CyberheistNews Vol 11 #49 [HEADS UP] Tricky New TSA PreCheck Scam Steals Your Personal and Credit Card Details

CyberheistNews Vol 11 #49

[HEADS UP] Tricky New TSA PreCheck Scam Steals Your Personal and Credit Card Details

Doing one of the best jobs impersonating a website ever seen, this new scam attempts to take those renewing or initially signing up through a believable process that most would fall for.

Most of the time, impersonation scams take you to a “website” that’s more than a single web page designed to look like the login page of the impersonated brand. But a new scam centered around registering for or renewing with TSA PreCheck takes the impersonation website to an entirely new level.

According to security researchers at Abnormal Security, this new scam starts out as wonky as most phishing scams with an email that doesn’t quite feel like it’s really from the TSA.

But where it gets interesting is when potential victims click the link and are taken to a pretty believable TSA registration site.

According to Abnormal Security, the scammer went through the trouble of not just collecting the salient personal details they can misuse later, but went as far as to ask nearly all the same questions found in the actual application.

And unlike most scams, they are attempting to take your credit card where payment is solicited for up front. This scam takes “payment” when it normally would – at the end of the process. This scam is one of the reasons KnowBe4 exists – to educate users through new-school security awareness training so they won’t be fooled by these kinds of scams. The sender email address and email copy are dead giveaways – something well-trained users will spot a mile away, avoiding the scam all together.

Check out the screenshots at this blog post:
https://blog.knowbe4.com/new-tsa-precheck-scam-seeks-to-collect-your-personal-and-credit-card-details

[New PhishER Feature] Turn the Tables on the Cybercriminals with PhishFlip

Cybercriminals are always coming up with new, devious phishing techniques to trick your users. PhishFlip is a new PhishER feature that allows you to respond in real time and turn the tables on these threat actors. With PhishFlip, you can now immediately ‘flip’ a dangerous attack into an instant real-world training opportunity for your users.

Your users are likely already reporting potentially dangerous emails in some fashion within your organization. You can now combine your existing PhishRIP email quarantine capability with the new PhishFlip feature, which automatically replaces active phishing threats with a new defanged look-alike back into your users’ mailbox.

The new PhishFlip feature is included in PhishER—yes you read that right, no extra cost— so now you can turn the tables on these threat actors and flip targeted phishing attacks into a simulated phishing test for all users. This new feature dramatically reduces data breach risk and the burden on your IT and InfoSec teams.

See how you can best manage your user-reported messages.

Join us TOMORROW, Wednesday, December 15 @ 2:00 PM (ET) for a live 30-minute demo of the PhishER product including our new PhishFlip feature. With PhishER you can:

NEW! Automatically flip active phishing attacks into safe simulated phishing campaigns with PhishFlip. You can even replace active phishing emails with safe look-alikes in your user’s inbox
Easily search, find, and remove email threats with PhishRIP, PhishER’s email quarantine feature for Microsoft 365 and G Suite
Cut through your Incident Response inbox noise and respond to the most dangerous threats more quickly
Automate message prioritization by rules you set into one of three categories: Clean, Spam or Threat
Easy integration with KnowBe4’s email add-in button, Phish Alert, or forwarding to a mailbox works too

Find out how adding PhishER can be a huge time-saver for your Incident Response team!

Date/Time: TOMORROW, Wednesday, December 15 @ 2:00 PM (ET)

Save My Spot!
https://event.on24.com/wcc/r/3458588/1797AEC9B908F8903F3DAEFAA59E2B76?partnerref=CHN2

You Can Now Be A Certified Security Awareness and Culture Professional (SACP)™

Your organization's cyber threat landscape is changing lightning fast. So, your security awareness skills need to stay razor sharp, and are increasingly viewed as critical to protect your organization from human error.

You can now be a leader in the security awareness and culture profession. Earn H Layer’s Security Awareness and Culture Professional (SACP)™ credential and demonstrate your competency to design and lead security awareness programs that build a sustained security-awareness culture.

Your Security Awareness and Culture Professional (SACP)™ credential is the only independent, vendor-neutral certification designed specifically for the newest in-demand job roles in security awareness.

Learn more about the SACP Exam. Check out the requirements. Don't wait.

Apply today and become one of the first professionals to earn your SACP Certification:
https://www.thehlayer.com/about-exam/

A Master Class on IT Security: Roger Grimes Teaches You Phishing Mitigation

Phishing attacks have come a long way from the spray-and-pray emails of just a few decades ago. Now they’re more targeted, more cunning and more dangerous. And this enormous security gap leaves you open to business email compromise, session hijacking, ransomware and more.

In this on-demand webinar Roger Grimes, KnowBe4’s Data-Driven Defense Evangelist shares a comprehensive strategy for phishing mitigation. With 30+ years experience as a computer security consultant, instructor, and award-winning author, Roger has dedicated his life to making sure you’re prepared to defend against ever-present IT security threats like phishing.

