CyberheistNews Vol 10 #38 [Heads Up] My Name Is Being Used in Criminal Identity Theft Attacks at the Moment

CyberheistNews Vol 10 #38
[Heads Up] My Name Is Being Used in Criminal Identity Theft Attacks at the Moment

There is an old Dutch expression: "High trees catch a lot of wind". Well, once you get in the public eye there is definitely the effect you become a bigger target of identity theft. In the last two weeks there have been three attempts that we know of, probably more that we have not uncovered yet.

First we got a call from the Small Business Administration, where someone applied for an SBA loan in my name, with the correct Social Security Number. The SBA reps called me to verify, and I congratulated them with a "good fraud catch".

Next, someone filed an unemployment claim in my name, again with the correct SSN. That one of course had very little chance of success, since these requests need to be verified by the company in question, and KnowBe4 had not laid me off yet. :-D

And then, someone created a fake Facebook account for me, and started contacting KnowBe4 employees as the Fake Stu. They promptly reported the fake profile to Facebook. Their support team sent me an email that they are reviewing it.

Knowsters made some screenshots before the profile will be taken down. It's done by an amateur, since I have never set foot in Uganda where NKumba University is located. The patter is also straight from a template, since anyone who knows me immediately spots that this is not the way I talk. Here is a screenshot:

First off-hand guess is that this is a modern-day clumsy equivalent of the Nigerian 419 scam. We'll see what Facebook support comes back with. At the same time this is entertaining and also somewhat frustrating but hey, it comes with the territory.

Good thing I froze my accounts with the credit bureaus quite a few years ago. I strongly suggest you do the same!
[NEW PhishER Feature] Remove, Inoculate, and Protect Against Email Threats Faster with PhishRIP

Your users are likely already reporting potentially dangerous emails in some fashion within your organization. The increase of this email traffic can present a new problem!

PhishRIP as part of the PhishER platform is a new email quarantine feature that integrates with Microsoft Office 365 to help you remove, inoculate, and protect your organization against email threats so you can shut down active phishing attacks fast.

Since user-reported messages require some level of analysis to prioritize, you need a simple and effective way to not only respond to and mitigate these reported messages, but also find and remove those suspicious messages still sitting in your users’ mailboxes.

Now you can with PhishER, which is the key ingredient of an essential security workstream. PhishER allows your Incident Response team to quickly identify and respond to email threats faster. This will save them so much time!

See how you can best manage your user-reported messages.

Join us TOMORROW, Wednesday, September 16 @ 2:00 PM (ET) for a 30-minute demonstration of the PhishER platform. With PhishER you can:
  • NEW! Easily search, find, and remove email threats with PhishRIP, PhishER’s email quarantine feature for Microsoft Office 365
  • Cut through your Incident Response inbox noise and respond to the most dangerous threats more quickly
  • Automate message prioritization by rules you set into one of three categories: Clean, Spam or Threat
  • Augment your analysis and prioritization of user-reported messages with PhishML, PhishER’s machine-learning module
  • Meet critical SLAs within your organization to process and prioritize threats and legitimate emails
  • Easy integration with KnowBe4’s email add-in button, Phish Alert, or forwarding to a mailbox works too!
Find out how adding PhishER can be a huge time-saver for your Incident Response team.

Date/Time: TOMORROW, Wednesday, September 16 @ 2:00 PM (ET)

Save My Spot!
They're Back: Bad Guys Spoof KnowBe4 Again

Earlier this week customers using the Phish Alert Button (PAB) began reporting yet another round of spoofed KnowBe4 security awareness training emails. The emails reported are fairly straightforward spoofs, which tells us that the bad guys undoubtedly got into some user's inbox and decided that one of our training notifications would make perfect click-bait for a phishing campaign.

Perhaps we ought to take this as some kind of backhanded compliment. (And, for the record, we have not opened a new office in Russia.) Nonetheless, KnowBe4 customers should always be on the alert for these kinds of shenanigans.

