CyberheistNews Vol 12 #26 [Heads Up] The FBI Warns That LinkedIn Fraudsters Are Now a Significant Threat

Cyberheist News

CyberheistNews Vol 12 #26  |   June 28th, 2022

[Heads Up] The FBI Warns That LinkedIn Fraudsters Are Now a Significant ThreatStu Sjouwerman SACP

The U.S. FBI has warned that scammers on LinkedIn are a "significant threat," CNBC reports. Sean Ragan, the FBI's special agent in charge of the San Fran and Sacramento field offices, told CNBC in an interview that cryptocurrency scams have been particularly widespread recently.

"This type of fraudulent activity is significant, and there are many potential victims, and there are many past and current victims," Ragan said. "So the criminals, that's how they make money, that's what they focus their time and attention on," Ragan said.

"And they are always thinking about different ways to victimize people, victimize companies. And they spend their time doing their homework, defining their goals and their strategies, and their tools and tactics that they use."

LinkedIn stated in a blog post last week, "While our defenses catch the vast majority of abusive activity, our members can also help keep LinkedIn safe, trusted, and professional. If you do encounter any content on our platform you believe could be a scam, be sure to report it so that our team can take action quickly.

"This includes anyone who asks you for any personal information, including your LinkedIn account credentials, financial account information, or other sensitive personal data. We also encourage you to only connect with people you know and trust. If you'd like to keep up with someone you don't know but that publishes content that is relevant to you, we encourage you to follow them instead."

LinkedIn offered the following recommendations in a blog post:

  • "People asking you for money who you don't know in person. This can include people asking you to send them money, cryptocurrency, or gift cards to receive a loan, prize, or other winnings.
  • "Job postings that sound too good to be true or that ask you to pay anything upfront. These opportunities can include mystery shopper, company impersonator, or personal assistant posts.
  • "Romantic messages or gestures, which are not appropriate on our platform - can be indicators of a potential fraud attempt. This can include people using fake accounts in order to develop a personal relationship with the intent of encouraging financial requests."

New-school security awareness training teaches your employees to follow your security best practices so they can avoid falling for social engineering attacks.

Blog post with links:

[Live Demo] Ridiculously Easy Security Awareness Training and Phishing

Old-school awareness training does not hack it anymore. Your email filters have an average 7-10% failure rate; you need a strong human firewall as your last line of defense.

Join us Wednesday, July 13 @ 2:00 PM (ET), for a live demonstration of how KnowBe4 introduces a new-school approach to security awareness training and simulated phishing.

Get a look at THREE NEW FEATURES and see how easy it is to train and phish your users.

  • NEW! Support for QR-Code Phishing Tests
  • NEW! Security Culture Benchmarking feature lets you compare your organization's security culture with your peers
  • NEW! AI-Driven training recommendations for your end users
  • Did You Know? You can upload your own SCORM training modules into your account for home workers
  • Active Directory or SCIM Integration to easily upload user data, eliminating the need to manually manage user changes

Find out how 50,000+ organizations have mobilized their end-users as their human firewall.

Date/Time: Wednesday, July 13 @ 2:00 PM (ET)

Save My Spot!

Amazon Prime Day 2022 Is Coming: Here Are Quick Cybersecurity Tips to Help You Stay Safe

By Erich Kron.

Amazon Prime Days this year are July 12 - 13th 2022. As a result, cyber criminals are taking every step to capitalize on the holiday with new phishing attacks. I have been getting asked about common types of Amazon-related scams and wanted to share what to look out for.

1. What are some of the most common/popular Amazon-related scams (Amazon impersonators, other criminal actors or scams)?

Phishing emails using the Amazon brand to add legitimacy top the list, but scams involving text messages and even phone calls saying they are from Amazon have been reported. These scams use the fact that just because of the huge numbers of customers that Amazon has, the odds are in the scammers favor that if they send an attack using Amazon as the source, they will get to someone with an account.

Many of these scams are designed to steal the login credentials from users by sending them to a fake login screen that steals the username and password. Once they have access to the account, it is a simple task to make purchases with credit card information saved in the account. From purchasing physical goods that can be delivered the same day to buying virtual gift cards that can be resold or used before the scam is uncovered, the opportunity to steal money or merchandise is huge.

Once credentials are stolen, scammers will often immediately change the password, keeping the legitimate account owner locked out of the account and buying them time to make purchases.

The advanced tracking that many Amazon packages have, where they can show you the location of your delivery on a live map, are also a great way for scammers to quickly intercept the package as it is delivered, even giving them an opportunity to wait outside for the driver to hand them the package.

2. What should users be on the lookout for?

Notices about account problems or delivery problems will always be found within the account when a person logs in to Amazon's website. Rather than following a link in an email, it is safer to log directly into the Amazon website to resolve any issues they may have.

Scams such as these often use scare tactics to get people to rush through a process without thinking clearly. Anytime a person receives an email, phone call or text message that elicits a strong emotional response, they should take a deep breath and treat it suspiciously.

In addition, consumers can help protect their accounts by enabling multi-factor authentication on their accounts, this will require a code that will be sent in a text message or generated in a smart phone app, in addition to the password, to log in to the account. Although not perfect, this can help in the event the scammer guesses your password or steals it.

3. What should a user do if they face one of these Amazon scams?

If it's an email or text message, simply deleting it is the wisest course. If it's a phone call, simply tell them that you will go to the website and look into whatever the issue is. You can also tell them you will call the customer service number from the website directly, and ask for their extension and name. Any legitimate caller from Amazon’s customer service department will understand.

Be aware that the scammers will be pushy, however safety comes from remaining calm and thinking critically. Here is a helpful infographic to help your users remember some common red flags of social engineering scams. Get the full PDF below.

Link to KnowBe4 blog with full Social Engineering Red Flags PDF for your users:

See How You Can Get Audits Done in Half the Time, Half the Cost and Half the Stress

You told us you have challenging compliance requirements, not enough time to get audits done, and keeping up with risk assessments and third-party vendor risk is a continuous problem.

KCM GRC is a SaaS-based platform that includes Compliance, Risk, Policy and Vendor Risk Management modules. KCM was developed to save you the maximum amount of time getting GRC done.

Join us Wednesday, July 13 @ 1:00 PM (ET), for a 30-minute live product demonstration of KnowBe4's KCM GRC platform. Plus, get a look at new compliance management features we've added to make managing your compliance projects even easier!

  • NEW! Control guidance feature provides in-platform suggestions to help you create controls to meet your requirements for frameworks such as CMMC, GDPR, HIPAA, NIST, PCI, SSAE 18, and more
  • Vet, manage and monitor your third-party vendors' security risk requirements
  • Simplify risk management with an intuitive interface and simple workflow based on the well-recognized NIST 800-30
  • Quick implementation with pre-built compliance requirements and policy templates for the most widely used regulation
  • Dashboards with automated reminders to quickly see what tasks have been completed, not met, and past due

Date/Time: Wednesday, July 13 @ 1:00 PM (ET)

Save My Spot!

[ALERT] Russia Has Increased the Cyber Attacks Against Countries That Help Ukraine

The Wall Street Journal just reported that Russian intelligence agencies have increased the pace of cyberattacks against nations that have provided aid to Ukraine, according to new research published Wednesday by Microsoft, which said it had observed Moscow-backed hacking attempts in over 40 countries.

"Much of the malicious cyber activity linked to the Kremlin took aim at governments that are part of the North Atlantic Treaty Organization for espionage, and targets also included nongovernmental organizations, think tanks and humanitarian groups providing support to Ukrainian refugees, as well as information-technology and energy firms, Microsoft said.

"The U.S. saw the most of any country outside Ukraine, accounting for 12% of the global total since the war in Ukraine began, the tech company said."

Here is a link to the full article at the WSJ. This is a good link to attach to a budget request for new-school security awareness training.

NEW Tool: Does Your Current Cybersecurity Plan Align With NIST CSF? Find Out Now!

When it's time to complete a compliance audit of your cybersecurity readiness plan, are you thinking, "Ugh, is it that time again?"

And, if you work with federal agencies or organizations that are part of the U.S. federal supply chain, passing a cybersecurity compliance audit based on the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) is a business requirement.

According to a recent cybersecurity standards usage survey by Statista, almost 48 percent of respondents indicated they use the NIST CSF standard to map their control systems to. Many organizations, public and private sector alike, also adopt this framework to provide evidence of their current cybersecurity state and strengthen their security posture to help measure and manage cybersecurity risk.

If you're trying to wrap your head around the NIST CSF, you likely have a lot of questions. You want answers and need guidance on how to best meet the requirements to get your organization's cybersecurity plan in place - fast.

Assess your organization's current cybersecurity plan now!

KnowBe4's new Compliance Audit Readiness Assessment (CARA) is a free tool that helps you gauge your organization’s readiness in meeting control requirements for the NIST CSF. The assessment guides you through a selection of common requirements from the framework to help you assess your organization's current cybersecurity plan.

CARA asks you to rate your readiness for each requirement and then provides an analysis of your results. It also provides guidance to help you create and implement controls to help get your plan ready for a compliance audit.

Here’s how CARA works:

  • You will receive a custom link to take your assessment
  • Rate your organization's readiness for each requirement as Met, Partially Met or Not Met
  • Get an instant analysis and summary of potential gaps in your cybersecurity preparedness
  • Receive a personalized report with control guidance suggestions to help you meet compliance
  • Results in just a few minutes!

Take your first step toward understanding how your organization's current cybersecurity plan aligns with NIST CSF now!

Start My Assessment:

Cyberattack Suspected of Causing Rocket-Attack False Alarms in Israel

Sirens used to warn Israelis of rocket attacks sounded a false alarm in Israel last weekend. Haaretz reports that "Sirens sounded in Eilat and parts of Jerusalem Sunday night due to a cyberattack on local public address systems, Israel's Home Front Command said on Monday, in what is being investigated as a possible Iranian attack."

Citing "diplomatic sources," the Jerusalem Post emphasizes that the attribution is preliminary, and that the incident remains under investigation. Israel Hayom notes that some of the evidence of cyberattack remains circumstantial: the systems apparently compromised were civilian warning systems, not presumably better protected military ones.

Let's stay safe out there.

Warm Regards,

Stu Sjouwerman, SACP
Founder and CEO
KnowBe4, Inc.

PS: There is a new show called The Undeclared War; the trailers and story look super interesting!:

Quotes of the Week  
"Always try to do something for the other fellow and you will be agreeably surprised how things come your way - how many pleasing things are done for you."
- Claude M. Bristol - (1891 - 1951)

"Anybody who succeeds is helping people. The secret to success is find a need and fill it; find a hurt and heal it; find a problem and solve it."
- Robert H. Schuller - 1926 – 2015)

Thanks for reading CyberheistNews

You can read CyberheistNews online at our Blog

Security News

New PDF-Based Phishing Attack Demonstrates That Office Docs Aren't Passé – They Are Just Obfuscated!

Security researchers have discovered a cunning PDF-based phishing attack that leverages social engineering and PDF prompt specifics to trick users into opening malicious Office docs.

At this point, every organization should already know that any kind of Office doc sent as an attachment from someone you don’t know should automatically be assumed to be malicious in nature. But a new attack, discovered by HP Wolf Security, embeds a Word doc within a PDF and uses some social engineering to trick users into thinking the embedded file is safe.

According to the analysis of the attack, an email with the attachment "REMMITANCE INVOICE [dot] pdf" is sent. Should the file be opened, the victim recipient is immediately asked to open an embedded Word doc, but is prompted with details that make it seem like the file is safe:

Note the filename – it’s "has been verified. However PDF, Jpeg, xlsx, .docx" seems a bit odd – that is until you read the filename in the context of the PDF open warning – it's designed to make it sound to the user that the file has been determined to be safe. (Go back and read the prompt above again and you'll see how sneakily this document name is inserted into the dialog box message).

After a series of steps that take into account whether Protected View is enabled or not, the attack eventually installs Snake Keylogger malware. The point at which this attack should be spotted for what it really is, is at the point when the user receives the email. Are you expecting an invoice? Do you know the person the email is sent from? Does the email address match the company the invoice purports to be from?

All these questions are commonplace for users who have undergone continual security awareness training that teaches users what to look for and how to identify suspicious – if not downright malicious – email content that would cause even the sneaky campaign above to fail before it ever got a chance to start.

Blog post with screenshots and links:

Spear Phishing Campaign Targets the U.S. Military and Security Software Developers

Researchers at Zscaler warn that a spear phishing campaign is targeting the U.S. military and other sectors with phishing emails that purport to be voicemail notifications. The emails contain links to a phishing page designed to harvest Microsoft Office 365 credentials.

"The email theme is focused on a voicemail notification that tells the victim they have a missed voicemail, prompting the user to open the HTML attachment," Zscaler says. "This social engineering technique has worked successfully for the threat actor in previous campaigns. The 'From' field of the email was crafted specifically to align with the targeted organization's name."

The campaign is targeting a variety of sectors, including the U.S. military and security software developers.

"Since the format of the URL gives away critical information about the target, we used that information from our collected telemetry to enumerate the list of targeted organizations and individuals," the researchers write. "Based on analysis of this telemetry, we can conclude with a high confidence level that the targets chosen by the threat actor are organizations in the U.S. military, security software developers, security service providers, healthcare / pharma and supply-chain organizations in manufacturing and shipping.

"It is important to note that if the URL does not contain the base64-encoded email at the end; it instead redirects the user to the Wikipedia page of MS Office or to office[dot]com.

"Voicemail-themed phishing campaigns continue to be a successful social engineering technique for attackers since they are able to lure the victims to open the email attachments," Zscaler says. "This combined with the usage of evasion tactics to bypass automated URL analysis solutions helps the threat actor achieve better success in stealing the users' credentials.

"As an extra precaution, users should not open attachments in emails sent from untrusted or unknown sources. As a best practice, in general, users should verify the URL in the address bar of the browser before entering any credentials."

Zscaler has the story:

What KnowBe4 Customers Say

"I'm a KnowBe4 Channel partner and have been working with several KB4 team members since the end of 2021. With great support from the KB4 team, we won a few new large customers. I wanted to reach out to you and compliment Eric A.

"Eric A. is the CSM for our customers and has been awesome in partnering with me and helping the KB4 customers with their onboarding. While each customer case was different, Eric was consistent across and provided excellent support as a CSM.

"I have found him to be very responsive, proactive and professional throughout. And the customers really like Eric. I really appreciate Eric’s excellent support and wanted you to know that he is doing an awesome job."

- L.J., Senior Solutions Sales Executive

The 10 Interesting News Items This Week
  1. This new Linux malware is 'almost impossible' to detect:

  2. Biden signs a pair of cybersecurity bills into law:

  3. Inside North Korea's global cyber war: The intersection of hacking and organized crime:

  4. Defending Ukraine: Early Lessons from the Cyber War:

  5. This podcast series tells the story of a Russian hacker who won big by committing cybercrime and the U.S. officials who eventually caught him:

  6. Here's What Ransomware Victims Say Hits Hardest—And It's Not the Ransom:

  7. Phishing gang behind millions in losses dismantled by police:

  8. U.S. watchdog is worried cyber insurance won't cover 'catastrophic cyberattacks':

  9. Phishing gang behind several million euros worth of losses busted in Belgium and the Netherlands:

  10. Gartner: "By 2025, 70% of CEOs will mandate a culture of organizational resilience to survive coinciding threats from cybercrime, severe weather events, civil unrest, and political instabilities.":

  11. Resurgence of Voicemail-themed Phishing Attacks Targeting Key Industry Verticals in U.S.:

Cyberheist 'Fave' Links
This Week's Links We Like, Tips, Hints and Fun Stuff

Topics: Cybercrime, KnowBe4

Subscribe to Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews