CyberheistNews Vol 13 #15 [The New Face of Fraud] FTC Sheds Light on AI-Enhanced Family Emergency Scams

CyberheistNews Vol 13 #15 | April 11th, 2023

[The New Face of Fraud] FTC Sheds Light on AI-Enhanced Family Emergency Scams Stu Sjouwerman SACP

The Federal Trade Commission is alerting consumers about a next-level, more sophisticated family emergency scam that uses AI which imitates the voice of a "family member in distress."

They started out with: "You get a call. There's a panicked voice on the line. It's your grandson. He says he's in deep trouble — he wrecked the car and landed in jail. But you can help by sending money. You take a deep breath and think. You've heard about grandparent scams. But darn, it sounds just like him. How could it be a scam? Voice cloning, that's how."

"Don't Trust The Voice"

The FTC explains: "Artificial intelligence is no longer a far-fetched idea out of a sci-fi movie. We're living with it, here and now. A scammer could use AI to clone the voice of your loved one. All he needs is a short audio clip of your family member's voice — which he could get from content posted online — and a voice-cloning program. When the scammer calls you, he'll sound just like your loved one.

"So how can you tell if a family member is in trouble or if it's a scammer using a cloned voice? Don't trust the voice. Call the person who supposedly contacted you and verify the story. Use a phone number you know is theirs. If you can't reach your loved one, try to get in touch with them through another family member or their friends."

Full text of the alert is at the FTC website. Share with friends, family and co-workers:
https://blog.knowbe4.com/the-new-face-of-fraud-ftc-sheds-light-on-ai-enhanced-family-emergency-scams

A Master Class on IT Security: Roger A. Grimes Teaches Ransomware Mitigation

Cybercriminals have become thoughtful about ransomware attacks; taking time to maximize your organization's potential damage and their payoff. Protecting your network from this growing threat is more important than ever. And nobody knows this more than Roger A. Grimes, Data-Driven Defense Evangelist at KnowBe4.

With 30+ years of experience as a computer security consultant, instructor, and award-winning author, Roger has dedicated his life to making sure you're prepared to defend against quickly-evolving IT security threats like ransomware.

Join Roger for this thought-provoking webinar to learn what you can do to prevent, detect, and mitigate ransomware.

In this session you'll learn:

How to detect ransomware programs, even those that are highly stealthy
Official recommendations from the Cybersecurity & Infrastructure Security Agency (CISA)
The policies, technical controls, and education you need to stop ransomware in its tracks
Why good backups (even offline backups) no longer save you from ransomware

You can learn how to identify and stop these attacks before they wreak havoc on your network.

Date/Time: TOMORROW, Wednesday, April 12, @ 2:00 PM (ET)

Can't attend live? No worries — register now and you will receive a link to view the presentation on-demand afterward.

Save My Spot!
https://info.knowbe4.com/ransomware-mitigation-mc?partnerref=CHN2

Mid-Sized Businesses Lack the Staffing, Expertise, and Resources to Defend Against Cyberattacks

Mid-sized businesses – those with 250 to 2000 employees – don't appear to have what they need to fend off attacks in a number of critical ways.

Cybersecurity vendor Huntress' latest report, "The State of Cybersecurity for Mid-Sized Businesses in 2023," shows that mid-sized businesses are in a heap of trouble and simply aren't prepared for an attack:

61% of mid-sized orgs do not have a dedicated cybersecurity expert on staff
On average, for every 10 IT employees at an organization, one is dedicated to cybersecurity
50% have no plans to increase cybersecurity spending
47% do not have an incident response plan
27% have no cyber insurance
41% outsource their cybersecurity

In short, organizations have no internal resources to ensure the organization is improving its state of cybersecurity daily. This puts the onus on cybersecurity solutions and the users themselves, as the only additional means to keep the org secure. We already know that 10% of threats get past security solutions, so we're left with educating the user to stop attacks.

Despite 71% of the survey respondents stating they had security awareness training in place, 40% do not conduct regular training, 16% only perform ad hoc training, and 9% only push training when an incident occurs.

