's a real extortion racket, Symantec said in their white paper.
Computerworld has a lot more detail here that you should know about
in case a user gets one of these and gets tricked into clicking on
the link:
http://www.computerworld.com/s/article/9233421/Ransomware_crooks_make_millions_from_porn_shaming_scams?
Cyberheist 'FAVE' LINKS:
* This Week's Links We Like. Tips, Hints And Fun Stuff.
280 YouTube videos edited into a 5-minute masterpiece by Luc Bergeron.
This is a really good one that you can watch twice and see new things:
http://www.flixxy.com/best-of-web-3-life-is-amazing.htm?utm_source=4
Check out this guy's cyber hand. We are getting very good at this:
http://youtu.be/RFBro6ou96o
Ultra light autogyro and a Triumph motorcycle take a ride together. Fun!
http://www.flixxy.com/air-command-autogyro-vs-triumph-motorcycle.htm
TechJects Dragonfly micro UAV flies like a bird and hovers like an insect,
this is pretty cool technology! Scroll down the page for the video:
http://www.gizmag.com/techject-dragonfly-microuav/24900/
Charles Jennings, CEO of a security company talks at TED about Rule #1
of IT Security. Find out what it is, LOL:
http://swanisland.net/news/62-swan-island-ceo-charles-jennings-speaks-at-ted-x-bend-conference
A tribute to the joy of dance:
http://www.flixxy.com/lets-dance.htm
People go to haunted houses, get scared $#!Tless and their picture is taken:
http://www.wired.com/rawfile/2012/10/nightmares/?pid=4104&viewall;=true