By the time we were able to check the link, the target domain was throwing SSL configuration errors. Based solely on the structure of the URL, though, we guessed this one points to a credentials phish, which is fairly standard fare for this kind of spoof.

UPDATE: Based on the second day's batch of emails, we can now confirm that our original assumption was in fact correct: this is a credentials phish -- for Microsoft Outlook, though, not KnowBe4. (Note that the malicious actors behind this campaign have switched to a new domain for the landing page.)

Screenshots here:
[NEW WEBINAR] Your Organization Through the Eyes of an Attacker

The bad guys are out there, watching and waiting for an opportunity to strike. They are gathering information about your organization and users, devising the perfect plan to infiltrate your defenses.

What if you could see your organization through the eyes of an attacker? We'll show you their latest attack methods and simple strategies you can implement to make your organization a hard target.

Join Roger Grimes, Data-Driven Defense Evangelist at KnowBe4, as he dives into the mind of a hacker to help you better understand your risks, and what you can do today to improve your defenses right now.

In this session you’ll learn:
  • The motives behind an attempted attack
  • The latest tactics hackers use to trick your users
  • The common mistakes your organization will make when building your defenses
  • How your end users can help you can defend against ever-evolving threats
Get the details you need to know now and earn CPE credit for attending!

Date/Time: Wednesday, September 23 @ 2:00 PM (ET)

Save My Spot!
[Watch Out] IT Admins Targeted With Fake "Malicious State Actor" Warning Notices

By Eric Howes, KnowBe4 Principal Lab Researcher. For several years both Google and Yahoo have been warning users about potential attacks on their accounts by "state actors." Indeed, earlier this year Google reported that it had issued almost 40,000 such warnings over the course of 2019.

To be sure, it's an arresting notification to receive, and occasionally such warnings even make the news. And that's what makes it the perfect hook for a social engineering attack.

Malicious actors are now targeting IT admins with spoofed notifications from Google concerning alleged attacks by "state actors" on the accounts of G Suite individual users. Their goal: penetrate organizations by compromising their G Suite accounts. Let's take a look at how this attack plays out.

[WEBINAR] The Critical Need to Improve Your Compliance Processes

You know that compliance is an important requirement but can also be time-consuming and fraught with risk. Still, most organizations have not implemented the processes and tools necessary to manage the compliance process efficiently. The often-tedious processes related to compliance don’t have to be a burden or a risk. Your security and compliance can be aligned and made more efficient by reducing or eliminating redundant steps and using the right tools.

Join Erich Kron, Technical Evangelist at KnowBe4, to learn how you can streamline your processes to effectively demonstrate compliance and save so much time.

In this webinar we will discuss:
  • Common challenges organizations face regarding compliance
  • The dangerous impact non-compliance can have on your organization
  • Differences between organizational and departmental compliance
Find out how to streamline your audit processes, assign tasks, and organize evidence in a way that will save you tons of time. And earn CPE credit for attending!

Date/Time: Thursday, September 24 @ 2:00 PM (ET)

Save My Spot!
Holy Moly, Ransomware Dominates 41% of All Cyber Insurance Claims in H1 2020

Just-released data from cyber insurer Coalition shows massive increases in both the frequency of ransomware attacks and the ransom demand with Maze and Ryuk leading the way.

We’ve been seeing more and more cybercriminals turning to ransomware as a go-to strategy to generate their criminal revenue. Many are turning to using both encryption and the theft and threatened publishing of victim data to double-up the chances of getting a payoff. This has led to hearing about larger and larger ransoms demanded.

Cyber insurer Coalition’s H1 2020 Cyber Insurance Claims Report points out the increases are more than just anecdotal. According to the report in the first half of 2020:
  • Ransomware attack frequency increased 260%
  • Ransom demands increased 47%
  • Maze and Ryuk ransomware variants represented 53% of all attacks
  • Ransoms ranged from $1,000 to over $2,000,000
According to Coalition, over half (54 percent) of attacks used email phishing attacks as the initial attack vector.

This massive increase is concerning. Organizations need to see these trends and heed their warning. With phishing being the primary vehicle, and remote workers being a consistent enabler of attacks, it’s time to educate your users via new-school security awareness training on both why and how to have security top of mind when using email and the web.

Ransomware gangs are only getting more cunning and greedy. The impact of their attacks will likely worsen, so it’s time to create a strong human firewall to stop these attacks to avoid becoming just another claim.

Let's stay safe out there.

Warm Regards,

Stu Sjouwerman
Founder and CEO
KnowBe4, Inc

PS: Interesting new interview with Kai Roer, explaining the just released KnowBe4 2020 Security Culture Report, and how you can benchmark your own org:

Quotes of the Week
"If you would be a real seeker after truth, it is necessary that at least once in your life you doubt, as far as possible, all things."
- René Descartes, Philosopher (1596 - 1650)

"An error does not become truth by reason of multiplied propagation, nor does truth become error because nobody sees it."
- Mahatma Gandhi

Thanks for reading CyberheistNews 

Security News
The Dangerous Attraction of Original Gangsters

Users need to be mindful of the ways in which hackers can take over their accounts, according to Brian Krebs. Krebs says his experience as the owner of an “OG” Gmail address made him realize how many people don’t realize that backup email addresses can be used to gain access to their primary email accounts.

Short usernames on popular platforms are known as OG (original gangster) accounts, and they’re usually scooped up by the platform’s early adopters. These accounts are coveted by certain online communities, and they’re often targeted by hackers and traded on underground forums.

Krebs says he registered for a Gmail account sixteen years ago and was able to get a short, simple email address that hadn’t yet been used. (He wisely doesn’t reveal what the email address is.) The account receives a lot of spam and account takeover requests, but Krebs says he isn’t surprised by this.

What he didn’t expect, however, was how many people would use his email address as their backup email when they created online accounts, apparently failing to understand that someone actually owned that email and could now reset their password.

“This particular email address has accounts that I never asked for at H&R Block, Turbotax, TaxAct, iTunes, LastPass, Dashlane, MyPCBackup, and Credit Karma, to name just a few,” Krebs writes. “I’ve lost count of the number of active bank, ISP and web hosting accounts I can tap into.

I’m perpetually amazed by how many other Gmail users and people on similarly- sized webmail providers have opted to pick my account as a backup address if they should ever lose access to their inbox. Almost certainly, these users just lazily picked my account name at random when asked for a backup email — apparently without fully realizing the potential ramifications of doing so.

At last check, my account is listed as the backup for more than three dozen Yahoo, Microsoft and other Gmail accounts and their associated file-sharing services.”

Krebs concludes that keeping security in mind when you set up an account is worth the extra effort. “Losing access to your inbox can open you up to a cascading nightmare of other problems,” Krebs says. “Having a backup email address tied to your inbox is a good idea, but obviously only if you also control that backup address.

More importantly, make sure you’re availing yourself of the most secure form of multi-factor authentication offered by the provider.” New-school security awareness training can teach your employees how to keep their online accounts secure.

KrebsOnSecurity has the story:
Email and SMS Phishing Campaign Impersonates Lloyds Bank

A convincing phishing campaign is targeting customers of Lloyds Bank, Infosecurity Magazine reports. Law practice Griffin Law warns that more than 100 people have reported receiving emails that purport to come from Lloyds informing them of a suspicious login.

The emails appear legitimate and display Lloyds branding, but they contain typos and awkward grammar. The email subject line says, “Alert: Document Report – We noted about security maintenance.” The email itself states, “Your Account Banking has been disabled, due to recent activities on your account, we placed a temporary suspension until you verify your account.”

The emails contain a link to a realistic-looking phishing site at Lloyds[.]bank[.]unusual-login[.]com, which asks the user to log in to their Lloyds account and enter their financial information.

The scammers are also sending text messages with links to the same phishing site. The texts read, “ALERT FROM LLOYDS: New device attempted to set up a payee to XXX. If this was NOT you, visit: Lloyds[.]bank[.]unusual-login[.]com.”

Chris Ross, Senior Vice President at Barracuda Networks, commented to Infosecurity Magazine that people need to be particularly vigilant for phishing scams that go after banking information.

“Hackers often hijack the branding of legitimate companies in order to steal confidential financial data from unsuspecting victims,” Ross said. “These scams can be very convincing, making use of official logos, wording and personalized details to lull the individual into a false sense of security.

In most cases, the victim will be directed to a fraudulent but realistic looking website, where they are urged to enter account details, passwords, security codes and PIN numbers. Phishing attacks like this pose a huge risk both to individuals and the companies they work for, especially if hackers gain access to a business bank account.

Tackling this problem requires robust policies and procedures as well as the latest email security systems in place to identify and block these scams before they reach the inbox.”

Infosecurity Magazine has the story:
What KnowBe4 Customers Say

"Hi, I am writing to say how pleased I have been with our customer success manager, GregN. He constantly reaches out to us and makes sure we are staying on-track and keeps us informed with changes and additions to our program. We had a solid half-hour meeting today where we reviewed phishing campaign plans and annual training plans. Greg offered valuable suggestions on how to tweak what I had already set-up and tips on how to get the most out of our training. He is always a pleasure to talk to and makes the conversation fun, rather than just sticking to cut-and-dry business."
- T.J., IT Technician

"Hi Stu, I just wanted to reach out and give you a story about how KnowBe4 is working for our company. A few days ago, our email filter allowed through a CEO fraud type phishing attack email. Because of the training and experience we’ve received through KnowBe4, the users that received the malicious email first used the Phish Alert button, then contacted the CEO to verify that he had not sent the email.

After he verified that he hadn’t, they then contacted me to let me know that a phishing email had gotten through, but they had already mitigated the risk by deleting the email. Of course, I let them know that they had done the exact correct thing, and congratulated them on not panicking and not clicking.

KB4 is a great training tool and our representative, GregN, has been an excellent reference and help in setting up trainings and phishing campaigns. Thanks for having great people work for you, and for making a quality product that is keeping our company well trained and safe from email attacks."
- C.D., Network and Security Admin

"Hi Stu, I had to give a commendation and give credit where it is due. I work in tech and know the thankless the job can be and will give praise as if I see fit. It is very rare for me to take the time to give someone praise, but will do it if I see this go out of their way to help out. Earlier this week, I had my initial meeting with NickC and I have never run into such a knowledgeable and pleasant person.

He was, should say IS very helpful and answered all my questions. He also showed me very useful best practices we should do. Also offered to demo to our C-Level executives to explain the importance of security awareness. Thank you Nick!! Nick is someone I would say you should keep on your staff as much as possible and would consider a great asset to your company."
- R.L., Network Admin
The 10 Interesting News Items This Week
    1. Ransomware Dominates 41% of all Cyber Insurance Claims in H1 2020:

    2. Critical Flaws exposed by phishing in 3rd-Party Code Allow Takeover of Industrial Control Systems:

    3. Salfram: Robbing the place without removing your name tag:

    4. US Court Documents Published in Ransomware Attack:

    5. Faking it: the thriving business of “fake alert” web scams:

    6. Hackers From Russia, China, Iran Are Targeting Presidential Campaigns, Microsoft Warns:

    7. Elon Musk Just Showed Off How Neuralink's Implant a Pig:

    8. Ransomware Spreads a New Virus. The recent attack on Tesla open a dangerous threat vector:

    9. CEOs Could Be Held Personally Liable for Cyberattacks that Kill:

    10. How Kids’ Videogame Accounts Get Hacked: Advice for Parents:
Cyberheist 'Fave' Links
This Week's Links We Like, Tips, Hints and Fun Stuff

FOLLOW US ON: Twitter | LinkedIn | YouTube
Copyright © 2014-2020 KnowBe4, Inc. All rights reserved.

Subscribe To Our Blog

Ransomware Hostage Rescue Manual

Get the latest about social engineering

Subscribe to CyberheistNews