|
CyberheistNews Vol 4, 08
Editor's Corner
This Week Top 10 Phishing Scams
It's my job to keep an eye out for the most recent phishing scams and let everyone know. One of the newsletters I get as a source for this is called "hoaxslayer". They just reported some new phishing scams I wanted to alert you about, so you can forward to your co-workers:
1. Email claiming to be from the "Energy Billing System" that your latest bill is available online and can be viewed with just one click. Of course the amount is sky-high so they want you to prevent a negative consequence.
2. Phishing email supposedly from Microsoft and you need to click a one-time automatic verification so that your account will not be suspended. STOP - LOOK - THINK before you click.
3. Scam email about a "Shocking Accident Roller Coaster Video" on Facebook. The carriage and its passengers have come off the track. Yeah, sure.
4. A phishing email purporting to be a notification about an incoming payroll related fax. It claims with just one click you can see the payroll. If you click your PC gets infected with malware.
5. Bogus email from "your landlord" that claims your rent is late and you need to pay within 10 days or face court proceedings. It's a hoax and if you download the .zip file and open it, your PC will be infected.
6. Email claiming to be from a Court Secretary, announcing your complaint has been received, and urges you to click on a link and confirm your complaint. Nobody wants to be in court so do not let them scare you.
7. Email from a bank that claims you must click on a link to upgrade to a new security system to give you maximum protection. Not so!
8. Phishing email claiming to be from Evernote, that states an image has been sent and invites you to click to view it. They play on your curiosity so do not fall for it.
9. Eviction Notice scam. This claims that you have been evicted and must vacate your house premises within a specified time frame or risk further legal proceedings. You are instructed to open an attached file for more information. But if you open it, your PC gets infected.
10. Facebook message claiming Vin Diesel has died and invites you to click a link to see the video why he died. Vin is alive and kicking thank you very much. This is just another one of those celebrity death scams. Do not fall for them.
OUCH. 89% Fail To Maintain PCI Compliance Between Assessments
OUCH. Verizon said in a report this month that 89% of organizations that achieve annual compliance with the PCI Data Security Standard -fail- to maintain that status after passing the audit. That results in being open to potential data breach risks and other security threats. We all know that PCI is an acceptable security baseline and then you build your full security posture on top of that. But not even having PCI compliance in place year- round is asking for trouble.
Verizon reported on the annual PCI compliance assessments that they performed as a service for well over 500 organizations the last few years. The numbers are based on actual compliance data gathered from organizations in the financial services, retail, travel and hospitality sectors and some other markets.
Rodolphe Simonetti, managing director, PCI practice for Verizon Enterprise Solutions said: "More than 82% were compliant with only about eight in 10 PCI requirements at the time of their annual assessments and needed an additional three months or so to close the gaps".
Many organizations see PCI compliance as a hurdle they need to take once a year, and then take their attention off the issue. They treat it as an annual "goal" rather than treating it as part of their continuous risk mitigation.
"It is really a failure to use compliance standards and tools on a day-to-day basis," Simonetti said. Not enough manpower and budget are known challenges to maintain ongoing PCI compliance at many companies, but the security issues that remain unresolved can be disastrous.
That is why we released the KnowBe4 Compliance Manager (KCM). This tool allows you to first -become- PCI compliant, and then -remain- compliant by assigning regular specific compliance tasks to the Directly Responsible Individual, (DRI) who then checks the control, reports to KCM that it's done, and then does the same compliance task again at the next required interval.
KCM allows you to automate your compliance workflow and at all times have full overview of your compliance status and security posture. We'd like to give you a 15-minute webdemo so you can determine if this is a good fit.
http://info.knowbe4.com/knowbe4-compliance-manager
Quotes of the Week
"Man is most nearly himself when he achieves the seriousness of a child at play." - Heraclitus - Philosopher (535 - 475 BC)
"This above all; to thine own self be true." - William Shakespeare - Writer (1564 - 1616)
Thanks for reading CyberheistNews! Please forward to your friends. But if you want to unsubscribe,
you can do that right here
You can read CyberheistNews online at our Blog!:
http://blog.knowbe4.com/bid/374949/Knowbe4-CyberheistNews-Vol-4-07-SNEAK-PEEK-At-New-Site-HACKBUSTERS
|
Kiss Your Old Security Awareness Training Program Goodbye!
 Is Your Security Awareness Training Program Not Working? Are Users Still Clicking Phishing Links And Opening Infected Attachments?
It could be you are not using awareness training best practices. Brand new research from Vanderbilt U, MITRE and Dartmouth College shows that embedded training is ineffective when it is only done every 90 days, and not part of a program that includes initial training.
If you have been using a program from another vendor and you do not see dramatically improved Phish-prone results, it's time to kiss that program goodbye!
KnowBe4 offers a 50% Competitive Upgrade Discount if you change from your current program to Kevin Mitnick Security Awareness Training. Better yet, we will also "make whole" your current subscription period.
With extremely malicious Cryptolocker malware out there, you have got to start with an effective security awareness program TODAY. Click this link and get a quote now:
http://info.knowbe4.com/get-a-quote-14-02-25
IRS Warns On 'Dirty Dozen' Tax Scams For 2014
Network World - Everybody wants your money – the IRS too, but at least they will take it legally. The IRS however doesn't want your money taken by scamsters who use tax season to celebrate Christmastime for dirtbags.
The list of nastyscams sounds familiar – with identity theft and phone fraud leading the way as they have for the past few years.
"Taxpayers should be on the lookout for tax scams using the IRS name," said IRS Commissioner John Koskinen in a statement. "These schemes jump every year at tax time. Scams can be sophisticated and take many different forms. We urge people to protect themselves and use caution when viewing e-mails, receiving telephone calls or getting advice on tax issues." More at NetworkWorld:
http://www.networkworld.com/news/2014/022014-irs-tax-scams-278956.html?
Hackers Used Spear Phishing Attack To Hack CNN Blogs
Security analysts at Intelligence firm InterCrawler published the details of the investigation on recent attack against CNN Blogs and social media accounts. Recently a few social media accounts belonging to CNN and blogs were compromised, including CNN’s main Facebook account, CNN Politics’ Facebook account and the Twitter pages for CNN and CNN’s Security Clearance. At the same time blogs Blogs for Political Ticker, The Lead, Security Clearance, The Situation Room and Crossfire were hacked.
According to cyber intelligence firm IntelCrawler, attackers conducted a multi-stage spear phishing attack against CNN and Turner employees to obtain information used in successive attack to CNN blogs, as well as some third party publishing platforms based on WordPress and Hootsuite.
The e-mail messages appear to come from a trusted source, like colleagues or partners, and allowed attackers to compromise several corporate e-mail accounts and started to spread malicious links which in fact led to a fake authorization page for Microsoft Outlook Web App. Details at the Security Affairs Blog:
http://securityaffairs.co/wordpress/21691/cyber-crime/attackers-used-spear-phishing-attack-hack-cnn-blogs.html
BYOD Businesses Still Lack Effective Security Policies
eWEEK picked up on the research we did this Feb 2014. "Survey results suggested that unless an organization has strong policy to govern BYOD usage, the company could be put in a precarious position.
"A majority of businesses (53 percent) unprepared to deal with hacked or stolen bring your own device (BYOD) devices, even though half indicated company-owned tablets, notebooks and smartphones may have been hacked in last 12 months, according to a report from ITIC and KnowBe4. The survey results indicate that 65 percent of businesses now allow end users to BYOD and use them as corporate desktop or mobile devices to access organizational data including email, applications and sensitive data.
"BYOD usage can be used to help businesses reduce expenditures and lower the administrative burdens of IT departments as end users manage, maintain and in many cases pay for their own devices. However, the rise in BYOD, mobility and remote and telecommuting users potentially increases the risk of security breaches". - See more at: http://www.eweek.com/small-business/byod-businesses-still-lack-effective-security-policies.html#sthash.uSq0pEfc.dpuf
Cyberheist 'FAVE' LINKS:
* This Week's Links We Like. Tips, Hints And Fun Stuff.
SUPER FAVE: Ride In A Formula One Car With A 360 Degree View! Join Mercedes Formula One driver Nico Rosberg for a lap of the Silverstone circuit:
http://www.flixxy.com/ride-in-a-formula-1-car-with-a-360-degree-view.htm?utm_source=4
The MTT-136 battery powered track will get you through the deepest snow. Not as fast as a Formula 1 but fun as well, it's like your own "tank tread":
http://www.flixxy.com/battery-powered-track-all-terrain-vehicle.htm?utm_source=4
If it wasn't for the blue sky in the background and the tree you would think that NASA Morpheus successfully completed the landing on Mars:
http://www.flixxy.com/nasa-morpheus-take-off-and-landing.htm?utm_source=4
Packetwerks: We made these awesome shirts for the RSA Show. I WANT ONE!!!
https://twitter.com/packetwerks/status/436253832457494529/photo/1
You probably have seen the Hitchcock film 'The Birds.' But 'Attack Of The Japanese Rabbits' is neither staged nor directed and uses no special effects:
http://www.flixxy.com/attack-of-the-japanese-rabbits.htm?utm_source=4
What happens when a 120-ton Boeing 767 encounters severe turbulence just before touching down on Runway 15 at Birmingham Airport in England?
http://www.flixxy.com/boeing-767-landing-gear-banged-to-its-limits.htm?utm_source=4
A goat family is having fun balancing on a flexible sheet of steel at a farm somewhere in France. (Sorry, no sound)
http://www.flixxy.com/goats-having-fun-balancing-on-flexible-sheet-of-steel.htm?utm_source=4
|
