CyberheistNews Vol 12 #41 [HEADS UP] The Old Nigerian Prince Scam Resurfaces as Russian Billionaire Fraud



Cyberheist News

CyberheistNews Vol 12 #41  |  October 11th, 2022

[HEADS UP] The Old Nigerian Prince Scam Resurfaces as Russian Billionaire FraudStu Sjouwerman SACP

Scammers continue to get creative when it comes to current events - and this new scam is no exception.

Fraudsters are impersonating Viktor Zubkov, a close ally to Vladimir Putin with a fake email. Zubkov, who served as the 36th Prime Minister of Russia in 2007-2008, and Putin's First Deputy Prime Minister during the presidency of Dmitry Medvedev, is also a board member of Gazprom, a state-owned energy giant.

This type of "advance fee Nigerian Prince scam" exploits a fake opportunity to get rich quick, supposedly made possible by international sanctions on Russia. In the blog is an example screenshot of the email.

Victims agree to share their accounts with the cybercriminals so "money can be transferred" and/or are being asked to pay a small sum so that they will get this large amount transferred to their account. The reality is that their bank account is drained and their private information is stolen.

If you're a KnowBe4 customer, we created a template for you to use. To find the template, go to System Templates and either search by the template name (Help for the Russian people (Link)) in the search bar, or go to the Current Events category, sort by last updated, and find the name there.

DID YOU KNOW?: When creating a phishing campaign, you have a brand-new AI option to automatically select the templates used in your campaign called AIDA Selected Phishing Templates.

This feature uses data from KnowBe4’s Artificial Intelligence Driven Agent (AIDA) to select the most relevant and challenging template for each user. AIDA Selected templates are chosen based on a user’s training history, phishing events, and performance metrics, such as their Phish-prone Percentage and Security Awareness Proficiency Assessment (SAPA) results. The more data AIDA has, the better it works, so we recommend using these templates for users who have some prior training or phishing history. Details at Support: https://support.knowbe4.com/hc/en-us/articles/1500003848062-Automated-Template-Selection

New-school security awareness training will make sure your users are able to spot and report a suspicious phishing email that leverages any recent current event.

Blog post with links and screenshots:
https://blog.knowbe4.com/heads-up-the-old-nigerian-prince-scam-resurfaces-as-russian-billionaire-fraud

A Master Class on Cybersecurity: Roger Grimes Teaches Password Best Practices

What really makes a “strong” password? And why are you and your end-users continually tortured by them? How do hackers crack your passwords with ease? And what can/should you do to improve your organization’s authentication methods?

Password complexity, length, and rotation requirements are the bane of IT departments’ existence and are literally the cause of thousands of data breaches. But it doesn't have to be that way!

Join Roger A. Grimes, KnowBe4’s Data-Driven Defense Evangelist, for this thought-provoking webinar where he’ll share the most common risks associated with passwords and how to develop password policies that work.

You’ll learn:

  • What you need to know about password length and complexity
  • How password attacks work and which ones you should be most worried about
  • What your password policy should be and why
  • Why your organization should be using a password manager

Start improving your password defenses now and earn CPE credit for attending!

Date/Time: TOMORROW, Wednesday, October 12 @ 2:00 PM (ET)

Can't attend live? No worries — register now and you will receive a link to view the presentation on-demand afterwards.

Save My Spot!
https://event.on24.com/wcc/r/3965199/BEEE85F6F4BB3DA348940F484A8296A8?partnerref=CHN

[Eye Opener] Here's the Top 5 Phishing Simulation Do's & Don'ts

Here's the top 5 do’s and don'ts for your phishing simulation exercises.

  1. First, conduct your baseline phishing simulation to get an idea of where your organization stands compared to others in your industry or size of organization.

  2. After that, let your users know about what you are doing. Make sure that your users are aware of the phishing simulation plan. Of course, after this you have to provide them security awareness training.