In this webinar you’ll learn:

How to develop a comprehensive defense-in-depth plan for phishing mitigation
Ideas for security policies you can implement now
Technical controls all organizations should consider
Gotchas to watch out for with cybersecurity insurance
Why it’s critical to develop your organization’s human firewall

Get the details you need to know now to protect your organization from phishing and social engineering attacks.

Watch the Webinar Now!
https://info.knowbe4.com/phishing-master-class-chn

[SHOCKER] Victims: "After a Data Breach, Changing Passwords and Good Password Hygiene Are Unimportant"

New shocking data shows how unconcerned victim users are after being notified of a data breach involving their credentials, personal information, and even social media accounts.

You’d think by now everyone would know that a data breach is serious business and only represents the beginning of what can become a sequence of malicious events in the future involving the data stolen.

But new data from the Identity Theft Resource Center’s Data Breach Notice Research report shows very few victims take all the appropriate action to properly secure their accounts once receiving notice of a data breach.

According to the report:

48% only change the password for the affected account, despite 85% of respondents admitting they use the same password across multiple accounts
22% changed passwords on all their accounts
16% of victims take no action at all

When asked why good password hygiene (which includes unique passwords for each account) isn’t being used, the following reasons were identified:

52% said it’s too difficult to remember their passwords
48% don’t trust or know how to use password managers
46% don’t think it’s important or believe their password practices are good enough

New-school security awareness training would fix much of this issue. With proper education, users can understand the value of unique and complex passwords in the context of cyberattacks, as well as how this applies to both their work and personal life.

Blog post with links:
https://blog.knowbe4.com/victims-after-a-data-breach-changing-passwords-and-good-password-hygiene-remain-unimportant

Re-Check Your Email Attack Surface Now. (We are always adding new breaches)

Your users are your largest attack surface. Data breaches are getting larger and more frequent. Cybercriminals are getting smarter every year. Add it all up, and your organization's risk skyrockets with the amount of your users' credentials that are exposed.

It's time to re-check your email attack surface.

Find out your current email attack surface now with KnowBe4’s Email Exposure Check Pro. EEC Pro identifies your at-risk users by crawling business social media information and now also thousands of breach databases.

EEC Pro leverages one of the largest and most up-to-date breach data sources to help you find even more of your users’ compromised accounts that have been exposed in the most recent data breaches - fast.

Do this complimentary test now!

Get your EEC Pro Report in less than 5 minutes. It’s often an eye-opening discovery. You are probably not going to like the results...

Get Your Report:
https://info.knowbe4.com/email-exposure-check-pro-chn-2021

Credential-Harvesting Phishing Campaign Urges Review of Spam

Researchers at MailGuard have observed a phishing campaign that’s using phony “spam notification” emails that purport to come from Microsoft Office 365. The emails tell recipients that an important-looking email has been sent to their spam folder, and they’ll need to click a link to view the supposed message.

“Scammers are sending the email from ‘quarantine[at]messaging[dot]microsoft[dot]com’, and the display name is the recipient’s domain, to feign authenticity,” the researchers write. “The email subject is ‘Spam Notification: 1 New Messages’, alluding to the body of the email that informs the recipient that a spam message has been blocked and is being held in quarantine for them to review.

Details of the ‘Prevented spam message’ are provided, with scammers personalizing the subject heading as ‘[company domain] Adjustment: Transaction Expenses Q3 UPDATE’ to create a sense of urgency and using a finance-related message.”

If a user clicks the link, they’ll be taken to a spoofed Office 365 login page. MailGuard notes that once an attacker compromises your Office 365 account, they can access a wealth of sensitive data.

“Providing your Microsoft account details to cybercriminals means that they have unauthorized access to your sensitive data, such as contact information, calendars, email communications, and more, which could lead to criminal activity such as BEC, identity theft, and other fraudulent activity,” MailGuard says.

“Customers of trusted brand names such as Microsoft are targeted by cyber criminals due to the company’s expansive user base, so customers must remain vigilant and check twice before clicking on any potentially harmful links.”

MailGuard urges users to be wary of emails that:

Are not addressed to you by name
Appear to be from a legitimate company but use poor English or omits personal details that a legitimate sender would include
Are from businesses that you were not expecting to hear from
Take you to a landing page or website that is not the legitimate URL of the company the email is purporting to be sent from

Blog post with links to the MailGuard story:
https://blog.knowbe4.com/credential-harvesting-phishing-campaign-urges-review-of-spam

Let's stay safe out there.

Warm Regards,

Stu Sjouwerman
Founder and CEO
KnowBe4, Inc

PS INTERESTING: Why the Private Sector Is Key to Stopping Russian Hacking Group APT29:
https://www.darkreading.com/attacks-breaches/why-the-private-sector-is-key-to-stopping-russian-hacking-group-apt29

PPS BUDGET AMMO: CISO Report: Ransomware Business Is Booming:
https://cybersecurityventures.com/ciso-report-ransomware-business-is-booming/

Quotes of the Week

"The search for the truth is the most important work in the whole world,
and the most dangerous."
- James Clavell - Writer (1924 - 1994)

"Beware of false knowledge; it is more dangerous than ignorance.".
- George Bernard Shaw - Dramatist (1856 - 1950)

Thanks for reading CyberheistNews

Security News

Real Cyberattack as Phishbait for a Scammer

Scammers are exploiting a real “cyber incident” at a Riverhead New York high school to send out robocalls that claim to be coming from the local police department, RiverheadLOCAL reports.

“Community members should be on the alert for scammers looking to take advantage of the school district’s situation, Riverhead Police Chief David Hegermiller said in a phone interview this afternoon after the police department issued a press release warning about a robocall in which someone claiming to be a Riverhead Police sergeant said he was calling about a data breach at Riverhead High School,” RiverheadLOCAL said.

“That call did not come from the Riverhead Police Department or any affiliated agencies, according to the police press release.” The scammers are likely spoofing the phone number to make the call appear legitimate.

“Police provided the phone number and caller ID information connected with the robocall,” RiverheadLOCAL said. “A woman who answered a call to that number today said she had not made any calls of that nature and had not heard anything about it prior to RiverheadLOCAL’s inquiry.

She said she had not been contacted by the Riverhead Police Department about the matter. She also said she does not live in Riverhead and does not have children in the district. The department is not making robocalls to the community about the situation in the school district, Hegermiller said this afternoon.

Anyone who receives any calls to that effect should hang up and report the call to police.” Hegermiller added that the department is still attempting to determine who is actually behind the calls.

“We are still working on it and trying to figure out who the caller actually is and how the number is being used,” Hegermiller said. New-school security awareness training can enable your employees to recognize the red flags of social engineering attacks so they can avoid falling for these types of scams.

RiverheadLOCAL has the story:
https://riverheadlocal.com/2021/12/06/investigation-into-school-district-cyber-attack-continues-as-police-warn-of-scam-call-referencing-data-breach-at-high-school/

[Seasonal Trend, Perennial Threat] New Phishing Campaign Has Fake DHL Shipping

Researchers at Avanan have spotted a new phishing campaign that’s impersonating DHL with phony shipping notifications. The emails inform the recipients that they need to update their delivery address in order to receive a package.

“In this attack, scammers are using brand impersonation,” the researchers write. “By showing a page that looks like it comes from a trusted brand, they’re hoping to trick end-users into clicking on a link. That link, however, is a classic credential harvesting link, looking to steal data and other information.

The email starts with noting that there is an ‘undelivered’ package from DHL. By going online, you can submit your address, as well as other information, to get the delivery on time and at the right place. However, that won’t happen.“

The researchers note that impersonating DHL allows the attackers to target people all around the world, particularly during the holiday season.

“What’s particularly clever is the spoof of DHL,” Avanan says. “Not only is DHL the third-most impersonated brand, according to Check Point Research, but it also delivers packages from around the globe. With folks broadening their purchasing horizons this holiday season, a DHL package is more likely, making the spoof more believable.

The hackers are utilizing the classic social engineering tactic of urgency to get end-users to click. The thinking, they hope, is that end-users will be in a panic seeing that their package won’t get to their door on time, and will enter their info without thinking.”

Avanan offers the following advice to help users recognize these attacks:

If clicking on the harvesting link, inspect the URL
Pay close attention to mistakes in the email. “DHL Office” is not a real place—the closet think would be DHL Express ServicePoint
Pay extra attention to emails from brands, especially around the holidays. Check Point Research has found that two of the top five most impersonated brands ship goods (DHL, Amazon)
Ensure that the package that has been ordered is actually shipping with DHL. The tracking number provided with the original order will show if the package is delivered with DHL and the true delivery status
Utilize an email security solution that relies on multiple factors to determine an email is phishing”

It’s a seasonal trend, but a perennial threat. Step your users through security awareness training so they won't fall for attacks like this.

Avanan has the story:
https://www.avanan.com/blog/missed-delivery-new-phish-spoofs-dhl

What KnowBe4 Customers Say

"Hi Stu, It's nice to meet the man behind the newsletter, thank you for reaching out! I initially met our Account Manager BlakeA, over two years ago when I reached out and tried to bring KnowBe4 in house but the timing just wasn't right due to various internal factors.

Blake, thankfully, kept us on his radar and eventually his polite and professional persistence paid off when things re-aligned for us unexpectedly a few months ago, and here we are. We then worked with our Customer Success Manager, ZacharyA, who was very helpful and attentive during our initial baseline phishing test and subsequent on-boarding.

The process thus far has been very eye-opening; not only by providing insights into where our users need some extra guidance, but also where we in IT need to modernize our deployment strategies to better inform our users of what's coming and minimizing disruption/confusion.

Sorry for the monologue, but I'm just excited to have gone from doing very little in this space to suddenly having such a rich and multi-faceted tool with a great support team and vast content library behind it...should be an interesting ride, to say the least."
-B.E., Manager, Information Technology & Security

The 10 Interesting News Items This Week