CyberheistNews Vol 11 #13 [EYE OPENER] Mom Charged in Deepfake Cheerleading Plot

CyberheistNews Vol 11 #13
[EYE OPENER] Mom Charged in Deepfake Cheerleading Plot

Raffaela Marie Spone, a 50-year-old mom from Pennsylvania, has been arrested after allegedly leveraging deepfake technology to target several of her daughter’s cheerleading rivals.

The incident shows how dangerous deepfake technology is, as Spone used it to tarnish the girls’ reputations. Spone allegedly created deepfake videos that showed the girls drinking, smoking, and naked. The videos were then sent to the cheerleaders’ coach in an attempt to get them kicked off the team.

The altered content was allegedly pulled from the girls’ social media accounts. According to the Hilltown Township Police Department, Spone was previously under investigation after a minor reported being harassed via text message.

Additional girls came forward, experiencing the same thing and part of the same cheerleading team, the Victory Vipers.

Spone allegedly also sent the deepfake videos to the girls via text, along with horrific messages telling them to engage in self-harm. Police arrested Stone after discovering evidence on her phone linking her to the texts and images.

Deepfakes are a looming threat

We need to inoculate our employees against this type of social engineering. KnowBe4 is proud to have recently a training module that trains your users to Spot and Stop the Spread of Disinformation.

This new module covers the red flags that show an email or social media message might be propaganda, and trains the end user to apply critical thinking before they forward damaging disinformation.

Blog post with links:
[Live Demo] Ridiculously Easy Security Awareness Training and Phishing

Old-school awareness training does not hack it anymore. Your email filters have an average 7-10% failure rate; you need a strong human firewall as your last line of defense.

Join us THIS WEEK, Thursday, April 1 @ 2:00 PM (ET), for a live demonstration of how KnowBe4 introduces a new-school approach to security awareness training and simulated phishing.

Get a look at new features and see how easy it is to train and phish your users.
  • NEW! AI Recommended training suggestions based on your users’ phishing security test results.
  • NEW! Brandable Content feature gives you the option to add branded custom content to select training modules.
  • NEW! 2021 Training Modules and fresh content published in the ModStore.
  • Did You Know? You can upload your own SCORM training modules into your account for home workers.
  • Active Directory Integration to easily upload user data, eliminating the need to manually manage user changes.
Find out how 37,000+ organizations have mobilized their end-users as their human firewall.

Date/Time: THIS WEEK, Thursday, April 1 @ 2:00 PM (ET)

Save My Spot!
[For Your CEO] KPMG: Cyber Security Risk Is Now No. 1 Threat To Growth

KPMG in the UK just released their CEO 2021 Outlook Pulse Survey where global leaders were asked about their 3-year outlook. CEOs of the world’s most influential companies are planning what a return to ‘normal’ will look like.

Nearly half (45 percent) expect normality to resume in 2022, with only one-third (31 percent) anticipating a return to normal in 2021. Significantly, 24 percent of leaders say that their business has changed forever.

When asked: Which of the following risks poses the greatest threat to your organization's growth over the next 3 years? the following graph was published. Note the change from position 5 in 2020 to position 1 in 2021.

Blog with graph:
See How You Can Get Audits Done in Half the Time, Half the Cost and Half the Stress

You told us you have challenging compliance requirements, not enough time to get audits done, and keeping up with risk assessments and third-party vendor risk is a continuous problem.

KCM GRC is a SaaS-based platform that includes Compliance, Risk, Policy and Vendor Risk Management modules. KCM was developed to save you the maximum amount of time getting GRC done.

Join us THIS WEEK, Thursday, April 1 @ 1:00 PM (ET), for a 30-minute live product demo of KnowBe4's KCM GRC platform. Plus, get a look at new compliance management features we've added to make managing your compliance projects even easier!
  • NEW! Control guidance feature provides in-platform suggestions to help you create controls to meet your specific scopes and requirements.
  • Vet, manage and monitor your third-party vendors' security risk requirements.
  • Simplify risk management with an intuitive interface and simple workflow based on the well-recognized NIST 800-30.
  • Quick implementation with pre-built requirements templates for the most widely used regulations.
  • Dashboards with automated reminders to quickly see what tasks have been completed, not met, and past due.
Date/Time: THIS WEEK, Thursday, April 1 @ 1:00 PM (ET)

Save My Spot!
Not Your Father's Tech Support Scam

By Eric Howes, KnowBe4 Principal Lab Researcher. Over the past month or so customers using the Phish Alert Button (PAB) have been reporting a curious wave of what initially appeared to be run-of-the-mill tech support scam emails.

As it turns out, the operation being run here on unsuspecting consumers is definitely not your usual tech support scam.

These scam emails announce that your subscription to some software product (usually a security product like Malwarebytes) or online service (like Geek Squad) has been automatically renewed at some outrageous price — usually in the neighborhood of $400-$600. The email provides a number to call if you want to cancel the subscription.

Over a number of weeks the volume of emails being reported kept growing, as did the variety of well-known brands and products being named and referenced in the emails.

Curious, we decided to take the plunge and find out what was going on. The particular email we selected to use was a fairly typical example of the genre that pushed a subscription to a non-existent Norton product.

[NEW WEBINAR] Nation-State Hacking 2.0: Why Your Organization Is Now at Risk From This Evolving Threat

Security professionals have worried about cyberwarfare for decades. But the attack on Sony Pictures, the SolarWinds supply chain compromise, and now the latest Microsoft Exchange zero-day exploits show that nation-state attacks are having a much bigger impact than ever before.

Don’t let the big names fool you. Today, any organization is fair game, which means your organization could be next.

Join Roger Grimes, KnowBe4’s Data-Driven Defense Evangelist to find out how these attacks are evolving and why organizations like yours are their new target.

In this webinar you’ll learn:
  • The history of nation-state attacks and how they’re changing
  • Why these attacks now impact organizations of all sizes and industries
  • How you can mitigate the threat of nation-state attacks
  • Why it’s critical to empower your organization’s human firewall
You did not sign up for this, but the digital cold war is here. Find out the strategies you need to implement now and earn CPE credit for attending.

Date/Time: Wednesday, April 7 @ 2:00 PM (ET)

Save My Spot!

Let's stay safe out there.

Warm Regards,

Stu Sjouwerman
Founder and CEO
KnowBe4, Inc

PS: Two (budget ammo) articles from yours truly in CISO Mag and Forbes:


Quotes of the Week
"Don’t let the past steal your present."
- Cherralea Morgen

"It’s no use going back to yesterday, because I was a different person then."
- Lewis Carroll - Writer (1832 - 1898)

Thanks for reading CyberheistNews

Security News
The Compact Campaign Bypasses Phishing Protections

Microsoft has warned that a phishing campaign dubbed “Compact” is abusing email configuration settings to bypass security solutions, SecurityWeek reports.

The attackers are using hacked accounts on email delivery platforms to send their phishing messages. “Phishers continue to find success in using compromised accounts on email marketing services to send malicious emails from legitimate IP ranges and domains,” Microsoft said on Twitter.

“They take advantage of configuration settings that ensure delivery of emails even when the email solution detects phishing. Microsoft Defender for Office 365 data shows that this phishing operation is still active today and continues to expand.

In addition to SendGrid, the attackers also used Amazon SES last year. Since January, they have been using Mailgun. We have shared our research with Mailgun.”

Additionally, the attackers are using Appspot to generate phishing URLs that can evade detection. “The attackers abuse another legitimate service to further mask the malicious intent of their phishing emails,” Microsoft said.

“To evade domain reputation-based solutions, they use Appspot to create multiple unique phishing URLs per recipient. We shared our findings with Appspot, who confirmed the malicious nature of the reported URLs and used the shared intelligence to find and suspend additional offending projects on Appspot. We’ll continue working with Appspot as we continue to track this active phishing operation.”

Finally, Microsoft says the phishing emails are spoofing video conferencing platforms and workplace productivity applications. “This phishing operation is also known for using emails that impersonate notifications from video conferencing services, another way the attackers feign legitimacy,” the company said.

“More recent campaigns have also used emails that spoof security solutions and productivity tools. Microsoft Defender for Office 365 detects this phishing campaign. Because this campaign uses compromised email marketing accounts, we strongly recommend orgs to review mail flow rules for broad exceptions that may be letting phishing emails through.”

New-school security awareness training can enable your employees to recognize phishing emails that slip through the cracks in your defenses.

SecurityWeek has the story:
A Can of Phishbait: From Surveys to Rule Changes to Your Boss's Boss

Employees need to continue being wary of phishing scams as they begin to return to the office, according to Roger Kay at INKY. Kay describes several phishing templates that INKY has intercepted in recent months, including one that informed recipients that they needed to fill out a compliance form related to COVID-19 risks.

“Reasonably well written, this email, apparently from the human resources department at the target company, actually came from phishers located in the United Kingdom,” Kay writes. “There are elements that might strike the recipient as strange. For example, the phrase ‘recuperating favorably’ is a bit off. Noncompliance is spelled ‘non-compliance.’ And ‘these guide and policies’ has an agreement-of-number problem.

But otherwise, it’s a pretty good fake, including the legitimate SharePoint link embedded in the email. The problem with the link was that it led to a real but hijacked SharePoint site that was turned into a credential harvesting operation.”

Another phishing email purported to be sent from a company’s HR department asking all employees to take a survey regarding their interest in receiving a COVID-19 vaccine. The email contained a link to “survymonky/r/HPG23P” (spoofing the entirely legitimate and very familiar surveymonkey[dot]com).

Kay also describes an email that appeared to come from the company’s CEO and abused an open redirect link to fool the target into thinking the link was benign.

“[E]mbedded within it was a link that used Google's open redirect capability to send those who clicked through to a malware injection site or a credential harvesting operation,” he writes. “The cybercriminal was able to exploit a weakness that some legitimate websites like Google use that allows users to input parameters in a link that redirects to other sites.

What the user sees is ‘google(.com)’ followed by a long URL path. Even if the recipient were to scrutinize the URL, all they'd see was a good-looking Google redirect.” New-school security awareness training can enable your employees to recognize phishing scams and other forms of social engineering.

INKY has the story:
Spoofing Tailored to Financial Departments

Researchers at Area 1 Security have warned of a large spear phishing campaign targeting financial departments and C-suite employees with spoofed Microsoft 365 login pages. The researchers say that in some cases the attackers “specifically targeted newly-selected CEOs during critical transitionary periods.” Additionally, the attackers went after executives’ assistants.

“Beyond financial departments, the attackers also targeted C-suite and executive assistants,” Area 1 says. “Targeting high-level assistants is an often-overlooked method of initial entry, despite these employees having access to highly sensitive information and an overall greater level of privileges.

In a few instances, the attackers even attempted to bait newly selected CEOs of two major companies before any public announcements of this significant senior executive changeover were made.”

The attackers appear to have been attempting to conduct business email compromise scams. “A large majority of the phishing attacks stopped by Area 1 Security were headed to financial controllers and treasurers at various international companies,” the researchers write.

“By targeting the financial departments of these companies, the attackers could potentially gain access to sensitive data of third parties through invoices and billing, commonly referred to as a BEC (Business Email Compromise) attack. This enables the attackers to send forged invoices from legitimate email addresses to suppliers, resulting in payments being made to attacker-owned accounts.”

The researchers note that the phishing emails were able to bypass email security measures, and the attackers seem to have been more sophisticated than most cybercriminals.

“Clever tactics were used to not only craft the phishing messages, but also to send those messages, as well as to obtain passwords,” the researchers write. “These methods utilized a number of techniques at every step — including legitimate-looking domains and login pages, plus advanced phishing kits — to bypass email authentication and Microsoft’s email defenses.

It’s clear that the masterminds behind these attacks possess above average skills compared to your typical credential harvesting schemers.” New-school security awareness training can enable your employees to thwart targeted social engineering attacks.

Area 1 Security has the story:
What KnowBe4 Customers Say

After 90 days I send an email to new customers and ask them if they are happy campers. Here are some replies:

"Good morning Stu, The bonfire is warm and the smores taste fine, though we could do with more chocolate.

Things are progressing smoothly with our implementation of KB4. We have been seeing improvements in the results of repeated campaigns. Currently our next goal is the proper establishment of PhishER and the PAB."
- S.Y., Associate Security Analyst, Cyber Defense Center

"Thanks for the email, especially if it's actually real. I do really like your product. It's a great way to get training out to the end users and at least get thoughts of security on their minds. I like the ease of use of the product, and how I can set it up fairly quickly to get things going. Again, thanks for checking in. Great product!"
- L.B., IT Director/
The 10 Interesting News Items This Week
    1. CISA Prepares to Use New Subpoena Power:

    2. Microsoft Exchange servers now targeted by BlackKingdom ransomware:

    3. Russian pleads guilty to Tesla ransomware plot:

    4. One Shockingly Common Blind Spot that Can Derail Your Company's Cybersecurity:

    5. Social Engineering: Hacking Dave To The Rescue:

    6. U.K. Royal Mail scam says your parcel is waiting for delivery:

    7. Slack is Now Open to Everyone. That Includes Hackers:

    8. Third-party cyber security incident impacts Shell:

    9. Two-Thirds of Large Firms Attacked as COVID 19 Hampers Security:

    10. Ransomware-Wielding Gangs Love to Phish With Trojan Loaders:
Cyberheist 'Fave' Links
This Week's Links We Like, Tips, Hints and Fun Stuff

FOLLOW US ON: Twitter | LinkedIn | YouTube
Copyright © 2014-2021 KnowBe4, Inc. All rights reserved.

Subscribe to Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews