CyberheistNews Vol 4, 36 Scam Of The Week: Bitcoin Wallet Theft



CyberheistNews Vol 4, # 36
KnowBe4
Stu Sjouwerman's New Security Newsletter Don't miss the Fave Links! Case Studies Resources About Us Contact Us
Facebook LinkedIn Blog Twitter YouTube YouTube
 

CyberheistNews Vol 4, 36

Editor's Corner

KnowBe4

Scam Of The Week: Bitcoin Wallet Theft

It finally starts to penetrate to the population at large that something like digital currencies exist, the Bitcoin brand being the most visible. End-users are getting curious about this, and a recent Proofpoint blog reported that phishing attacks using Bitcoin as scam-bait have a much higher "Click Through Rate" than other campaigns. A whopping 2.7 percent as a matter of fact, a CTR many marketers would die for. So, how to warn your users? I would send them (something like) this alert:

Recently, new criminal phishing campaigns have started, claiming that hackers have tried to access your "Bitcoin Wallet", even though you may not have a wallet with this new digital currency. The email subject is a bogus alert of a "Suspicious sign-in attempt" and to make sure no Bitcoins are stolen, you are supposed to reset your password. The email even has a "case incident" number to make it look official. Do not get curious and fall for these scams. Continue to "Think Before You Click!"

There is a lot more background about this scam at the KnowBe4 blog and we have a phishing template you can send to inoculate your users:
http://blog.knowbe4.com/bid/395296/Bitcoin-Phishing-Click-Rate-Higher-Than-Regular-Scams

Five Reasons Why Clicking "Unsubscribe" May Be a Bad Idea

When you get on a mailing list you don't want to be on, it's easy to get off – just click on the "unsubscribe" link. But should you? Sophos Naked Security says maybe not. When you unsubscribe, you're giving the organization that sent you the message information about yourself that you may not want them to have. Read the Five Reasons at the KnowBe4 Blog:
http://blog.knowbe4.com/bid/396046/Five-Reasons-Why-Clicking-Unsubscribe-May-Be-A-Bad-Idea

Quotes of the Week

"Certain things catch your eye, but pursue only those that capture the heart." - Ancient Indian Proverb

"In everyone's life, at some time, our inner fire goes out. It is then burst into flame by an encounter with another human being. We should all be thankful for those people who rekindle the inner spirit." - Albert Schweitzer

Thanks for reading CyberheistNews! Please forward to your friends. But if you want to unsubscribe,
you can do that right here

Thanks for reading CyberheistNews! Warm Regards, Stu Sjouwerman | Email me: feedback@knowbe4.com
Facebook LinkedIn Blog Twitter YouTube YouTube
KnowBe4

Can Bad Guys Impersonate Your Executives?

Can the bad guys impersonate one of your co-workers or your executives? In other words, can your domain be spoofed? KnowBe4 can help you find out with our free Domain Spoof Test.

The Domain Spoof Test sheds light on a major potential vulnerability; email servers not being correctly configured. Bad guys searching for your organization's publicly available email addresses can find enough information to attack your employees by impersonating (spoofing) a co-worker or executive.

We offer a free one-time Domain Spoof Test (DST) that verifies whether a hacker can disguise a malicious phishing email as a normal message from someone within your organization, such as a manager or CEO/President. If this is possible, hackers can easily launch a spear-phishing attack.

Only thing we do is send one email TO you, FROM you, (spoofed). If you receive this email, bad guys can spoof your domain too. It takes 1 minute, so request the free domain spoof test for your own domain name. Click here and fill out the form:
http://info.knowbe4.com/domainspooftest-14-09-09

KnowBe4

Home Depot, Other Retailers Get Social Engineered

Famed annual contest reveals how many retailers lack sufficient defenses against social engineering.

In the end, it may have been a foreshadowing of sorts: The team assigned to squeeze potentially sensitive information from Home Depot employees in cold calls during this year's Social Engineering Capture the Flag (SECTF) competition at DEF CON 22 won the famed contest.

The social engineering competition held last month in Las Vegas was in no way directly related to a report yesterday that Home Depot may have suffered a massive data breach; the home improvement chain was still investigating suspicious "activity" as of this posting. However, it was among a group of major US retailers that fell to multiple social engineering tactics during the competition.

It looks like Home Depot fell to the same POS attack that Target did last year, with a slightly modified version of that malware. Now it's a matter of digging up how the bad guys originally penetrated the Home Depot network in the first place....spear phishing perhaps?
http://www.darkreading.com/operations/home-depot-other-retailers-get-social-engineered-/d/d-id/1306940?

KnowBe4

Scammers Posing As IRS Agents Extort $5M

Callers posing as Internal Revenue Service agents have stolen large amounts of money in a nationwide scam that continues to grow both in volume and in threat. Federal authorities said Wednesday that as many as 1,100 people across the country have lost $5 million to con artists who tell people they will be arrested if they don't immediately pay thousands of dollars in unpaid taxes.

The callers target people from all walks of life and backgrounds and often follow up initial threats with secondary calls and emails. These follow-up calls are said to be from police officers en route to arrest the victim, authorities said during a Phoenix news conference to alert the public. More at USA Today:
http://usat.ly/1rNDsDp

KnowBe4

YouTube Account Manager Message Warns of Account Suspension

YouTube users are currently being targeted by emails claiming to be delivered by YouTube Account Manager, threatening with account suspension due to repeated violations of the community guidelines.

“We’d like to inform you that due to repeated or severe violations of our community guidelines your YouTube account will be suspended 3 days from the time of this message. After careful review we determined that activity in your account violated our community guidelines, which prohibit spam, scams or commercially deceptive content. Please be aware that you are prohibited from accessing, possessing or creating any other YouTube accounts,” informs the email.

Christopher Boyd of Malwarebytes says that the best way to check the status of the YouTube account is to contact YouTube directly.

"Scammers will often use similar tactics to send phishing links and malware, so in some ways recipients of this missive are getting the best of a bad deal – it’s ‘only’ surveys and forms to fill in, along with the occasional download," says the researcher. More:
https://blog.malwarebytes.org/fraud-scam/2014/09/youtube-account-manager-has-sent-you-a-message/

KnowBe4

Cyberheist 'FAVE' LINKS:

* This Week's Links We Like. Tips, Hints And Fun Stuff.

Only 8mm thin, and weighing less than 400g, this device comes with 328 high def pages that load instantly. It is wireless and never runs out of battery: RIOT!
http://www.flixxy.com/experience-the-power-of-a-bookbook.htm?utm_source=4

Smoothini mystifies the judges of America's Got Talent 2014 with a simple shoelace!
http://www.flixxy.com/smoothini-street-magic-with-a-shoelace-americas-got-talent-2014.htm?utm_source=4

Find out who will win in the battle between motorbike, supercar and Formula 1 car:
http://www.flixxy.com/supercar-vs-motorbike-vs-f1-car-top-gear.htm?utm_source=4

Russian girl doing stunts on a Suzuki GSXR motorcycle on cruise control. Just imagine the road rash if this goes wrong:
http://www.flixxy.com/russian-motorcycle-girl.htm

Caterpillar 319D LN climbing onto a rail car to unload crushed rock in Kansas City:
http://www.flixxy.com/cat-319d-ln-climbing-onto-rail-car.htm?utm_source=4

A compilation of the 100 most iconic shots in movie history:
http://www.flixxy.com/the-100-most-iconic-movie-shots-of-all-time.htm?utm_source=4

With a GoPro camera on this back, Walter the Labrador takes every hurdle necessary to make a splash in the sea:
http://www.flixxy.com/this-dog-loves-the-sea.htm?utm_source=4

16 Animals Eating Human Food Compilation. Cute for the kids, and the next one too:
http://www.flixxy.com/16-animals-eating-human-food-compilation.htm?utm_source=4

Puss in Boots on a mission to recover a princess' stolen ruby from the notorious French thief the Whisperer, with the help of three kittens: "The Three Diablos:":
http://www.flixxy.com/puss-in-boots-sequel-the-three-diablos-short-film-by-dreamworks.htm?utm_source=nl

 
KnowBe4
Facebook LinkedIn Blog Twitter YouTube YouTube



Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews