CyberheistNews Vol 11 #45 [HEADS UP] Get Prepared for Sophisticated Black Friday Scams

CyberheistNews Vol 11 #45
[HEADS UP] Get Prepared for Sophisticated Black Friday Scams

Researchers at Tessian caution that people should be wary of scams as Black Friday approaches. The researchers found that 30% of people in the US reported receiving a phishing message around Black Friday in 2020.

“Nearly a third of U.S. consumers (30%) said they received a phishing email around Black Friday last year, either by email or SMS to their personal email or cell,” the researchers write. “The thing is that consumers expect to receive more marketing and advertising emails from retailers during this time, touting their deals, along with updates about their orders and notifications about deliveries.

Inboxes are noisier-than-usual and this makes it easier for cybercriminals to ‘hide’ their malicious messages. What’s more, attackers can leverage the ‘too-good-to-be-true’ deals people are expecting to receive, using them as lures to successfully deceive their victims. When the email looks like it has come from a legitimate brand and email address, people are more likely to click on malicious links that lead to fake websites or download harmful attachments.”

Tessian also notes that employees at retailers should be vigilant for phishing attacks as they approach the busiest time of the year.

“And it’s not just consumers that need to be wary,” Tessian says. “Employees in the retail industry will be busier and more distracted than ever during this time, faced with hundreds of orders, thousands of customer queries to respond to, and overwhelming sales targets to hit. Cybercriminals will use this to their advantage, crafting sophisticated phishing emails and cleverly worded social engineering messages in the hope that a stressed worker will miss the cues and comply with their requests.”

Tessian concludes that employers should ensure that their employees are equipped to recognize these attacks. “In fact, security leaders in the retail industry told us that they aren’t 100% confident that their staff will be able to identify the scams that land in their inbox during these busier periods,” the researchers write.

“Being made aware of the scams and being provided with sound advice in-the-moment on what to do if they do receive a phishing email will make the difference between whether an employee clicks on the link or shares their credentials versus if they don’t.”

It’s worth remembering, as we consider the warnings, that Black Friday has undergone the same kind of seasonal creep other American holiday periods have seen, the kind of seasonal creepy that now causes Halloween candy to begin appearing in stores as early as August. The scams are clearly connected to the calendar, but they’re connected loosely, and the criminals won’t wait until the Friday after Thanksgiving to start pursuing their marks.

New-school security awareness training enables your employees to recognize phishing and other social engineering attacks.

Blog post with links:
[New PhishER Feature] Turn the Tables on the Cybercriminals with PhishFlip

Cybercriminals are always coming up with new, devious phishing techniques to trick your users. PhishFlip is a new PhishER feature that allows you to respond in real time and turn the tables on these threat actors. With PhishFlip, you can now immediately ‘flip’ a dangerous attack into an instant real-world training opportunity for your users.

Your users are likely already reporting potentially dangerous emails in some fashion within your organization. You can now combine your existing PhishRIP email quarantine capability with the new PhishFlip feature which automatically replaces active phishing threats with a new defanged look-alike back into your users’ mailbox.

The new PhishFlip feature is included in PhishER—yes you read that right, no extra cost— so now you can turn the tables on these threat actors and flip targeted phishing attacks into a simulated phishing test for all users. This new feature dramatically reduces data breach risk and the burden on your IT and InfoSec teams.

See how you can best manage your user-reported messages.

Join us TOMORROW, Wednesday, November 17 @ 2:00 PM (ET) for a live 30-minute demo of the PhishER product including our new PhishFlip feature. With PhishER you can:
  • NEW! Automatically flip active phishing attacks into safe simulated phishing campaigns with PhishFlip. You can even replace active phishing emails with safe look-alikes in your user’s inbox
  • Easily search, find, and remove email threats with PhishRIP, PhishER’s email quarantine feature for Microsoft 365 and G Suite
  • Cut through your Incident Response inbox noise and respond to the most dangerous threats more quickly
  • Automate message prioritization by rules you set into one of three categories: Clean, Spam or Threat
  • Easy integration with KnowBe4’s email add-in button, Phish Alert, or forwarding to a mailbox works too
Find out how adding PhishER can be a huge time-saver for your Incident Response team!

Date/Time: TOMORROW, Wednesday, November 17 @ 2:00 PM (ET)

Save My Spot!
Highly Popular Stock Trading Platform Becomes Next Social Engineering Victim

Bleeping Computer recently reported a data breach from popular stock trading platform Robinhood. This breach has impacted more than 7 million of their customers.

The attack took place November 3rd after a cybercriminal used social engineering tactics to convince an employee to gain access to the customer support systems. Once the support systems were accessed, the cybercriminal was able to obtain personal information from Robinhood's customer database.

Robinhood released this statement on their blog, "At this time, we understand that the unauthorized party obtained a list of email addresses for approximately five million people, and full names for a different group of approximately two million people,"

While the company believes that debit card numbers and bank account numbers were not exposed during the attack, they have received an extortion demand in Bitcoin.

Robinhood recommends taking the following precautions if you're a customer:
  • Look out for any phishing emails that are designed to steal your login credentials
  • Only interact with the authorized Robinhood social apps. You can find these social accounts within the app at Help Center > General Questions > Robinhood Social Media
  • Report suspected phishing scams to reportphishing(@)robinhood(.)com
  • Enable 2-factor authentication for Robinhood accounts within the app at Accounts > Security and Privacy > Two-Factor Authentication
Had the Robinhood employee received new-school security awareness training, this data breach could have been prevented. This unfortunate incident should serve as a warning for your organization to continually educate your users on the latest threats and attack tactics.

Blog post with links:
Do Users Put Your Organization At Risk With Browser-Saved Passwords?

Cybercriminals are always looking for easy ways to hack into your network and steal your users’ credentials.

Verizon's recent Data Breach Investigations Report shows that attackers are increasingly successful using a combo of phishing and malware to steal user credentials. In fact, Password Dumpers takes the top malware spot making it easy for cybercriminals to find and “dump” any passwords your users save in web browsers.

Find out now if browser-saved passwords are putting your organization at risk.

KnowBe4’s Browser Password Inspector (BPI) is a complimentary IT security tool that allows you to analyze your organization’s risk associated with weak, reused, and old passwords your users save in Chrome, Firefox and Edge web browsers.

BPI checks the passwords found in the browser against active user accounts in your Active Directory. It also uses publicly available password databases to identify weak password threats and reports on affected accounts so you can take action immediately.

With Browser Password Inspector you can:
  • Search and identify any of your users that have browser-saved passwords across multiple machines and whether the same passwords are being used
  • Quickly isolate password security vulnerabilities in the browser and easily identify weak or high-risk passwords being used to access your organization’s key business systems
  • Better manage and strengthen your organization's password hygiene policies and security awareness training efforts
Get your results in a few minutes! They might make you feel like the first drop on a roller coaster!

Find Out Now:
[Heads Up] Phishing Attacks Aimed at Social Accounts Now in the Top Three Targeted Sectors

New data on the use of impersonation in phishing attacks focused on social media accounts shows some very realistic and worrisome websites and emails that could definitely fool you.

We’ve discussed the most impersonated brands many times, with Microsoft nearly always dominating the list. But new data from CheckPoint’s Q3 Brand Phishing Report shows threat actors are shifting focus – Microsoft’s share of impersonated brands dropped from 45% in Q2 to just 29% in Q3.

This new report shows social media has become of great interest – specifically WhatsApp, LinkedIn, and Facebook – in the top ten imitated brands. What’s truly scary about attacks using these brands is the realism found in the examples.

Long gone are the days of poorly-worded and equally poorly-designed webpages and emails, and today’s impersonation is an exercise in perfection.

Take a look at some of the examples and screenshots from the report:
Phishing By Industry Benchmarking: Find Out How You Are Doing Compared To Your Peers Of Similar Size

As a security leader, you’re faced with a tough choice. Even as you increase your budget for sophisticated security software, your exposure to cybercrime keeps going up!

IT security seems to be a race between effective technology and clever attack methods. However, there’s an often-overlooked security layer that can significantly reduce your organization’s attack surface: New-school security awareness training.

The 2021 Study analyzed a data set of 6.6 million users across 23,400 organizations with more than 15.5 million simulated phishing security tests. In this report, research from KnowBe4 highlights employee Phish-Prone™ percentages by industry, revealing at-risk users that are susceptible to phishing or social engineering attacks.

Taking it a step further, the research also reveals radical drops in careless clicking after 90 days and 12 months of new-school security awareness training.
You will learn more about:
  • New phishing benchmark data for 19 industries
  • Understanding who’s at risk and what you can do about it
  • Actionable tips to create your “human firewall”
  • The value of new-school security awareness training
Do you know how your organization compares to your peers of similar size?

Download this whitepaper to find out!
[LAST CALL] Could You Do Me a Favor? Vote for KnowBe4 in the 2021 Computing Security Awards!

Has your team benefited from our security awareness training and simulated phishing? Share your success with us by voting for KnowBe4 in the Computing Security Awards! We have been nominated for six different categories this year:
  • Security Company of the Year
  • Security Education and Training Provider of the Year
  • SME Security Solution of the Year
  • Customer Service Award -- Security
  • Anti Phishing Solution of the Year
  • Anti Malware Solution of the Year
You have until this Friday, Nov. 19 to vote for your favorite security company and winners will be announced Dec. 2. Every vote counts!

Please Vote Here Today: Thanks so much in advance.
CISA Director Jen Easterly Wants Hackers to Help US Cyber Defense

Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency, worries about misinformation, as a professional and as a parent. “One could argue we’re in the business of critical infrastructure,” she tells Wired, “and the most critical infrastructure is our cognitive infrastructure.”

Read this mini profile of one of the most powerful cybersecurity watchdogs in the world.

Let's stay safe out there.

Warm Regards,

Stu Sjouwerman
Founder and CEO
KnowBe4, Inc

PS: Send This Article To Your CEO: "Five Best Practices To Mitigate C-Suite Cyber Risk":

Quotes of the Week
"Nothing is more noble, nothing more venerable than fidelity. Faithfulness and truth are the most sacred excellences and endowments of the human mind."
- Marcus Tullius Cicero - Orator and Statesman (106 - 43 BC)

"Any man can make mistakes, but only an idiot persists in his error."
- Marcus Tullius Cicero - Orator and Statesman (106 - 43 BC)

Thanks for reading CyberheistNews

Security News
One-Fifth of U.K. Residents Have Experienced a ‘Proof of Vaccination’ Attack

As the pandemic now focuses on proving vaccination status in many locales, scammers are taking the opportunity to leverage the need for documentation to steal personal information.

First came the PPE scams. Then scams focused on getting the vaccine. Now cybercriminals are continuing the pandemic theme and responding to the current state of the pandemic by using the requirement to prove vaccination status to create a sense of urgency to get potential victims to act.

According to new findings by security researchers are security vendor Tessian, 22% of U.K. residents have received an email claiming to be the National Health Service (NHS) informing the recipient they must click a link to request and download their COVID-19 vaccination passport or certificate.

Blog post with links:
"Customer Complaint" May Get Your Attention

A spear phishing campaign is sending phony “customer complaints” that contain a link to a malicious website, according to Paul Ducklin at Naked Security. The phishing emails appear to come from a manager at the employee’s company and ask the recipient about a customer complaint they received. The link in the email purports to lead to a PDF of the complaint on the employee but leads to a page where the victim is tricked into downloading malware.

Ducklin adds that people are even more likely to click on the link if they work in a high-pressure environment.

“Worse, of course, is that junior staff in commonly outsourced jobs such as first-line support, where time pressure is always high, are the most likely to have been threatened with complaints by aggressive callers determined to get their way,” Ducklin writes. “And, let’s be perfectly honest, if you’ve ever worked in support, you’ll rarely ever have ‘reported yourself to management’ when a caller shouted at you and complained, unless the call was so aggressive or threatening that you wanted to ensure it was placed on the record for your own safety.”

Ducklin notes that in this case the sloppy appearance of the emails could tip off the recipient that the messages are fake.

“Never let yourself be pressured or threatened into acting in haste, because that’s exactly what the crooks are hoping you will do,” Ducklin says. “This scam is full of mistakes (spelling, grammar, incorrect web links, unlikely file downloads, digital signatures that simply don’t look right) that you would expect to notice on a good day, but could easily miss if you are acting in haste. But the signs are all there, even if you aren’t technical yourself, that this email simply doesn’t add up, and is fake.”

New-school security awareness training can enable your employees to recognize red flags associated with social engineering attacks.

Blog post with links:
New 'Frankenphishing' Tactic Combines Other Phishing Kits Into One

RiskIQ has observed another phishing kit that’s been pieced together from portions of other phishing kits.

“In early 2021, RiskIQ first detected a new phishing campaign targeting PayPal,” the researchers write. “The campaign, authored by an actor calling themself ‘Vagabon,’ looks to collect PayPal login credentials and complete credit card information from the victim.

The kit doesn't display many unique characteristics and is a textbook example of a ‘Frankenstein’ kit. In this increasingly popular trend, threat actors piece together new phish kits from modular, free, or readily available kits and services.”

The phishing kit is designed to trick victims into entering their PayPal information before redirecting them to the legitimate PayPal website.

“Following the initial PayPal username and password theft, the kit has a flow for further data theft, moving on to pages for account information and credit card data,” RiskIQ says. “Once the victim enters PayPal credentials, personal information, and credit card information, they redirect to the official PayPal website, which, to them, may seem like a perfectly legitimate place to end up.

The attacker will then receive a ‘VagabonSpam’ email containing all victim data points via the done[dot]php file.” The kit was apparently compiled from portions of code written by people who speak different languages.

“The Vagabon kit contains files written in four different languages: English, Spanish, French, and Arabic,” the researchers write. “Predominantly, files are English and Spanish or English and Arabic. However, some contain three or four languages, depending on the file function and the need to recall other foreign language files or functions.

The Vagabon kit, like many modern phish kits, contains code specific to blocking known research companies and common user agents. This code can be found within the .htaccess file as well as a bots.php file. The Vagabon PayPal kit will execute various processes, such as leveraging a user's IP geographic info to set the language and parameters for data validation as well as the exfiltration email address.”

Blog post with links:
What KnowBe4 Customers Say

"I have been a reseller for over 13-years now and worked with a lot of mfg. reps in my years of doing this. I wanted to send my feedback on working with DillonG. He has been more than a pleasure to work with. We have done three deals together so far. He is excellent at explaining your product without making my customers feel like they just talked to a used cars salesman.

He has been very attentive and responsive. Since COVID, all of us Account Executives have been fighting to get quotes, return phone calls and return emails from the majority of our mfg. reps. Dillon has always been on top of everything. Dillon has even called me back or answered his phone after hours, you have a great rep in him.

I know everyone likes to reach out to management and complain. When you work with someone as Awesome as Dillon, you need to reach out to let management know how great everything is going. Have a great day!"
- F.M. Elite Account Executive
The 10 Interesting News Items This Week
    1. House approves massive infrastructure plan that includes $1.9 billion for cybersecurity:

    2. Revealed - Cyber-mercenary group Void Balaur has been hacking companies for years:

    3. US sanctions Chatex cryptoexchange used by ransomware gangs:

    4. Experts Analyze Proposed Bill Allowing Private Entities to 'Hack Back’:

    5. State hackers breach defense, energy, healthcare orgs worldwide:

    6. China says a foreign spy agency hacked its airlines, stole passenger records:

    7. Where The Web Thugs Are - Inside Russia's Cyber Underworld:

    8. Mimecast: "Average ransomware payment for US victims more than $6 million":

    9. These industries were the most affected by the past year of ransomware attacks:

    10. CISA Director to Appoint Hackers to Cybersecurity Advisory Committee:
Cyberheist 'Fave' Links
This Week's Links We Like, Tips, Hints and Fun Stuff

FOLLOW US ON: Twitter | LinkedIn | YouTube
Copyright © 2014-2021 KnowBe4, Inc. All rights reserved.

Subscribe To Our Blog

Ransomware Hostage Rescue Manual

Get the latest about social engineering

Subscribe to CyberheistNews