CyberheistNews Vol 12 #35 [Heads Up] Check This Highly Sophisticated LinkedIn Job Offer Scam



Cyberheist News

CyberheistNews Vol 12 #35  |   August 30th, 2022

[Heads Up] Check This Highly Sophisticated LinkedIn Job Offer ScamStu Sjouwerman SACP

If you've been approached by recruiters on LinkedIn for a potential job opportunity, you may want to pay attention to this recent scam.

In a LinkedIn post, a prospective UI/UX designer attending a university believed she was being interviewed for a position at Splunk, a prestigious software company. She received an email interview invitation and spoke to a 'recruiter' and eventually the 'CIO'.

Then she got the request to link up her credit card so then she could be given "company funds."  It was in fact a scam, and the bad actors were only using her credit card to buy Apple products and other equipment for themselves.

While the victim took immediate action by stopping the shipment, freezing her credit card, and report identity theft to the Federal Trade Commission (FTC), she was still a victim of social engineering. She stated that the threat actors used common language such as, "You're Welcome Splunker!" to sound like these were legitimate employees. She even included a screenshot with a conversation.

This case the victim came out unscathed, but this can happen to anyone in your organization. It is a must to implement new-school security awareness training to ensure your users know how to spot and report social media scams.

Blog post with the gory details, links and screen shots:
https://blog.knowbe4.com/heads-up-highly-sophisticated-job-offer-scam

[Live Demo] Ridiculously Easy Security Awareness Training and Phishing

Old-school awareness training does not hack it anymore. Your email filters have an average 7-10% failure rate; you need a strong human firewall as your last line of defense.

Join us Thursday, September 8 @ 2:00 PM (ET), for a live demonstration of how KnowBe4 introduces a new-school approach to security awareness training and simulated phishing.

Get a look at THREE NEW FEATURES and see how easy it is to train and phish your users.

  • NEW! Support for QR-code phishing tests
  • NEW! Security Culture Benchmarking feature lets you compare your organization's security culture with your peers
  • NEW! AI-Driven phishing and training recommendations for your end users
  • Did You Know? You can upload your own SCORM training modules into your account for home workers
  • Active Directory or SCIM Integration to easily upload user data, eliminating the need to manually manage user changes

Find out how 50,000+ organizations have mobilized their end-users as their human firewall.

Date/Time: Thursday, September 8 @ 2:00 PM (ET)

Save My Spot!
https://event.on24.com/wcc/r/3883250/4C08E3B657DB0BD1CBD6F792794694D1?partnerref=CHN

[BUDGET AMMO] Companies Are Ditching Cybersecurity Insurance as Premiums Rise, Coverage Shrinks

As the CEO of a public InfoSec company, I have a variety of news sources. One of these is called "The Information" which covers in-depth tech stories usually earlier than anywhere else. Reporter Aaron Holmes just published an article that is an eye opener for sure. You saw the title and are reading this, so I think you agree. Here is a short extract and I recommend you read the whole article, link is below. It's great budget ammo for security awareness training.

They started out with: "Can you imagine going without flood insurance if you lived alongside a river? That’s what is happening in corporate America nowadays, as skyrocketing cyber insurance premiums prompt more companies to go without traditional cyber insurance even as ransomware and other digital hacks surge.

'Hammered With Losses due to Ransomware'

"Last year cyber insurance premiums in the U.S. spiked 74%, according to data from S&P Global Market Intelligence, even as insurers narrow what they’ll cover. As a result, some customers are balking. Major software firms and retailers have either nixed or are considering ditching cyber insurance, according to security and insurance executives.

"Banking giant JPMorgan Chase, for instance, has reduced the amount of cybersecurity insurance it buys from major underwriters, according to people with direct knowledge of the situation.

The ransomware epidemic has become so severe that...

"Cyber insurers have no choice but to raise prices and decrease coverage, said Michael Phillips, chief claims officer at Resilience, a cyber insurance broker for midsize businesses. "The ransomware epidemic has become so severe that the profitability of many of the insurers who write cyber insurance is being threatened," Phillips said.

Link to blog with full article:
https://blog.knowbe4.com/budget-ammo-companies-are-ditching-cybersecurity-insurance-as-premiums-rise-coverage-shrinks

[New Feature] See How You Can Get Audits Done in Half the Time, Half the Cost and Half the Stress

You told us you have challenging compliance requirements, not enough time to get audits done, and keeping up with risk assessments and third-party vendor risk is a continuous problem.