  3. Make sure they know why the phishing program is going on and include it in your onboarding of any new staff as well as briefing existing employees. Do not cut them off in communications to the InfoSec or IT teams when they discover a phishing email, legitimate or not. Ensure they have some form of communication method back to you, like a phishing alert button.

  4. Consider your organization's culture when determining the need to use financial incentives in a phishing simulation email. While this may get easy clicks, there have been negative repercussions and you will need to be sensitive to your employees. In the middle of layoff, it may be viewed as cruel. Use caution and sensitivity when launching such a campaign. More importantly, explain to your users how they would receive updates regarding salary updates or changes with their salary and whether the organization would use those financial incentive phishing emails.

  5. Finally, remind your users that phishing simulation emails are a training tool, not a “gotcha” exercise. It is essential to educate your users and avoid making them think this is a way you are going to trick them into falling for a phishing attack. Make sure that your users know this is to educate them and help them spot the real phishing emails in their inboxes, so they stay safe at the office but also keep their family safe at home.

Blog post with links:
https://blog.knowbe4.com/phishing-dos-donts

[New PhishER Feature] Turn the Tables on the Cybercriminals With PhishFlip

Cybercriminals are always coming up with new, devious phishing techniques to trick your users. PhishFlip is a new PhishER feature that allows you to respond in real time and turn the tables on these threat actors. With PhishFlip, you can now immediately "flip" a dangerous attack into an instant real-world training opportunity for your users.

Your users are likely already reporting potentially dangerous emails in some fashion within your organization. You can now combine your existing PhishRIP email quarantine capability with the new PhishFlip feature that automatically replaces active phishing threats with a new defanged look-alike back into your users’ mailbox.

The new PhishFlip feature is included in PhishER—yes you read that right, no extra cost— so now you can turn the tables on these threat actors and flip targeted phishing attacks into a simulated phishing test for all users. This new feature dramatically reduces data breach risk and the burden on your IT and InfoSec teams.

See how you can best manage your user-reported messages.

Join us Join us Wednesday, October 19 @ 2:00 PM (ET) for a live 30-minute demonstration of PhishER, the #1 Leader in the G2 Grid Report for SOAR Software. With PhishER you can:

  • NEW! Automatically flip active phishing attacks into safe simulated phishing campaigns with PhishFlip. You can even replace active phishing emails with safe look-alikes in your user’s inbox.
  • Easily search, find, and remove email threats with PhishRIP, PhishER’s email quarantine feature for Microsoft 365 and Google Workspace
  • Cut through your Incident Response inbox noise and respond to the most dangerous threats more quickly
  • Automate message prioritization by rules you set into one of three categories: Clean, Spam or Threat
  • Easy integration with KnowBe4’s email add-in button, Phish Alert, or forwarding to a mailbox works too!

Find out how adding PhishER can be a huge time-saver for your Incident Response team!

Date/Time: Join us Wednesday, October 19 @ 2:00 PM (ET)

Save My Spot!
https://event.on24.com/wcc/r/3947036/49116A6349851E63F37E0A762CF6DDF2?partnerref=CHN

FCC Warns of Post-Hurricane Scams

The U.S. Federal Communications Commission (FCC) offers advice on how to avoid falling for scams that follow in the wake of natural disasters like Hurricane Ian. Scammers target victims of disasters as well as people trying to donate to charities.

“First, know that officials with government disaster assistance agencies do not call or text asking for financial account information, and that there is no fee required to apply for or get disaster assistance from FEMA or the Small Business Administration,” the FCC says. “Anyone claiming to be a federal official who asks for money is an imposter.”

The FCC adds that users should always be suspicious of phone calls that ask for information.

"Remember that phone scams often use spoofing techniques to deliberately falsify the information transmitted to your caller ID display to disguise their identity or make the call appear to be official," the alert says. "If someone calls claiming to be a government official, hang up and call the number listed on that government agency's official website.

"Never reveal any personal information unless you've confirmed you're dealing with a legitimate official. Workers and agents who knock on doors of residences are required to carry official identification and show it upon request, and they may not ask for or accept money.”

Additionally, users should contact their insurance providers directly rather than relying on unsolicited phone calls, emails or text messages.

“If you get a phone call about an insurance claim or policy, don't give out any personal information or agree to any payment until you can independently verify that the call is legitimate,” the alert says. “If the caller says they're from your insurance company, hang up and contact your agent or the company directly using the number on your account statement..."

"Contractors and home improvement companies may also call claiming to be partners with your insurance provider,” the FCC says. “Never give policy numbers, coverage details, or other personal information out to companies with whom you have not entered into a contract. If your state requires licensing, verify that any contractor you are considering is licensed and carries adequate insurance. Many states have online databases you can check.”

Blog post with links:
https://blog.knowbe4.com/fcc-warns-of-post-hurricane-scams

And here is another link to an article you should share with employees, friends and family who are in the process of buying a house.

Hackers Target Eager Homebuyers With a Dumb Scam That Keeps Working. https://www.bloomberg.com/news/features/2022-10-07/hackers-target-homebuyers-life-savings-in-real-estate-scam

Cybersecurity Awareness Month Is Here. Are You Prepared?

October is Cybersecurity Awareness Month, and we've got you covered!

Get the resources you need to help your users defend against cybercrime from anywhere.

In today's hybrid work environment, your users are more susceptible than ever to attacks like phishing and social engineering. Cybercriminals know this and are constantly changing tactics to exploit new vulnerabilities.

We've put together these resources so you can keep your users on their toes with security top of mind. Request your kit now to help your users defend against cybercrime whether they are fully remote, back in the office, or a combination of both.

Here is what you'll get:

  • Access to free resources for you including our most popular on-demand webinar and whitepaper
  • Resources to help you plan your activities, including your Cybersecurity Awareness Month Guide and Cybersecurity Awareness Weekly Planner
  • New featured interactive training module for your users: "2022 Social Engineering Red Flags," plus three additional interactive training modules, all available in multiple languages
  • Resources to share with your users including training videos, security docs, tip sheets, security hints and tips newsletters, plus posters and digital signage assets
  • All assets are printable and available digitally, so they can be delivered to your users no matter where they are working from

Get Your Free Cybersecurity Awareness Month Resource Kit Now!
https://www.knowbe4.com/cybersecurity-awareness-month-resource-kit-chn

Cybercriminal Gets 25 Years Prison Time Over Romance Scams and Business Email Compromise Attacks

A man from Atlanta, Georgia, has been convicted of running romance scams and business email compromise attacks that netted him over $9.5 million, the U.S. Justice Department has announced.

“Elvis Eghosa Ogiekpolor has been sentenced to 25 years in federal prison for money laundering and conspiracy to commit money laundering after being convicted at trial,” the Justice Department said in a press release.

“Ogiekpolor opened and directed others to open at least 50 fraudulent business bank accounts that received over $9.5 million dollars from various online frauds, including romance frauds and business email compromise scams (‘BECs’). He then laundered the fraud proceeds using other accounts, including dozens of accounts overseas.”

Thirteen victims of the romance scams, mostly women, testified in Ogiekpolor’s trial, though the Justice Department notes that there were many more victims of the fraud operation.

"The victims recounted how they met male strangers online and were soon convinced they were in a romantic relationship with the men, even though the victims were in communication with the individuals for months without meeting in person,” the Justice Department says.

“Often these men claimed they wanted to start a life with the victims and were eager to live with them as soon as some kind of issue was resolved. For example, one romance fraud victim was convinced to wire $32,000 to one of the accounts Ogiekpolor controlled because her ‘boyfriend’ (one of the men online) claimed a part of his oil rig needed to be replaced but that his bank account was frozen.

This victim borrowed against her retirement and savings to provide the funds, which ultimately required her to refinance her home to pay back the loan. Another victim testified that she was convinced to send nearly $70,000 because the man she met on eHarmony claimed to need money to promptly make payment on several invoices due to a frozen bank account.”

New-school security awareness training enables your employees to thwart social engineering attacks and make smart security decisions.

Blog post with links:
https://blog.knowbe4.com/cybercriminal-faces-prison-time-over-romance-scams


Let's stay safe out there.

Warm Regards,

Stu Sjouwerman, SACP
Founder and CEO
KnowBe4, Inc.

PS: [Forbes Budget Ammo] Educating Users About 'Phishable' Multifactor Authentication:
https://www.forbes.com/sites/forbestechcouncil/2022/10/07/educating-users-about-phishable-multifactor-authentication/

PPPS: [New Integrations Page] KnowBe4 works with leaders from across the technology landscape to provide API-based integrations to connect the KnowBe4 platform with systems and vendors that our customers already rely upon. We are pleased to share our brand new Integrations webpage:
https://www.knowbe4.com/integrations

Quotes of the Week
"All truth passes through three stages. First, it is ridiculed. Second, it is violently opposed. Third, it is accepted as being self-evident."
- Arthur Schopenhauer - Philosopher (1788 - 1860)

"The best way to resolve any problem in the human world is for all sides to sit down and talk."
- Dalai Lama (born 1935)

Thanks for reading CyberheistNews

You can read CyberheistNews online at our Blog
https://blog.knowbe4.com/cyberheistnews-vol-12-41-the-old-nigerian-prince-scam-resurfaces-as-russian-billionaire-fraud

Security News
Fake Exploits Being Sold on GitHub

Scammers are posing as security researchers and attempting to sell phony exploits for Microsoft Exchange Server, according to Lawrence Abrams at BleepingComputer. Microsoft recently acknowledged that two zero-day vulnerabilities in Exchange Server were being exploited in limited attacks by a suspected state-sponsored threat actor.

While the vulnerabilities are real, their details have been kept private to prevent other threat actors from exploiting them before Microsoft releases security patches. Exploits for the vulnerabilities would be very valuable for hackers and researchers in the meantime, so scammers are selling phony exploits on GitHub.

“To take advantage of this lull before the storm, a scammer has begun creating GitHub repositories where they attempt to sell fake proof-of-concept exploits for the Exchange CVE-2022-41040 and CVE-2022-41082 vulnerabilities,” Abrams explains.

“Huntress Lab's John Hammond has been following these scammers, finding five now-removed accounts attempting to sell the phony exploits. Another scam account found by Paulo Pacheco impersonated Kevin Beaumont (aka GossTheDog), a well-known security researcher/professional who has been documenting the new Exchange vulnerabilities and available mitigations.”

The phony exploits are being sold for around $420 worth of Bitcoin, which Abrams says is another red flag. “These vulnerabilities are worth far more than $400, with Zerodium offering at least $250,000 for Microsoft Exchange remote code execution zero days,” Abrams says.

“It should go without saying that this is just a scam, and sending any bitcoin will likely not result in you receiving anything. Furthermore, with all the information already available, figuring out an exploit for the bugs is likely not going to be too difficult, especially for more advanced threat actors, such as state-sponsored hackers who would have an incentive to breach organizations of interest.”

New-school security awareness training can teach your employees to follow security best practices so they can avoid falling for social engineering attacks.

BleepingComputer has the story:
https://www.bleepingcomputer.com/news/security/fake-microsoft-exchange-proxynotshell-exploits-for-sale-on-github/

German Police Collar Alleged Phishing Gangmembers

The Bundeskriminalamt (BKA), Germany's federal criminal police, raided three homes on Thursday, September 29th, in the course of an investigation of a cyber criminal operation the BKA says netted approximately 4 million Euros from its victims.

Two suspects were arrested and charged; the disposition of the third individual will depend upon the results of further investigation. A statement by the BKA (provided by BleepingComputer) explained the nature of the fraud, which depended upon unusually faithful and convincing spoofed communications that misrepresented themselves as being from the victims’ banks.

The emails told the victims that changes to the bank’s security system would affect their accounts, and that they should follow a link to arrange continued access to their accounts. The link led to a convincing phishing page. “There, the phishing victims were asked to enter their login data and a current TAN [Transaktionsnummer–a number associated with a particular transaction], which in turn enabled the fraudsters to see all the data in the account of the respective victim - including the amount and availability of credit.”

Further engagement with the victims induced them to give up additional TANs, which the criminals used to withdraw the victims’ funds.

The scam is interesting in other ways. For one thing, the criminals used distributed denial-of-service (DDoS) attacks against banking websites as misdirection for their imposture. The legitimate sites may have suffered from reduced availability, but the phishing sites, of course, remained accessible.

Another interesting aspect of the case is the criminals’ alleged employment of “other cyber criminals who sell various forms of cyber attacks as ‘Crime-as-a-Service’” (the BKA uses the English phrase) “on the dark web.”

Some details are being withheld pending further investigation. This particular crime seems to have affected mostly individuals, but its scale and approach suggest that organizations could be vulnerable to similar scams.

BleepingComputer has the story:
https://www.bleepingcomputer.com/news/security/germany-arrests-hacker-for-stealing-4-million-via-phishing-attacks/.

What KnowBe4 Customers Say

 

"We completed our first phishing test, and the team is currently taking the first security training course. It has been easy to use the console to set up, monitor, and review the results. Once the initial training has been completed, we will identify the cadence for future phishing tests and training. Victoria S has been very helpful with answering my questions and reviewing what I set up.

Here is a funny story that just happened. Our VP sent an email to the team yesterday with an embedded link. One of the team members that just completed the training sent me an email stating that she was scared to open the VP's email, and she said "Security training was great, but now I am super paranoid."

- C.C., IT Project Lead

The 10 Interesting News Items This Week
  1. The U.S. Government on the importance of Cybersecurity Awareness Month:
    https://www.dhs.gov/news/2022/10/03/department-homeland-security-kicks-cybersecurity-awareness-month

  2. Insurance giant Lloyd’s of London investigating cyberattack:
    https://therecord.media/insurance-giant-lloyds-of-london-investigating-cyberattack/

  3. Finnish intelligence warns of Russia’s cyberespionage activities:
    https://securityaffairs.co/wordpress/136558/intelligence/finnish-intelligence-russia-cyberespionage.html

  4. Romance and BEC scammer sentenced to 25 years over $9.5 million fraud:
    https://therecord.media/romance-and-bec-scammer-sentenced-to-25-years-over-9-5-million-fraud/

  5. Microsoft warns of password attacks against Exchange Online, here's what you need to do:
    https://www.zdnet.com/article/microsoft-warns-of-password-attacks-against-exchange-online-heres-what-you-need-to-do/

  6. The "Cheerscrypt" ransomware strain linked to a Chinese hacking group:
    https://www.bleepingcomputer.com/news/security/cheerscrypt-ransomware-linked-to-a-chinese-hacking-group/

  7. Dismantling a Prolific Cybercriminal Empire: REvil Arrests and Reemergence:
    https://www.trellix.com/en-us/about/newsroom/stories/research/dismantling-a-prolific-cybercriminal-empire.html

  8. FBI: Cyberattacks targeting election systems unlikely to affect results:
    https://www.forbes.com/sites/daveywinder/2022/10/06/fbi-seeks-to-calm-hacking-fears-ahead-of-2022-us-midterm-elections/

  9. No fix in sight for mile-wide loophole plaguing a key Windows defense for years:
    https://arstechnica.com/information-technology/2022/10/no-fix-in-sight-for-mile-wide-loophole-plaguing-a-key-windows-defense-for-years/

  10. Suspected Chinese hackers tampered with widely used customer chat program, researchers say:
    https://www.reuters.com/technology/exclusive-suspected-chinese-hackers-tampered-with-widely-used-canadian-chat-2022-09-30/

Cyberheist 'Fave' Links
This Week's Links We Like, Tips, Hints and Fun Stuff

Topics: Cybercrime, KnowBe4



Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews