CyberheistNews Vol 10 #45 [Heads Up] Here Are Some Truly Scary Social Media Stats




CyberheistNews Vol 10 #45
[Heads Up] Here Are Some Truly Scary Social Media Stats

Scamming incidents have increased by 519% in 2020 compared to last year, according to researchers at Baltimore-based ZeroFOX. The researchers compared their own data to a recent report from the Federal Trade Commission, which found that scams on social media have skyrocketed since the start of the pandemic earlier this year.

ZeroFOX says their data aligns with the findings in the FTC’s report, and they’ve observed a significant year-over-year increase in scams:
  • 423% increase in Financial Services (scammers/money mulers targeting banking customers)
  • 1,579% increase in Retail scams
  • 226% increase in Consumer Goods scams
  • 295% increase in HR scams, which could align with scammers looking to capitalize on work from home opportunities and lay-off/furloughs due to the pandemic
  • 164% increase in crypto giveaway scams, where an account is taken over or an impersonator profile is created to look like an influencer to peddle the scam
  • 609% increase in money flipping scams
  • 100% increase in impersonating profiles that have someone who claims to work for a company in HR, but does not.
ZeroFOX concludes that this activity will continue to proliferate, since scammers have no reason to change their methods.

“ZeroFOX Alpha Team assesses that scammers will likely continue to use the pandemic as an opportunity to take advantage of desperate consumers,” the researchers write. “Emotional and economic distress can leave victims vulnerable to these scams, especially ones designed to alleviate stress and reduce the impact of the pandemic.

Alpha Team also assesses that the scam types will remain constant and we will not see many new scams, mostly due to the years of experience and resources available for tried and tested scams. The old adage ‘don’t fix what isn’t broke’ applies to bad actors as well.

As always, be mindful when using social media for business or for personal use to prevent yourself from becoming the next victim to a social media scam.” New-school security awareness training can give your employees a healthy sense of suspicion so they can avoid falling victim to social engineering techniques.

Blog Post with links:
https://blog.knowbe4.com/here-are-some-truly-scary-social-media-stats
[Live Demo] Ridiculously Easy Security Awareness Training and Phishing

Old-school awareness training does not hack it anymore. Your email filters have an average 7-10% failure rate; you need a strong human firewall as your last line of defense.

Join us TOMORROW, Wednesday, November 4 @ 2:00 PM (ET), for a live demonstration of how KnowBe4 introduces a new-school approach to security awareness training and simulated phishing.

Get a look at new features and see how easy it is to train and phish your users:
  • NEW! AI Recommended training suggestions based on your users’ phishing security test results.
  • NEW! Brandable Content feature gives you the option to add branded custom content to select training modules.
  • Train your users with access to the world's largest library of 1000+ pieces of awareness training content.
  • Send fully automated simulated phishing attacks, including thousands of customizable templates with unlimited usage.
  • Assessments allows you to find out where your users are in both security knowledge and security culture to help establish baseline security metrics you can improve over time.
  • Advanced Reporting on 60+ key awareness training indicators.
  • Easy user management using Active Directory Integration or SCIM Integration.
Find out how 35,000+ organizations have mobilized their end-users as their human firewall.

Date/Time: TOMORROW, Wednesday, November 4 @ 2:00 PM (ET)

Save My Spot!
https://event.on24.com/wcc/r/2774936/45A06D5D641A9560B69FEB3B671FA46A?partnerref=CHN2
[ALERT] U.S. Government Warns of Ransomware Threat Against Hospitals

This week, Krebs on Security released an article on a Russian cybercriminal gang that have been known for deploying ransomware has prepared to attack hundreds of hospitals, clinics, and medical care facilities across the United States.

The FBI and U.S. Department of Homeland Security met with healthcare experts to warn about the “imminent cybercrime threat to U.S. hospitals and healthcare providers.” The agencies said they were sharing the information “to provide warning to healthcare providers to ensure that they take timely and reasonable precautions to protect their networks from these threats.”

“They didn’t share any Indicators of Compromise (IoCs), so it’s just been ‘patch your systems and report anything suspicious’,” said a healthcare industry veteran who participated in the meeting.

