Yup, you gotta admit it, the bad guys -are- inventive! Getting a wedding invitation from someone you know and not clicking on it is hard to do! Bogus wedding invites are the latest spam and phishing trend, but also 'deja vu'. Our friends down the street (literally) at ThreatTrack Security warned everyone about this a few days ago.
Their researchers in the AV Labs captured a malicious spam appearing to be a wedding invitation purportedly from White Wedding Agency, a business entity in Prague. So warn your users, if they get email with a message body: "You are Cordially Invited to Celebrate the Our Wedding" (note the grammar error) delete that email, and don't save the date. More detail here: http://www.threattracksecurity.com/it-blog/wedding-inspired-spam-leads-to-kuluoz-infection/
Security Awareness Training Controversy
A post on the Slashdot site summarizes the controversy: "Security guru Bruce Schneier contends that money spent on user awareness training could be better spent and that the real failings lie in security design: 'The whole concept of security awareness training demonstrates how the computer industry has failed. We should be designing systems that won't let users choose lousy passwords and don't care what links a user clicks on,' Schneier writes in a blog post on Dark Reading. He says organizations should invest in security training for developers.
Your end-users are the weak link in your network security. Today, your employees are frequently exposed to advanced phishing attacks, and over 90% of data breaches start with a phishing attack.
IT Security specialists call it your 'phishing attack surface'. The more email addresses that are exposed, the bigger your attack footprint is, and the higher the risk. It's often a surprise how many of your addresses are actually out there, and who's.
Find out now which of your email addresses are exposed. The Email Exposure Check (EEC) is a one-time free service. KnowBe4 customers with a Gold package get an EEC sent to them regularly so they can address the issues that are found. An example would be the email address and password of one of your users on a crime site. Fill out the form and we will email you back with the list of exposed addresses. The number is usually higher than you think.
Your Social Network Profiles Are Like Catnip To Cyber Crooks
Dan Tynan interviewed me at the ITworld.com site. He wrote a great article on March 28 and started off with:
"Could you say no to pictures of adorable kittens? Apparently, you’re not alone. Nearly half of all people who receive an email containing an image of a cute cat will automatically open it, according to security training firm PhishMe. But behind those fallacious felines lies danger – or at least, the potential for it.
The Wall Street Journal’s Geoffrey A. Fowler has a fascinating story today about how companies are using faux phishing attacks – including links to bogus cat videos -- to teach employees how to handle real ones. Per Fowler:
Many big network breaches begin not with brainy hacker code but with workers who are tricked by so-called social engineering, which manipulates people into revealing sensitive information. So companies are trying to get workers to act badly before the bad guys do.
81% of IT Managers Believe Employees Willfully Ignore Security Rules
Lieberman Software's 2013 Information Security Survey reports the attitudes and opinions of IT security professionals regarding the behaviors of end-users, the state of unauthorized privileged access, and the likelihood of their own organizations withstanding data breaches. Highlights include:
- 81.4% of IT security staff think that staff tend to ignore the rules that IT departments put in place.
- 75.8% of IT personnel think that employees in their organization have access to information that they don't necessarily need to perform their jobs.
- 73.3% of respondents would not bet $100 of their own money that their company won't suffer a data breach in the next six months.
- 64.7% of respondents think that they have more access to sensitive information than colleagues in other departments.
- 54.7% of those respondents did not report their colleagues who accessed that information.
- 52.2% of the same respondents believe that staff would not listen more even if IT directives came from executive management, rather than IT.
- 38.3% of IT security personnel have witnessed a colleague access company information that he or she should not have access to.
- 32.3% of IT security professionals work in organizations that do not have a policy to change default passwords when deploying new hardware, applications and network appliances to the network.
It's Tax Time! April is here, and that can only mean one thing for folks in the United States: It is tax season. And for thieves, con men and tax evaders alike, it's high time for tax fraud. In an effort to curb some of this criminal activity, the Internal Revenue Service (IRS) this week released its list of the Dirty Dozen Tax Scams for 2013.
This annual list includes scams that can affect American taxpayers, and the IRS as well, at any time of year, but seem to grow more prevalent during tax filing season, and of course phishing is at the top. If you are a KnowBe4 customer, this is the time to send one of the templates you have in the Government Campaign. Go to your console, Choose; Create New Campaign, at Templates choose Government, and pull down the "Your Tax Return Was Accepted By The IRS. Click the Create Campaign button and 'Voila' - all your users receive it in a few minutes. Here is the link to the IRS Dirty Dozen:: http://www.technewsdaily.com/17501-the-irs-dirty-dozen-tax-fraud-scams.html?cmpid=520538
Cyberheist 'FAVE' LINKS:
* This Week's Links We Like. Tips, Hints And Fun Stuff.
Worldometers - real time world statistics. Fascinating to see these numbers, you should really check this out for a moment, for instance 'Computers sold this year': www.worldometers.info/
This short film was voted #1 for the special award at the Cannes 2008 Film Festival. With a stroke of the pen, a stranger transforms the afternoon for another man. Talk about the power of communication. Take these 4 minutes: http://www.flixxy.com/story-of-a-sign-short-film.htm