KCM GRC is a SaaS-based platform that includes Compliance, Risk, Policy and Vendor Risk Management modules. KCM was developed to save you the maximum amount of time getting GRC done.

Join us Thursday, September 8, @ 1:00 PM (ET), for a 30-minute live product demonstration of KnowBe4's KCM GRC platform. Plus, get a look at brand new Jira integration features we've added to make managing your compliance projects even easier!

  • NEW! Jira integration enables you to sync risk and compliance data between Jira and KCM - no more copying and pasting tasks!
  • Vet, manage and monitor your third-party vendors' security risk requirements
  • Simplify risk management with an intuitive interface and simple workflow based on the well-recognized NIST 800-30
  • Quick implementation with pre-built compliance requirements and policy templates for the most widely used regulations
  • Dashboards with automated reminders to quickly see what tasks have been completed, not met, and past due

Date/Time: Thursday, September 8 @ 1:00 PM (ET)

Save My Spot!
https://event.on24.com/wcc/r/3882843/EAC21220DC32583C242E8C921A544560?partnerref=CHN

Could You Do Me a Quick Favor and Vote for Us at Computing Security?

Has your team benefited from our security awareness training and simulated phishing? Share your success with us by voting for KnowBe4 in the Computing Security Awards! We have been nominated for seven different categories:

  • Security Company of the Year
  • Cyber Security Customer Service Award
  • SME Security Solution of the Year
  • Enterprise Security Solution of the Year
  • Security Education and Training Provider of the Year
  • Anti Phishing Solution of the Year
  • Cyber Security Compliance Award

You have until Sept. 30 to vote for your favorite security company, and winners will be announced Oct. 13. Every vote counts!

This will take you two minutes. Thanks so much in advance! Vote here:
https://www.computingsecurityawards.co.uk/?page=csa2022vote

How Vulnerable Is Your Network Against Ransomware and Cryptomining Attacks?

Bad actors are constantly coming out with new versions of ransomware strains to evade detection. Is your network effective in blocking ransomware when employees fall for social engineering attacks?

KnowBe4's Ransomware Simulator "RanSim" gives you a quick look at the effectiveness of your existing network protection. RanSim will simulate 22 ransomware infection scenarios and one cryptomining infection scenario to show you if a workstation is vulnerable.

Here's how RanSim works:

  • 100% harmless simulation of real ransomware and cryptomining infections
  • Does not use any of your own files
  • Tests 23 types of infection scenarios
  • Just download the installer and run it
  • Results in a few minutes!

This is complimentary and will take you five minutes max. RanSim may give you some insights about your endpoint security you never expected!

Get RanSim Now!
https://info.knowbe4.com/ransomware-simulator-tool-1chn

Teach (Just) Two Things to Decrease Phishing Attack Success

We know everyone is busy. Everyone already has too much on their plate and is trying to learn as much as they can every day.

But here, in a nutshell, is what you can teach yourself, your co-workers, your friends, and your family to help them to better recognize and beat social engineering and phishing. It's not perfect. It doesn't cover every scenario, but it does cover a huge percentage of them.

And if you learn and teach it well…if you make a culture of healthy skepticism around these common social engineering/phishing traits, nothing else you could learn or teach will reduce more risk.

We've been teaching the same lesson since the very beginning: Stop! Look! Think! It's the guiding message of all content we deliver. Teach two common traits of all social engineering and recommend one response.
https://blog.knowbe4.com/teach-two-things-to-decrease-phishing-attack-success

Doordash Hack Dubbed 0ktapus Part of a Phishing Campaign Targeting Okta Customers

Aug 26, 2022 - Alex Henderson at Needham & Company published: "This morning a Doordash hack dubbed by the name '0ktapus' has been reported. The attack vector is a sophisticated phishing campaign. Earlier this month similar SMS based Phishing attacks by the same actor penetrated Twilio and several other companies. It has been reported this phishing campaign is specifically targeting Okta customers, as implied by the campaigns name."

Our current understanding is despite the targeting of Okta customers, it does not represent a flaw in the Okta security tools but instead points out the risks of phishing. Optically, it is not good that the hackers are specifically targeting Okta customers even if there is no issue in Okta's technologies.

We think it does point out the rising prevalence of phishing as a method of penetration and the importance of training employees, which of course is KnowBe4's forte.

What Happened?

"A massive Phishing campaign 'unprecedented in scale and reach' orchestrated across a swath of technology companies, primarily targeting Okta customers. Cloudflare and Twilio began detailing the attack a couple of weeks ago, and we anticipate ripple effects may still be on the horizon with DoorDash's announcement this morning stating a subset of their customer bases credentials had been compromised, with limited credit card detail also extracted."


Let's stay safe out there.

Warm Regards,

Stu Sjouwerman, SACP
Founder and CEO
KnowBe4, Inc.

PS: Budget AMMO @ Forbes - Why MFA Falls Short And What Can Be Done About It:
https://www.forbes.com/sites/forbestechcouncil/2022/08/11/why-mfa-falls-short-and-what-can-be-done-about-it/

PPS: Google Finds 'Inoculating' People Against Misinformation Helps Blunt Its Power:
https://www.nytimes.com/2022/08/24/technology/google-search-misinformation.html?

Quotes of the Week  
"Without forgiveness life is governed by an endless cycle of resentment and retaliation."
- Roberto Assagioli (1888 – 1974)

"You are the sky. Everything else is just the weather."
- Pema Chödrön - Author (1936 - )

Thanks for reading CyberheistNews

You can read CyberheistNews online at our Blog
https://blog.knowbe4.com/cyberheistnews-vol-12-35-heads-up-check-this-highly-sophisticated-linkedin-job-offer-scam

Security News

BEC Attack Impersonates Chief Financial Officer

A business email compromise attack (BEC) impersonated the Chief Financial Officer at a major sports company in order to trick a finance employee into making a money transfer, according to Jeremy Fuchs at Avanan. The email appeared to be a forwarded invoice from the CFO, asking the targeted employee if they could handle it and make the payment via ACH (Automated Clearing House).

These types of targeted attacks are very good at fooling employees and have a much better chance of bypassing technical defenses.

"Secure Email Gateways do not have the contextual information they need to stop these attacks," Fuchs writes. "These gateways are designed only to monitor inbound email—therefore they have no way of scanning internal email or understanding the context or conversational relationships within an organization.

"When an external gateway sees an email from the 'CEO' to the 'CFO', it will be the very first time it has seen such a conversation. While an internal solution will have seen thousands of similar real, internal conversations to compare it to, an external gateway can only guess at the context."

Fuchs offers the following advice to help users avoid falling for these attacks:

  • "Always check reply-to addresses to make sure they match
  • "If ever unsure about an email, ask the original sender
  • "Encourage users to ask finance before acting on invoices
  • "Read the entire email; look for any inconsistencies, misspellings or discrepancies
  • "If using banners, be sure to not bombard end-users with them; only use them at critical times so that end-users take them seriously
  • "Deploy multi-factor authentication for all accounts, but especially email
  • "Configure accounts to notify you of changes
  • "Use a password manager to create and store your passwords–you should never actually know your own password
  • "Remind users to only share personal information in real-time, either in person or by phone. Encourage them to be skeptical of all messages with links, and to always verify with the sender, in real time, any messages with attached"

New-school security awareness training teaches your employees to follow security best practices so they can avoid falling for social engineering attacks.

Avanan has the story:
https://www.avanan.com/blog/cfo-spoofed-in-convincing-business-email-compromise-scam

Report: Deepfake Videos Used in Scams

Scammers created a deepfake video of Patrick Hillmann, Chief Communications Officer at cryptocurrency exchange Binance, in order to scam people. Hillmann explained in a blog post that he became aware of the scam after receiving messages from people he had never met, thanking him for meeting with them over Zoom.

"It turns out that a sophisticated hacking team used previous news interviews and TV appearances over the years to create a 'deep fake' of me," Hillman said. "Other than the 15 pounds that I gained during COVID being noticeably absent, this deep fake was refined enough to fool several highly intelligent crypto community members."

Hillman warned that developers of cryptocurrency projects are also targets of social engineering scams.

"Regular users are not the only targets — crypto project teams are now more frequently in the crosshairs," Hillman said. "Scammers often create fake LinkedIn profiles and use them to approach unsuspecting projects with the promise to help them get listed on Binance.com.

"Recall the 'Nigerian Prince' scam from the early 2000s — pay a small upfront payment, and you'll receive a large sum of money later, when the 'prince's estate' is recovered. In this case, the equivalent of the large sum of money is having a token listed on Binance.com. But to get there, the projects are asked to pay some money first. Same trick, different wording."

Hillman offered the following advice to help users avoid falling for these attacks, noting that users should still be wary of traditional phishing techniques:

  • "Be vigilant and always take proactive steps to ensure you don’t fall prey to scams and impersonations.
  • "Use the Binance Verify tool to check whether the account officially represents Binance. Please note that Binance Verify is not foolproof. For example, a scammer can spoof their 'from' email address or hide behind the real name of a Binance employee. In both cases, Binance Verify would produce mixed results.
  • "Report any suspicious activities or accounts to Binance Support."

New-school security awareness training enable your employees to make smarter security decisions.

Binance has the story:
https://www.binance.com/en/blog/community/scammers-created-an-ai-hologram-of-me-to-scam-unsuspecting-projects-6406050849026267209

What KnowBe4 Customers Say

"I'm an IT director that has been working here for 20+ years with hundreds of vendors. I've interacted in so many ways including 100's of zoom sessions with vendors as well. Today, I had a zoom session with Travis, which was a console review. I always get a lot of out console reviews, but today just blew me away.

"I think it's even possible to say that this was the most productive interaction with a vendor in my 20+ years of experience. Travis helped me on many levels, giving me no less than 10 new solutions to situations I presented, tips, tricks, and setting improvements.

"His professional laid back interactions were highly appreciated as always, but he demonstrated creative problem solving in a cunning way helping me with a current assignment I have with HR, as well as helping me update ongoing training and phishing campaigns.

"I know as a manager, it is important to get feedback on your employees, and I had to ask him for your email address, because this was such a wonderful example of what vendor interaction should be like. Travis comes across as a perfect employee for this task, and I want to express my utmost appreciation for his helpful 40-minute session today!

"Disclaimer – I only know Travis from Knowbe4, and this feedback was 100% initiated by my asking for his manager’s contact information – he did not ask me for anything!"

- M.B., IT Director

The 10 Interesting News Items This Week
  1. Budget AMMO: What the SEC Can Tell Us About Board Governance of Cyber Risk:
    https://hyperproof.io/resource/sec-board-governance-cyber/

  2. NIST to Release New Playbook for AI Best Practices:
    https://www.nextgov.com/emerging-tech/2022/08/nist-release-new-playbook-ai-best-practices/375920/

  3. Cyber Resiliency Isn't Just About Technology, It's About People:
    https://www.darkreading.com/vulnerabilities-threats/cyber-resiliency-isn-t-just-about-technology-it-s-about-people

  4. NATO investigates hacker sale of missile firm data:
    https://www.bbc.com/news/technology-62672184

  5. Tech Companies Lean on Cyber to Go Faster and Gain Trust:
    https://corpgov.law.harvard.edu/2022/08/21/tech-companies-lean-on-cyber-to-go-faster-and-gain-trust/

  6. Ukraine and Poland agree to jointly counter Russian cyberattacks:
    https://therecord.media/ukraine-and-poland-agree-to-jointly-counter-russian-cyberattacks/

  7. FBI warns of residential proxies used in credential stuffing attacks:
    https://www.bleepingcomputer.com/news/security/fbi-warns-of-residential-proxies-used-in-credential-stuffing-attacks/

  8. Ahead of election season, cybersecurity agency releases toolkit to help secure local systems:
    https://www.americancityandcounty.com/2022/08/23/ahead-of-election-season-cybersecurity-agency-releases-toolkit-to-help-secure-local-systems/

  9. To Pay Or Not To Pay: Ransomware Negotiation Tactics:
    https://www.forbes.com/sites/forbestechcouncil/2022/08/17/to-pay-or-not-to-pay-ransomware-negotiation-tactics

  10. CISA: Just-Disclosed Palo Alto Networks Firewall Bug Under Active Exploit:
    https://www.darkreading.com/vulnerabilities-threats/cisa-palo-alto-firewall-bug-active-exploit

Cyberheist 'Fave' Links
This Week's Links We Like, Tips, Hints and Fun Stuff

Topics: Cybercrime, KnowBe4

Subscribe To Our Blog


Ransomware Hostage Rescue Manual




Get the latest about social engineering

Subscribe to CyberheistNews