Alex Holden, founder of Hold Security, received a tip 24 hours before the warning was issued. Holden mentioned that he saw online communications between cybercriminals that are associated with the ransomware group known as Ryuk where group members planned to deploy ransomware at more than 400 healthcare facilities in the U.S.

So far, however, nothing like hundreds of facilities have publicly reported ransomware incidents. But there have been a handful of hospitals dealing with ransomware attacks in the past few days.

It's important for your organization to be prepared in the event of a ransomware attack. New-school security awareness training can help your users spot the warning signs and report any suspicious activity. Krebs on Security has the full story.

Blog posts with links:
https://blog.knowbe4.com/heads-up-u.s.-government-warns-of-ransomware-threat-against-hospitals
See How You Can Get Audits Done in Half the Time at Half the Cost

You told us you have challenging compliance requirements, not enough time to get audits done, and keeping up with risk assessments and third-party vendor risk is a continuous problem.

KCM GRC is a SaaS-based platform that includes Compliance, Risk, Policy and Vendor Risk Management modules. KCM was developed to save you the maximum amount of time getting GRC done.

Join us TOMORROW, Wednesday, November 4 @ 1:00 PM (ET), for a 30-minute live product demonstration of KnowBe4's KCM GRC platform. Plus, get a look at new compliance management features we’ve added to make managing your compliance projects even easier!
  • NEW! Control guidance feature provides in-platform suggestions to help you create controls to meet your specific scopes and requirements.
  • NEW! Assign additional users as approving managers to review task evidence before a task is closed with tiered-level approvals.
  • Vet, manage and monitor your third-party vendors' security risk requirements.
  • Simplify risk management with an intuitive interface and simple workflow based on the well-recognized NIST 800-30.
  • Quick implementation with pre-built requirements templates for the most widely used regulations.
  • Dashboards with automated reminders to quickly see what tasks have been completed, not met, and past due.
Date/Time: TOMORROW, Wednesday, November 4 @ 1:00 PM (ET)

Save My Spot!
https://event.on24.com/wcc/r/2774887/E0FD50188B8CE52CAE88B5BA0917B3FD?partnerref=CHN2
Nearly Half of the World’s Workers Don’t Know What a Mobile Phishing Attack Is

As organizations look for permanent solutions to operate using a remote workforce, users continue to elevate the risk of cyberattack by not worrying about cybersecurity.

There’s something like 1/3 of the world working from home right now. According to a new report The Everywhere Enterprise from MobileIron, much of the initial focus was to simply get workers productive.

From the data it appears that organizations were quickly able to succeed here; two-thirds (66%) of survey respondents stated their employer had the right technologies and solutions in place so employees could work productively from home.

According to the report, this remote workforce isn’t going anywhere; 80% of the employees surveyed stated they don’t want to return to the office full-time. So, organizations need to realize we’ve achieved the “new normal,” and desperately need to find ways to provide as much security today as was possible when everyone worked from the office.

And that’s going to be tough for a few reasons:
  • Users are using mobile devices – according to the report nearly three-fourths (72%) of employees find their mobile device important to ensure productivity while working remotely.
  • Users aren’t concerned about corporate security – one-third of employees worldwide consider IT security to be a low priority.
  • Users are completely unaware of the danger – 43% of employees stated they don’t know what a mobile phishing attack is or looks like.
Mobile devices are one of the more difficult devices to manage corporately. Because users are relying on these devices, aren’t concerned about cybersecurity, and – most shockingly – don’t know how to identify a mobile phishing attack, it’s imperative you step your users through a training module or two that highlight these particular mobile threats.

Blog post with links:
https://blog.knowbe4.com/nearly-half-of-the-worlds-workers-dont-know-what-a-mobile-phishing-attack-is
[New Webinar] Top 5 IT Security Myths Your CISO Believes Are True… BUSTED!

Facts are facts, but what happens when IT security pros take myths at face value?

That got us thinking… what if we whip out our magnifying glasses, pull out the trench coats and use our research skills to differentiate fact from fiction? Join us for this interactive webinar where we’ll help you decide how to invest your time and money wisely, how to implement worthwhile defenses, and what holes to plug so your organization gets the best bang for your security budget buck.

Join Roger Grimes, KnowBe4’s Data-Driven Defense Evangelist, and Erich Kron, KnowBe4’s Security Awareness Advocate, as they uncover the truth behind these 5 top IT security myths. They’ll be stating facts and slinging stats.
  • Good data backups will save you from ransomware
  • Long passwords are safer than short passwords
  • Running an obscure OS keeps your network safe
  • Every organization needs antivirus and firewalls on endpoints
  • End users can’t be trained; technology is your only defense
Roger and Erich will present each side. Then YOU DECIDE whether each myth is confirmed or BUSTED in a live vote! Join us to let your voice be heard and earn CPE credit for attending.

And here is our 1-minute promo video for this webinar. It’s fun, enjoy! :D
https://www.youtube.com/watch?v=HCu3fW2Qv1Y

Date/Time: Wednesday, November 11 @ 2:00 PM (ET)

Save My Spot!
https://event.on24.com/wcc/r/2811526/51349D9DB344D4CE4CB4DBCCEDA4B259?partnerref=CHN1
And Here Is a Vote You Can Do in Less Than 1 Minute :-D

KnowBe4 is nominated in a few categories for the Computing Security Awards. Voting is open to anyone worldwide. They provided a direct voting link that includes just the categories we are nominated in and we already preselected KnowBe4 to make it easy for you.

Has your team benefited from our security awareness training and simulated phishing? Share your success with us by voting for KnowBe4 in the Computing Security Awards! We have been nominated for eight different categories:
  • Security Company of the Year
  • Security Education and Training Provider of the Year
  • Enterprise Security Solution of the Year
  • Customer Service Award
  • Contribution to CyberSecurity Award -- Person
  • Anti Phishing Solution of the Year
  • Security Service Provider of the Year
  • Anti Malware Solution of the Year
Winners will be announced Dec. 3. Every vote counts! Please vote here now, and thanks so much in advance!
https://computingsecurityawards.co.uk/?page=knowbe4_csa2020vote


Let's stay safe out there, with tens of millions working from home.

Warm Regards,

Stu Sjouwerman
Founder and CEO
KnowBe4, Inc

PS: As a CEO with VC investors, I follow what happens in the venture capital space and what things VCs are interested in regarding their investment strategies. I was happily surprised to see Andreessen Horowitz, of the world's preeminent VC's come out with a slide deck and 20-minute video presentation that essentially is pure security awareness training. You should check it out, great budget ammo:
https://blog.knowbe4.com/famous-vc-firm-the-new-attack-surface-is-your-life?s



Quotes of the Week
"I learned that courage was not the absence of fear but the triumph over it."
- Nelson Mandela


"Fear is a reaction. Courage is a decision."
- Sir Winston Churchill


Thanks for reading CyberheistNews

Security News
Don't Neglect the Threat of Vishing

People need to help raise awareness about voice phishing scams, or vishing, according to Paul Ducklin at Naked Security. While phone scams have been around for years, they remain effective and people continue to fall for them.

Someone who would be suspicious of an unexpected email might be more trusting when there’s a human voice at the other end of the line.

“Never let yourself get suckered, surprised, or seduced into taking any direct action on the basis of a phone call you weren’t expecting from a person whose voice you don’t recognise with certainty,” Ducklin writes. “It doesn’t matter where the call claims to originate.

Anyone can say they are from your bank, a hospital, the tax agency, a coronavirus track-and-trace service, the local police station, or the lottery company. Whether the caller is giving you bad news or good, you have no way of verifying anything that’s said to you from information offered up in the call itself.”

Ducklin adds that when you receive an unsolicited phone call from someone asking for information or trying to get you to do something, you should hang up and call the organization that the caller claimed to work for.

“Whether you are worried about a fraudulent transaction, scared about a tax problem, or excited about what could be a lottery win, here’s what to do: find a number to call back by yourself, using contact information you already have on record,” Ducklin says.

“Your last tax return should have a tax office contact number on it; your credit card should have a fraud reporting number on the back; most hospitals have a central contact number that can be double-checked online; and so on. Never rely on information read out to you in a call, or sent in an email, or delivered via SMS, as a way of deciding whether to believe the message or the call.”

Naked Security has the story:
https://nakedsecurity.sophos.com/2020/10/27/phone-scamming-friends-dont-let-friends-get-vished/
Couple Avoids Becoming a Victim to Publishers Clearing House Scam

An elderly couple in Tennessee avoided falling victim to a scam by recognizing the signs of social engineering, WREG reports. Kay and Bill Pritchett received six different phone calls from a scammer claiming to be from Publishers Clearing House. The scammer told Bill that he had won a runner-up prize.

“He said you have won a million and a half dollars,” Bill said. “I thought wow, too. He said you have won a 2020 Mercedes automobile. The only problem with that is we only have three colors left. I can see where someone would fall for this. With COVID and people hurting for money and all that. He said, by the way, he also said you get 3,000 dollars a week for life.”

Notably, the scammer didn’t ask them for money. Instead, he instructed Bill to set up a new checking account.

“He wanted me to go to my bank and open a checking account in my name,” Bill. “He stressed right then, don’t put any money in it. And, get a photocopy of your identification so we can verify that it is you.”

Fortunately, Bill and Kay knew this would set them up for identity theft and they refused to comply, despite the scammer calling them repeatedly. Even so, the couple said this scammer was more persuasive than others they had encountered, since it was a real person on the line.

“The thing about him was he was good at what he done,” Bill said. “He was a salesman.” WREG notes that Publishers Clearing House doesn’t call winners ahead of time, they won’t ask for personal or financial information. Kay pointed out that scammers take advantage of people’s emotions to get them to act against their better judgement.

“You want to make money; you want something free,” Kay said. “It’s like playing scratch tickets, you want that money, right now. So it is tempting to do it.”

While Kay and Bill avoided falling for the scam, the couple decided to share their story to help other people be vigilant. “You get senior citizens like us, even young people, fall for stuff like this all the time,” Kay said.

Blog Post with links:
https://blog.knowbe4.com/couple-avoids-becoming-a-victim-to-publishers-clearing-house-scam
What KnowBe4 Customers Say

""I mentioned to our enrollment tech, John Krapps (who's great BTW), that it'd be really cool if KB4 offered a cert program as that would be good for admins like me, and also would look good on a resume."
- B.D., Senior Systems Administrator


KnowBe4 Comment: Stay tuned for an announcement first half of 2021! :-D
The 10 Interesting News Items This Week
    1. Smear Campaigns Seek to ‘Red-Pill’ Boomers with Fake Snopes Content:
      https://www.snopes.com/news/2020/10/22/red-pill-smear-campaigns/

    2. Disinformation That Kills: The Expanding Battlefield Of Digital Warfare:
      https://www.cbinsights.com/research/future-of-information-warfare/

    3. Roger Grimes is excited to announce the new release of his 12th book, Hacking Multifactor Authentication. Scary, and warmly recommended!
      https://blog.knowbe4.com/new-book-hacking-multi-factor-authentication

    4. U.S. Treasury Sanctions Russian Institute Linked to Triton Malware:
      https://www.securityweek.com/us-treasury-sanctions-russian-institute-linked-triton-malware?

    5. Munich Security Conference attendees targeted with Iran-linked spearphishing, Microsoft says:
      https://www.cyberscoop.com/munich-security-conference-phishing-iran-apt35/

    6. Russian Espionage Group Updates Custom Malware Suite:
      https://threatpost.com/russian-espionage-custom-malware/160673/

    7. Fake COVID-19 survey hides ransomware in Canadian university attack:
      https://blog.malwarebytes.com/cybercrime/2020/10/fake-covid-19-survey-hides-ransomware-in-canadian-university-attack/

    8. Calling the bluff of breachstortion gangs:
      https://www.computing.co.uk/opinion/4022364/calling-bluff-breachstortion-gangs

    9. Cybersecurity Challenges for the Charity Sector:
      https://www.cpomagazine.com/cyber-security/cybersecurity-challenges-for-the-charity-sector/

    10. US SIM swap fraudsters charged with multiple crimes:
      https://www.justice.gov/usao-md/pr/two-men-facing-federal-indictment-maryland-scheme-steal-digital-currency-and-social-media
Cyberheist 'Fave' Links
This Week's Links We Like, Tips, Hints and Fun Stuff

FOLLOW US ON: Twitter | LinkedIn | YouTube
Copyright © 2014-2020 KnowBe4, Inc. All rights reserved.



Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews