[Heads Up] A New Phishing Attack Warns About A Suspicious Russian Login
Email not displaying? | View Knowbe4 Blog
CyberheistNews Vol 12 #10 | Mar. 8th., 2022
[Heads Up] A New Phishing Attack Warns About a Suspicious Russian Login 
The human cost of war is horrific. All Knowsters are shocked and saddened by the all-out Russia-Ukraine land war. However, we are also inspired by the Ukrainian people for their bravery, resistance and resilience. As we all know, the price of freedom is eternal vigilance combined with the willingness to fight back.
I have spoken about Putin here many times, and I'm encouraged to see a robust global coordination to tackle this outrage. Planet Earth is an "anarchy of nations" – conflicting ideologies battle each other, and geopolitical risk can quickly become a high-priority security threat.
And then there are the low-lifes that exploit tragedies like this.
Researchers at Malwarebytes warn that a phishing campaign is informing users that someone logged into their account from an IP address in Moscow. The email contains a button to report the issue, which “opens a fresh email with a pre-filled message to be sent to a specific email account.” If a user sends this email, the attacker will reply and attempt to rope them further into the scam.
The researchers note that while the timing may be coincidental, users will probably be more inclined to respond to the emails given the current situation with Russia and Ukraine.
“We have to be very clear here that anybody could have put this mail together, and may well not have anything to do with Russia directly,” the researchers write. “This is the kind of thing anyone anywhere can piece together in ten minutes flat, and mails of this nature have been bouncing around for years. But, given current world events, seeing ‘unusual sign-in activity from Russia’ is going to make most people do a double, and it’s perfect spam bait material for that very reason.”
Malwarebytes explains that this is a common but effective technique used in phishing attacks.
“Trying to panic people into hitting a button or click a link is an ancient social engineering tactic, but it sticks around because it works,” they write. “We’ve likely all received a ‘bank details invalid,’ or ‘mysterious payment rejected’ message at one point or another."
"Depending on personal circumstance and/or what’s happening in the world at any given moment, one person’s ‘big deal’ is another one’s ‘oh no, my stuff,’” the researchers write. “That’s all it may take for some folks to lose their login, and this mail is perhaps more salient than most for the time being.”
Note how topical scams can be. Criminals and spymasters watch the news and cut their phishbait to fit current events. New-school security awareness training enables your employees a healthy sense of skepticism so they can avoid falling for social engineering attacks.
Blog post with links:
https://blog.knowbe4.com/phishing-emails-warn-of-a-suspicious-login-from-russia
The human cost of war is horrific. All Knowsters are shocked and saddened by the all-out Russia-Ukraine land war. However, we are also inspired by the Ukrainian people for their bravery, resistance and resilience. As we all know, the price of freedom is eternal vigilance combined with the willingness to fight back.
I have spoken about Putin here many times, and I'm encouraged to see a robust global coordination to tackle this outrage. Planet Earth is an "anarchy of nations" – conflicting ideologies battle each other, and geopolitical risk can quickly become a high-priority security threat.
And then there are the low-lifes that exploit tragedies like this.
Researchers at Malwarebytes warn that a phishing campaign is informing users that someone logged into their account from an IP address in Moscow. The email contains a button to report the issue, which “opens a fresh email with a pre-filled message to be sent to a specific email account.” If a user sends this email, the attacker will reply and attempt to rope them further into the scam.
The researchers note that while the timing may be coincidental, users will probably be more inclined to respond to the emails given the current situation with Russia and Ukraine.
“We have to be very clear here that anybody could have put this mail together, and may well not have anything to do with Russia directly,” the researchers write. “This is the kind of thing anyone anywhere can piece together in ten minutes flat, and mails of this nature have been bouncing around for years. But, given current world events, seeing ‘unusual sign-in activity from Russia’ is going to make most people do a double, and it’s perfect spam bait material for that very reason.”
Malwarebytes explains that this is a common but effective technique used in phishing attacks.
“Trying to panic people into hitting a button or click a link is an ancient social engineering tactic, but it sticks around because it works,” they write. “We’ve likely all received a ‘bank details invalid,’ or ‘mysterious payment rejected’ message at one point or another."
"Depending on personal circumstance and/or what’s happening in the world at any given moment, one person’s ‘big deal’ is another one’s ‘oh no, my stuff,’” the researchers write. “That’s all it may take for some folks to lose their login, and this mail is perhaps more salient than most for the time being.”
Note how topical scams can be. Criminals and spymasters watch the news and cut their phishbait to fit current events. New-school security awareness training enables your employees a healthy sense of skepticism so they can avoid falling for social engineering attacks.
Blog post with links:
https://blog.knowbe4.com/phishing-emails-warn-of-a-suspicious-login-from-russia
[Live Demo] Ridiculously Easy Security Awareness Training and Phishing
Old-school awareness training does not hack it anymore. Your email filters have an average 7-10% failure rate; you need a strong human firewall as your last line of defense.
Join us TOMORROW, Wednesday, March 9 @ 2:00 PM (ET), for a live demo of how KnowBe4 introduces a new-school approach to security awareness training and simulated phishing.
Get a look TWO NEW FEATURES and see how easy it is to train and phish your users.
Find out how 40,000+ organizations have mobilized their end-users as their human firewall.
Date/Time: TOMORROW, Wednesday, March 9 @ 2:00 PM (ET)
Save My Spot!
https://event.on24.com/wcc/r/3595260/AB844B61AF2ACF64E2BAF26C17366F79?partnerref=CHN2
Old-school awareness training does not hack it anymore. Your email filters have an average 7-10% failure rate; you need a strong human firewall as your last line of defense.
Join us TOMORROW, Wednesday, March 9 @ 2:00 PM (ET), for a live demo of how KnowBe4 introduces a new-school approach to security awareness training and simulated phishing.
Get a look TWO NEW FEATURES and see how easy it is to train and phish your users.
- NEW! Security Culture Benchmarking feature let's you compare your organization’s security culture with your peers
- NEW! AI-Driven training recommendations for your end users in their own UI
- Brandable Content feature gives you the option to add branded custom content to select training modules
- Did You Know? You can upload your own SCORM training modules into your account for home workers
- Active Directory Integration to easily upload user data, eliminating the need to manually manage user changes
Find out how 40,000+ organizations have mobilized their end-users as their human firewall.
Date/Time: TOMORROW, Wednesday, March 9 @ 2:00 PM (ET)
Save My Spot!
https://event.on24.com/wcc/r/3595260/AB844B61AF2ACF64E2BAF26C17366F79?partnerref=CHN2
Russia Could 'Absolutely' Lash Out at US Through Cyber, Lawmaker Warns
NextGov reports: Chairman Sen. Mark Warner, D-Va, gives an opening statement as FireEye CEO Kevin Mandia, SolarWinds CEO Sudhakar Ramakrishna and Microsoft President Brad Smith testify at a Senate Intelligence Committee hearing on Capitol Hill on February 23, 2021.
"Russia is expected to increase its cyber attacks as it continues a military assault on Ukraine, and one lawmaker warns that the U.S. should be prepared for future high level digital attacks."
Speaking live to The Washington Post on Monday, Senator Mark Warner, D-Va. spoke about Russia’s cyber attacks on Ukraine’s networks and the spread of disinformation as part of the country’s offensive strategy.
“Do I expect Russia to up its game on cyber? Absolutely,” Warner said. “I do think we need to be prepared for high level––his A-Team––attacks against the West whether they start with nations in NATO [North Atlantic Treaty Organization] that have weaker cyber controls or whether they go straight against the United States, Britain, France, Germany.”
Warner hypothesized that Russian President Vladimir Putin did not prioritize launching cyberattacks against Ukraine’s infrastructure, and that the U.S. and other NATO allies should brace for major cyber hacks.
“When a top tier nation uses their top talent to attack in the cyber domain, chances are we will not be 100% effective at keeping the adversary out,” he said. Warner praised Cybersecurity and Infrastructure Security Agency Director Jen Easterly for strengthening protocols and being alert against cyberattacks and ransomware."
“I think we will probably see that in the coming days and weeks as Putin tries to lash out against these crippling level of sanctions we put on him,” Warner added.
CONTINUED:
https://blog.knowbe4.com/russia-could-absolutely-lash-out-at-us-through-cyber-lawmaker-warns
NextGov reports: Chairman Sen. Mark Warner, D-Va, gives an opening statement as FireEye CEO Kevin Mandia, SolarWinds CEO Sudhakar Ramakrishna and Microsoft President Brad Smith testify at a Senate Intelligence Committee hearing on Capitol Hill on February 23, 2021.
"Russia is expected to increase its cyber attacks as it continues a military assault on Ukraine, and one lawmaker warns that the U.S. should be prepared for future high level digital attacks."
Speaking live to The Washington Post on Monday, Senator Mark Warner, D-Va. spoke about Russia’s cyber attacks on Ukraine’s networks and the spread of disinformation as part of the country’s offensive strategy.
“Do I expect Russia to up its game on cyber? Absolutely,” Warner said. “I do think we need to be prepared for high level––his A-Team––attacks against the West whether they start with nations in NATO [North Atlantic Treaty Organization] that have weaker cyber controls or whether they go straight against the United States, Britain, France, Germany.”
Warner hypothesized that Russian President Vladimir Putin did not prioritize launching cyberattacks against Ukraine’s infrastructure, and that the U.S. and other NATO allies should brace for major cyber hacks.
“When a top tier nation uses their top talent to attack in the cyber domain, chances are we will not be 100% effective at keeping the adversary out,” he said. Warner praised Cybersecurity and Infrastructure Security Agency Director Jen Easterly for strengthening protocols and being alert against cyberattacks and ransomware."
“I think we will probably see that in the coming days and weeks as Putin tries to lash out against these crippling level of sanctions we put on him,” Warner added.
CONTINUED:
https://blog.knowbe4.com/russia-could-absolutely-lash-out-at-us-through-cyber-lawmaker-warns
See How You Can Get Audits Done in Half the Time, Half the Cost and Half the Stress
You told us you have challenging compliance requirements, not enough time to get audits done, and keeping up with risk assessments and third-party vendor risk is a continuous problem.
KCM GRC is a SaaS-based platform that includes Compliance, Risk, Policy and Vendor Risk Management modules. KCM was developed to save you the maximum amount of time getting GRC done.
Join us TOMORROW, Wednesday, March 9 @ 1:00 PM (ET), for a 30-minute live product demonstration of KnowBe4's KCM GRC platform. Plus, get a look at new compliance management features we've added to make managing your compliance projects even easier!
Date/Time: TOMORROW, Wednesday, March 9 @ 1:00 PM (ET)
Save My Spot!
https://event.on24.com/wcc/r/3595214/61CED1FF3E64DEF9BE3F478AE4A71AD2?partnerref=CHN2
You told us you have challenging compliance requirements, not enough time to get audits done, and keeping up with risk assessments and third-party vendor risk is a continuous problem.
KCM GRC is a SaaS-based platform that includes Compliance, Risk, Policy and Vendor Risk Management modules. KCM was developed to save you the maximum amount of time getting GRC done.
Join us TOMORROW, Wednesday, March 9 @ 1:00 PM (ET), for a 30-minute live product demonstration of KnowBe4's KCM GRC platform. Plus, get a look at new compliance management features we've added to make managing your compliance projects even easier!
- NEW! Control guidance feature provides in-platform suggestions to help you create controls to meet your requirements for frameworks such as CMMC, GDPR, HIPAA, NIST, PCI, SSAE 18, and more
- Vet, manage and monitor your third-party vendors' security risk requirements
- Simplify risk management with an intuitive interface and simple workflow based on the well-recognized NIST 800-30
- Quick implementation with pre-built compliance requirements and policy templates for the most widely used regulations
- Dashboards with automated reminders to quickly see what tasks have been completed, not met, and are past due
Date/Time: TOMORROW, Wednesday, March 9 @ 1:00 PM (ET)
Save My Spot!
https://event.on24.com/wcc/r/3595214/61CED1FF3E64DEF9BE3F478AE4A71AD2?partnerref=CHN2
Phishing Attacks Impersonating LinkedIn Are up 232% In the Last Month Alone!
During the period the world has dubbed “the great resignation”, phishing scammers are shifting tactics to take advantage of those looking for a new career or place of employment.
When phishing scammers are coming up with a new campaign idea, they want a brand they can impersonate that has a significant reach to improve their chances of a successful attack. With an estimated 67 million monthly active users, LinkedIn is a pretty great choice. According to new data from security vendor Egress, a significant rise in the number of attacks since February 1, 2022, impersonating LinkedIn are being seen.
The attacks use verbiage very familiar to anyone who uses LinkedIn as the subject lines:
The emails come from an unassociated email address, but do leverage LinkedIn branding, logos, colors, etc. The links in these emails connect victims to lookalike websites intent on harvesting the users credentials that can later either be used to impersonate the victim in future attacks on others.
Even at your organization, there are employees that are thinking about leaving. Seeing an enticing “job match” email could be just the thing to catch the interest of an employee. And while the attack above only harvests credentials, we have seen others that end up infecting business endpoints. Security awareness training is the one viable method to significantly reducing the threat surface when it comes to email-borne attacks.
Blog post with links and screenshot:
https://blog.knowbe4.com/phishing-attacks-impersonating-linkedin-are-up-232-in-the-last-month-alone
During the period the world has dubbed “the great resignation”, phishing scammers are shifting tactics to take advantage of those looking for a new career or place of employment.
When phishing scammers are coming up with a new campaign idea, they want a brand they can impersonate that has a significant reach to improve their chances of a successful attack. With an estimated 67 million monthly active users, LinkedIn is a pretty great choice. According to new data from security vendor Egress, a significant rise in the number of attacks since February 1, 2022, impersonating LinkedIn are being seen.
The attacks use verbiage very familiar to anyone who uses LinkedIn as the subject lines:
- You appeared in 4 searches this week
- You appeared in 9 searches this week
- You have 1 new message
- Your profile matches this job
The emails come from an unassociated email address, but do leverage LinkedIn branding, logos, colors, etc. The links in these emails connect victims to lookalike websites intent on harvesting the users credentials that can later either be used to impersonate the victim in future attacks on others.
Even at your organization, there are employees that are thinking about leaving. Seeing an enticing “job match” email could be just the thing to catch the interest of an employee. And while the attack above only harvests credentials, we have seen others that end up infecting business endpoints. Security awareness training is the one viable method to significantly reducing the threat surface when it comes to email-borne attacks.
Blog post with links and screenshot:
https://blog.knowbe4.com/phishing-attacks-impersonating-linkedin-are-up-232-in-the-last-month-alone
Cybercrime-as-a-Service: Its Evolution and What You Can Do To Fight Back
The cybercrime market has skyrocketed in a frightening way. With threats such as ransomware to Business Email Compromise (BEC), the stakes are higher than ever for organizations across all industries.
However, just like in traditional business, cybercriminals can have trouble scaling. Enter cybercrime-as-a-service; when cybercriminals borrow from the legitimate business world to develop quickly-scalable strategies to put organizations like yours at risk like never before.
Join Erich Kron, Security Awareness Advocate at KnowBe4, as he explores today’s top attack vectors and the current threat landscape. He’ll explain how they are evolving, and what your organization can do to stay one step ahead.
In this session you will learn:
Get the details you need to know now to become a better cybersecurity defender and earn CPE credit for attending!
Date/Time: Wednesday, March 16 @ 2:00 PM (ET)
Save My Spot!
https://event.on24.com/wcc/r/3693287/351EDAF9DFA0D0A70177AB81B5E44C88?partnerref=CHN
The cybercrime market has skyrocketed in a frightening way. With threats such as ransomware to Business Email Compromise (BEC), the stakes are higher than ever for organizations across all industries.
However, just like in traditional business, cybercriminals can have trouble scaling. Enter cybercrime-as-a-service; when cybercriminals borrow from the legitimate business world to develop quickly-scalable strategies to put organizations like yours at risk like never before.
Join Erich Kron, Security Awareness Advocate at KnowBe4, as he explores today’s top attack vectors and the current threat landscape. He’ll explain how they are evolving, and what your organization can do to stay one step ahead.
In this session you will learn:
- What “as-a-service” means for cybercrime and cyber defense
- What PhaaS and RaaS are and how they relate to typical cybercrime
- Why your cyber defense strategy should change
- Why a strong human firewall is your best last line of defense
Get the details you need to know now to become a better cybersecurity defender and earn CPE credit for attending!
Date/Time: Wednesday, March 16 @ 2:00 PM (ET)
Save My Spot!
https://event.on24.com/wcc/r/3693287/351EDAF9DFA0D0A70177AB81B5E44C88?partnerref=CHN
[World Premiere] KnowBe4’s New Season 4 of Netflix-Style Security Awareness Video Series - ‘The Inside Man’
We’re thrilled to announce the long-awaited fourth season of the award-winning KnowBe4 Original Series - ‘The Inside Man.’ This network-quality video training series entertains and educates with episodes that tie security awareness principles to key cybersecurity best practices.
From social engineering, insider threats and physical security, to phishing, ransomware attacks and deepfakes, ‘The Inside Man’ teaches your users real-world application that makes learning how to make smarter security decisions fun and engaging.
When We Last Left Our Heroes…How will Mark Shepherd and his crew deal with the shadow of his past that returned in the Season 3 finale? Join Mark, now running “Good Shepherd Cybersecurity” alongside best buddy AJ, loyal colleague Fiona and fellow ex-felon Maurice, as they’re brought in to handle a devastating ransomware attack by a mysterious hacker group, “The 404.” The attack brought an international energy company to its knees; will Mark and his team have the skills to clean up the mess?
Simultaneously a global influencer falls prey to a deepfake. Season 4 sees Mark and the crew tackling twin threats. He looks like a hero, but in ‘The Inside Man,’ nothing is ever that straightforward.
Read the blog post to learn more about Season 4 of ‘The Inside Man’ and watch the trailer:
https://blog.knowbe4.com/world-premiere-knowbe4s-new-season-4-of-netflix-style-security-awareness-video-series-the-inside-man
Let's stay safe out there.We’re thrilled to announce the long-awaited fourth season of the award-winning KnowBe4 Original Series - ‘The Inside Man.’ This network-quality video training series entertains and educates with episodes that tie security awareness principles to key cybersecurity best practices.
From social engineering, insider threats and physical security, to phishing, ransomware attacks and deepfakes, ‘The Inside Man’ teaches your users real-world application that makes learning how to make smarter security decisions fun and engaging.
When We Last Left Our Heroes…How will Mark Shepherd and his crew deal with the shadow of his past that returned in the Season 3 finale? Join Mark, now running “Good Shepherd Cybersecurity” alongside best buddy AJ, loyal colleague Fiona and fellow ex-felon Maurice, as they’re brought in to handle a devastating ransomware attack by a mysterious hacker group, “The 404.” The attack brought an international energy company to its knees; will Mark and his team have the skills to clean up the mess?
Simultaneously a global influencer falls prey to a deepfake. Season 4 sees Mark and the crew tackling twin threats. He looks like a hero, but in ‘The Inside Man,’ nothing is ever that straightforward.
Read the blog post to learn more about Season 4 of ‘The Inside Man’ and watch the trailer:
https://blog.knowbe4.com/world-premiere-knowbe4s-new-season-4-of-netflix-style-security-awareness-video-series-the-inside-man
Warm Regards,
Stu Sjouwerman, SACP
Founder and CEO
KnowBe4, Inc.
PS: Your KnowBe4 Fresh Content Updates from February 2022 with a NEW Resource: Security Culture Maturity Model:
https://blog.knowbe4.com/your-knowbe4-fresh-content-updates-from-february-2022
PPS: This 8th Layer Podcast is worth it and fun. The title this time is "Security is Alive":
https://thecyberwire.com/podcasts/8th-layer-insights/16/transcript
Quotes of the Week
"Out of 6 billion humans, the troublemakers are just a handful."
- Dalai Lama (born 1935)
"Love all, trust a few, do wrong to none."
- William Shakespeare (1564 - 1616)
- Dalai Lama (born 1935)
"Love all, trust a few, do wrong to none."
- William Shakespeare (1564 - 1616)
Thanks for reading CyberheistNews
You can read CyberheistNews online at our Blog
https://blog.knowbe4.com/cyberheistnews-vol-12-10-heads-up-a-new-phishing-attack-warns-about-a-suspicious-russian-login
Security News
Wartime Suffering as Phishbait
It’s easy to forget, when a hybrid war like the one currently raging in Ukraine is occupying so much attention, that ordinary criminal lowlifes continue to seek victims, and the war only gives them another pretext to dangle in front of the unwary.
That’s happening right now. Avast warns that criminals have begun, in their sorry but entirely foreseeable way, to exploit people's sympathies for those suffering in Ukraine. "As cybercriminals seek to take advantage of the chaos," the company writes in its blog, "we have tracked in the last 48 hours a number of scammers who are tricking people out of money by pretending they are Ukrainians in desperate need of financial help."
"In the past, we have seen similar scams for people stuck while traveling or looking for love. Unfortunately, these attackers do not operate ethically and will use any opportunity to get money out of people willing to help others in need. What’s suspicious is the immediate mention of Bitcoin, as well as the usernames that consist only of letters and numbers."
Other criminals (and here Avast credits their colleagues at ESET) are hawking “UkraineTokens,” whatever those might be. In that scam the crooks are combining sympathy with fashion. It’s easy to imagine the marks thinking, well, we’d like to help, and didn’t we see ads for tokens or something on T.V.?
Maybe that’s how things are done nowadays. The UkraineToken scam is fairly easy to see through, since it’s marked with the poor grammar and loose idiomatic control that usually distinguishes fraudulent pitches.
This kind of social engineering hasn’t been confined to any one channel, Avast points out. “There have also been reports of similar scams spreading on TikTok and other social media sites. In general, we strongly advise not to send any money to unknown people directly, especially in any form of cryptocurrency, as it is virtually impossible to deduce if it is a person in need or a scammer.”
If you're moved to help, Avast advises doing so through well-known, credible, trusted organizations, and doing so through those organization's official websites, not through links shared in social media.
It’s sad that criminals would seek to take advantage of people’s best impulses during a time of crisis, but such is the criminal world. New-school security awareness training can enable your employees to thwart both sophisticated and rudimentary phishing attacks.
Blog post with links:
https://blog.knowbe4.com/wartime-suffering-as-phishbait
It’s easy to forget, when a hybrid war like the one currently raging in Ukraine is occupying so much attention, that ordinary criminal lowlifes continue to seek victims, and the war only gives them another pretext to dangle in front of the unwary.
That’s happening right now. Avast warns that criminals have begun, in their sorry but entirely foreseeable way, to exploit people's sympathies for those suffering in Ukraine. "As cybercriminals seek to take advantage of the chaos," the company writes in its blog, "we have tracked in the last 48 hours a number of scammers who are tricking people out of money by pretending they are Ukrainians in desperate need of financial help."
"In the past, we have seen similar scams for people stuck while traveling or looking for love. Unfortunately, these attackers do not operate ethically and will use any opportunity to get money out of people willing to help others in need. What’s suspicious is the immediate mention of Bitcoin, as well as the usernames that consist only of letters and numbers."
Other criminals (and here Avast credits their colleagues at ESET) are hawking “UkraineTokens,” whatever those might be. In that scam the crooks are combining sympathy with fashion. It’s easy to imagine the marks thinking, well, we’d like to help, and didn’t we see ads for tokens or something on T.V.?
Maybe that’s how things are done nowadays. The UkraineToken scam is fairly easy to see through, since it’s marked with the poor grammar and loose idiomatic control that usually distinguishes fraudulent pitches.
This kind of social engineering hasn’t been confined to any one channel, Avast points out. “There have also been reports of similar scams spreading on TikTok and other social media sites. In general, we strongly advise not to send any money to unknown people directly, especially in any form of cryptocurrency, as it is virtually impossible to deduce if it is a person in need or a scammer.”
If you're moved to help, Avast advises doing so through well-known, credible, trusted organizations, and doing so through those organization's official websites, not through links shared in social media.
It’s sad that criminals would seek to take advantage of people’s best impulses during a time of crisis, but such is the criminal world. New-school security awareness training can enable your employees to thwart both sophisticated and rudimentary phishing attacks.
Blog post with links:
https://blog.knowbe4.com/wartime-suffering-as-phishbait
Scammers Will Take Advantage of New IRS Rules
New IRS requirements will soon be used as phishbait, according to Gene Marks, owner of Marks Group PC and a columnist for the Guardian.
“Beginning for the 2022 tax year, if you receive more than $600 in total payments during the course of the year from a payment service like PayPal, Venmo (which is owned by PayPal), Square, Stripe or online sales of your products made through Amazon, Etsy and other marketplaces – regardless of how many customers are paying – that payment service is required to report that amount to the IRS and to you by sending a Form 1099-K – used for reporting payments via these third parties – in early 2023,” Marks explains.
Scammers frequently pose as the IRS, and the new rules give them new material to use in phishing attacks.
“Starting mid-year, I predict, millions of individuals and small businesses will be receiving requests from payment services they used asking to provide or update their personal information – including their social security and tax identification numbers – so that those services can comply with the new 1099 rules,” Marks says.
“They’ll come by email mostly, although some will be by text. Unfortunately, a scammer can also send a fake text or email – or millions of fake texts and emails – to small businesses that look genuine but surreptitiously divert you to a fake website that not only collects your most personal data but also can download malware into your network to be used for future attacks and mischief.”
Marks says that people should be on the lookout for phishing attacks that pose as payment providers asking for financial information.
“Take a few minutes to visit every one of your payment service providers’ websites and update your 1099 information,” Marks says. “Train your financial employees that may be receiving email requests to know what to look for."
"If you’re not sure of a sender, then ignore the email. Report any suspicious requests directly to the payment service provider. If you are submitting information, make sure you’re doing it directly on the payment provider’s website and avoid clicking on any links in an email. Otherwise you’ll be opening yourself up to serious problems. By mid-year I predict you’ll be hearing a lot more about this scam. Start paying attention now.”
As laws and regulations change, their very unfamiliarity can open up new, initially plausible lines of social engineering.
The Guardian has the story:
https://www.theguardian.com/money/2022/feb/27/beware-phising-fraud-new-irs-rules-online-payment-service-receipts
New IRS requirements will soon be used as phishbait, according to Gene Marks, owner of Marks Group PC and a columnist for the Guardian.
“Beginning for the 2022 tax year, if you receive more than $600 in total payments during the course of the year from a payment service like PayPal, Venmo (which is owned by PayPal), Square, Stripe or online sales of your products made through Amazon, Etsy and other marketplaces – regardless of how many customers are paying – that payment service is required to report that amount to the IRS and to you by sending a Form 1099-K – used for reporting payments via these third parties – in early 2023,” Marks explains.
Scammers frequently pose as the IRS, and the new rules give them new material to use in phishing attacks.
“Starting mid-year, I predict, millions of individuals and small businesses will be receiving requests from payment services they used asking to provide or update their personal information – including their social security and tax identification numbers – so that those services can comply with the new 1099 rules,” Marks says.
“They’ll come by email mostly, although some will be by text. Unfortunately, a scammer can also send a fake text or email – or millions of fake texts and emails – to small businesses that look genuine but surreptitiously divert you to a fake website that not only collects your most personal data but also can download malware into your network to be used for future attacks and mischief.”
Marks says that people should be on the lookout for phishing attacks that pose as payment providers asking for financial information.
“Take a few minutes to visit every one of your payment service providers’ websites and update your 1099 information,” Marks says. “Train your financial employees that may be receiving email requests to know what to look for."
"If you’re not sure of a sender, then ignore the email. Report any suspicious requests directly to the payment service provider. If you are submitting information, make sure you’re doing it directly on the payment provider’s website and avoid clicking on any links in an email. Otherwise you’ll be opening yourself up to serious problems. By mid-year I predict you’ll be hearing a lot more about this scam. Start paying attention now.”
As laws and regulations change, their very unfamiliarity can open up new, initially plausible lines of social engineering.
The Guardian has the story:
https://www.theguardian.com/money/2022/feb/27/beware-phising-fraud-new-irs-rules-online-payment-service-receipts
What Are Registration-bombing Attacks?
BlackCloak describes registration-bombing attacks that are serving as misdirection for financial fraud. Victims receive a very large number, often measuring in the hundreds, of emails confirming their registrations to sites they may never have even visited, still less signed up for.
The intent is to push emails that might alert the victims to financial fraud (usually purchases with stolen credit cards) to the bottom of the in-box, where the criminals hope they'll be overlooked in the clutter.
BlackCloak has the story:
https://blackcloak.io/new-registration-bomb-email-attack-distracts-victims-of-financial-fraud/
BlackCloak describes registration-bombing attacks that are serving as misdirection for financial fraud. Victims receive a very large number, often measuring in the hundreds, of emails confirming their registrations to sites they may never have even visited, still less signed up for.
The intent is to push emails that might alert the victims to financial fraud (usually purchases with stolen credit cards) to the bottom of the in-box, where the criminals hope they'll be overlooked in the clutter.
BlackCloak has the story:
https://blackcloak.io/new-registration-bomb-email-attack-distracts-victims-of-financial-fraud/
What KnowBe4 Customers Say
"Yes, we are "happy campers". We previously used a different package so I was reasonably familiar with the phishing process but this product is much more robust in regards to templates, training and reporting."
"Our rep Hope is AMAZING. She's the icing on the cake to your product. Patient, knowledgeable, thorough and quick to respond. We have "buy-in" from "the powers that be" so it makes my job easier. I do have to monitor and keep everyone on track to complete assignments but it's been smooth sailing since we've set it up."
- N.J., IT
"Hey there - thanks for reaching out. Yes, we are very happy with KnowBe4! We started with a training campaign and it simplified so much for us and we got overwhelming positive feedback from our staff. PhishER is a wonderful tool."
"We are just now setting up the Phishing campaign and I am very excited to roll it out. Ashley our rep has been wonderful, and I tell her this all the time, but now I am glad to have the opportunity to tell you as well."
- G.J., VP Compliance
"Yes, we are "happy campers". We previously used a different package so I was reasonably familiar with the phishing process but this product is much more robust in regards to templates, training and reporting."
"Our rep Hope is AMAZING. She's the icing on the cake to your product. Patient, knowledgeable, thorough and quick to respond. We have "buy-in" from "the powers that be" so it makes my job easier. I do have to monitor and keep everyone on track to complete assignments but it's been smooth sailing since we've set it up."
- N.J., IT
"Hey there - thanks for reaching out. Yes, we are very happy with KnowBe4! We started with a training campaign and it simplified so much for us and we got overwhelming positive feedback from our staff. PhishER is a wonderful tool."
"We are just now setting up the Phishing campaign and I am very excited to roll it out. Ashley our rep has been wonderful, and I tell her this all the time, but now I am glad to have the opportunity to tell you as well."
- G.J., VP Compliance
The 10 Interesting News Items This Week
- CISA, FBI warn US orgs of WhisperGate and HermeticWiper malware:
https://www.cisa.gov/uscert/ncas/alerts/aa22-057a - 7 Steps to Take Right Now to Prepare for Cyberattacks by Russia:
https://www.darkreading.com/threat-intelligence/7-steps-to-take-right-now-to-prepare-for-cyberattacks-by-russia - Microsoft's take on Ukraine and disinformation:
https://blogs.microsoft.com/on-the-issues/2022/02/28/ukraine-russia-digital-war-cyberattacks - KnowBe4 Research: Half of Employees Use Unauthorized File Services to Complete Work:
https://www.darkreading.com/vulnerabilities-threats/knowbe4-research-half-of-employees-use-unauthorized-file-services-to-complete-work - Senate approves cyber incident reporting bill amid worries about Russian threats:
https://therecord.media/senate-approves-cyber-incident-reporting-bill-amid-worries-about-russian-threats/ - Conti Ransomware Group Diaries, Part I: Evasion. They have 100 salaried employees!:
https://krebsonsecurity.com/2022/03/conti-ransomware-group-diaries-part-i-evasion/ - Hybrid wars increase the need for cyber defenses:
https://www.investorschronicle.co.uk/news/2022/02/28/hybrid-wars-increase-the-need-for-cyber-defences/ - New SANS Research Reveals Cyber Attackers are Actively Targeting OT/ICS Environments:
https://www.businesswire.com/news/home/20220301005150/en/New-SANS-Research-Reveals-Cyber-Attackers-are-Actively-Targeting-OTICS-Environments-Critical-Systems-are-at-High-Risk-and-Demand-Priority-from-IT-Security - 7 Pressing Cybersecurity Questions Boards Need to Ask:
https://hbr.org/2022/03/7-pressing-cybersecurity-questions-boards-need-to-ask - Recorded Future: Russia may retaliate with cyber attacks:
https://www.techtarget.com/searchsecurity/news/252513984/Recorded-Future-Russia-may-retaliate-with-cyber-attacks
Cyberheist 'Fave' Links
This Week's Links We Like, Tips, Hints and Fun Stuff
- Your Virtual Vaca To the Top 10 Places In The Mediterranean - 4K Travel Guide:
https://www.youtube.com/watch?v=cdVVWueGBio
- The Fight to Fix the Tilting San Francisco Millennium Tower:
https://www.youtube.com/watch?v=q56dRLI0X7Y&t=99s
- High altitude acrobatic skydiving FULL RUN - Red Bull Skycombo:
https://www.youtube.com/watch?v=rbFvzRsDBN4
- The New Formula 1 2022 Car In 22 Seconds!:
https://www.youtube.com/watch?v=eQHqy7e4dPQ
- The Polestar O2 Is the BEST CONCEPT Car We've Seen All Year!:
https://www.youtube.com/watch?v=Ji_XJMZUDuE
- US Gov’t Says You MUST Use This CompX Mailbox lock. But the lockpicking lawyer cracks it in no time:
https://www.youtube.com/watch?v=KUau7vVa5pQ
- Will Magician John Fitzsimmons FOOL Penn & Teller on Fool Us?:
https://www.flixxy.com/john-fitzsimmons-amazing-magic.htm
- Behind The Scenes of "Flying A Plane Through Tunnels". Great for a break, 10 min:
https://www.youtube.com/watch?v=0eYf3od70sg&t=7s
- Fantastic Beasts: The Secrets of Dumbledore – Official Trailer:
https://www.youtube.com/watch?v=DaM_wL1ZOM4
- For Da Kids #1 - Raccoon Still Visits Her Favorite Human Years After She Was Released In The Wild:
https://www.youtube.com/watch?v=ffV5CCvUcZg&feature=youtu.be
- For Da Kids #2 - Watch Underwater As This Huge Sea Turtle Swims Back Home:
https://www.youtube.com/watch?v=h71HLXOU7rA
- For Da Kids #3 - Cat Hides From Her Foster Mom For A Year — Then She Does This:
https://www.youtube.com/watch?v=AiuTto83pCU
- For Da Kids #4 - You may have seen many birds. But none were probably like Mischief:
https://www.youtube.com/watch?v=grY0bLebR5c
