Scam Of The Week: Walmart Mass Customized Phishing Attack
I have been predicting this for a while here because it was clear as daylight that 'phishing mail-merge' would happen sooner or later. And here it finally is.
Wal-Mart took special effort this week and warned customers of an unusually 'high quality' phishing email that tries to get personal and credit information. Mass customized attacks like this show that malware has reached a high maturity level, the bad guys have gone 'pro'.
Walmart stated on their corporate site: "There was a false email sent to a number of people this morning claiming to be from Walmart.com. This email looks like a confirmation of a purchase made on Walmart.com, but is actually a phishing email attempting to gather information from the recipient,” they said in a statement. "Again, this email is not from Walmart.com and it is important that recipients do not click on any links in the email or respond in any way."
Here is how it looks, note the only immediate Red Flag you can see is the 'wallmart' spelling with 2 l's in the 'From' address. Picture at the KnowBe4 Blog, and warn your users.
https://blog.knowbe4.com/bid/285456/Phishing-Scam-Of-The-Week-Walmart-com
Consumer Federation of America has a cool public service announcement regarding online fraud. Fun to watch; send it to your users!
https://youtu.be/VFsu1cWj4BM
Last but not least, KnowBe4 just released the Kevin Mitnick Home Internet Security Course, which has 8 segments that help keep families safe online: This course is available at volume discounts if your employees need to be protected at their house as well as the office. Contact us for more info. Check out the features and a short intro video by Kevin here:
https://home.knowbe4.com/
Quotes of the Week
"Success is not final, failure is not fatal: it is the courage to continue that counts." - Winston Churchill
"Things which matter most must never be at the mercy of things which matter least." - Johann Wolfgang von Goethe
"97% of the statistics found on the Internet are untrue" - Abraham Lincoln
|
Your end-users are the weak link in your network security
 Today, your employees are exposed to Advanced Persistent Threats. Trend Micro reported that 91% of successful data breaches started with a spear phishing attack. IT Security specialists call it your 'phishing attack surface'. The more email addresses that are exposed, the bigger your attack footprint is, and the higher the risk.
It's often a surprise how many of your email addresses can be found by the bad guys. Find out now which of your email addresses are exposed. The Email Exposure Check (EEC) is a one-time free service. We often show surprising results. An example would be the credentials of one of your users on a crime site. Fill out the form and we will email you back with the list of exposed addresses and where we found them.
Sign Up For Your Free Email Exposure Check Now:
https://info.knowbe4.com/email-exposure-check
Cybercrime Attack Vector Of Choice: Employees
Today, employees are the low hanging fruit for cybercrime. Organizations counter this with what is called 'Security Awareness Training' (SAT), but modern SAT is far removed from how it was done a few years ago. It used to be enough to have all employees together, provide donuts and coffee, and expose them to 'death by PowerPoint' for 20 minutes. Those days are over.
Now, to keep your networks secure, you need regular simulated phishing attacks that arrive in their inbox, just like real phishing attacks by the bad guys. What you really manage is behavior change of your employees. They are exposed to either sophisticated attacks from either Eastern European Cyber Mafias that are after your operating account, or Advanced Persistent Threat (APT) campaigns (usually) coming from China that are after your organizations' intellectual property.
Employees need to understand why they simply cannot click on a link in an email about Angelina Jolie anymore. That is why KnowBe4 has dozens of templates that you can schedule to arrive in your employees' inbox. We recommend at least a few a month or one a week. That is the only thing that keeps employees on their toes and creates a real change in their security behavior. Here is a 90-second video that explains the how and why:
https://www.knowbe4.com/video-kevin-mitnick-security-awareness-training/
Want To See A Cyberheist Close By?
Here is a map of some known cyberheists (really the tip of the iceberg because the vast majority are not disclosed) with the amount of money stolen:
https://batchgeo.com/map/ccca1a248e3a1974909827254c0f7589
Cyberheist 'FAVE' LINKS:
* This Week's Links We Like. Tips, Hints And Fun Stuff.
The devious art of cell tower camouflage. When is a tree not really a tree? When it's a wireless tower:
https://www.networkworld.com/slideshow/101594/the-devious-art-of-cell-tower-camouflage.html?
Consumer Federation of America has a cool public service announcement regarding online fraud. Fun to watch, send it to your users!:
https://youtu.be/VFsu1cWj4BM
It's no longer sci-fi. Killer energy beams are now reality. ADAM High Energy Laser Destroys Qassam-like Rocket Target:
https://youtu.be/kgUnDeED9MM
Terrafugia Already Planning Second Flying Car. I want one:
https://www.motorauthority.com/news/1084006_terrafugia-already-planning-second-flying-car?fbfanpage
We hired 3 more people here at KnowBe4, the office is getting full!:
https://blog.knowbe4.com/bid/279785/We-hired-3-more-people-the-office-is-getting-full
|