This is a HUGE problem; security awareness training is best when used frequently so users are always in a mindset of being vigilant when interacting with potentially malicious email and web content. It also requires phishing testing to act as a feedback loop so IT understands where their greatest risk lies within the organization so the risk can be addressed with additional training.

Blog post with links:
https://blog.knowbe4.com/businesses-lack-cyber-attack-defense

[New PhishER Feature] Immediately Add User-Reported Email Threats to Your M365 Blocklist

Now there's a super easy way to keep malicious emails away from all your users through the power of the KnowBe4 PhishER platform!

The new PhishER Blocklist feature lets you use reported messages to prevent future malicious email with the same sender, URL or attachment from reaching other users. Now you can create a unique list of blocklist entries and dramatically improve your Microsoft 365 email filters without ever leaving the PhishER console.

Join us Wednesday, April 19, @ 2:00 PM (ET) for a live 30-minute demo of PhishER, the #1 Leader in the G2 Grid Report for SOAR Software. With PhishER you can:

NEW! Immediately add user-reported email threats to your Microsoft 365 blocklist from your PhishER console
Easily search, find, and remove email threats with PhishRIP, PhishER's email quarantine feature for Microsoft 365 and Google Workspace
Cut through your Incident Response inbox noise and respond to the most dangerous threats more quickly
Automate message prioritization by rules you set into one of three categories: Clean, Spam or Threat
Easy integration with KnowBe4's email add-in button, Phish Alert, or forwarding to a mailbox works too!

Find out how adding PhishER can be a huge time-saver for your Incident Response team!

Date/Time: Wednesday, April 19, @ 2:00 PM (ET)

Save My Spot!
https://info.knowbe4.com/phisher-demo-april-2023?partnerref=CHN

Fake ChatGPT Scam Turns Into a Fraudulent Money-Making Scheme

Using the lure of ChatGPT's AI as a means to find new ways to make money, scammers trick victims using a phishing-turned-vishing attack that eventually takes victim's money.

It's probably safe to guess that anyone reading this article has either played with ChatGPT directly or has seen examples of its use on social media. The idea of being able to ask simple questions and get world-class expert answers in just about any area of knowledge is staggering.

And OpenAI's latest version ChatGPT 4 is already looking to dwarf the already impressive reputation they've established with the initial version.

But cybercriminals are also looking for ways to jump on the AI bandwagon as a means of separating victims from their money. One such scam comes to us by way of security researchers at Bitdefender who have identified a phishing attack that uses ChatGPT theming.

The attack starts with topical subject lines that include "ChatGPT: New AI bot has everyone going crazy about it." But once the victim clicks the link, they are taken to a bad copy of ChatGPT (that is actually more like the bot-based support chat tools we've all seen) that sets the tone to be about making money with a headline of "Earn up to $10,000 per month on the unique ChatGPT platform."

Using a series of prompt-based interactions (rather than ChatGPT's freeform dialogue method), the visitor is quickly steered towards making money and – here's the kicker – shifting the conversation to phone.

Once on the phone, victims are asked about investing in stocks, crypto and oil, and are asked for a minimum investment of €250. Of course, once the "investment" is made, the money is never seen again.

This attack uses interest in making money through breakthrough technology. And, because the attack starts with simply talking about ChatGPT with no context about making money, nearly everyone who's interested may see this email as an opportunity to find out more.

Blog post with links:
https://blog.knowbe4.com/fake-chatgpt-scam

Do Users Put Your Organization at Risk With Browser-saved Passwords?

Cybercriminals are always looking for easy ways to hack into your network and steal your users' credentials.

Verizon's Data Breach Investigations Report shows that attackers are increasingly successful using a combo of phishing and malware to steal user credentials. In fact, Password Dumpers, which allow cybercriminals to find and "dump" passwords your users save in web browsers, took the top spot for malware in the Verizon report.

Find out now if browser-saved passwords are putting your organization at risk.

KnowBe4's Browser Password Inspector (BPI) is a complimentary IT security tool that allows you to analyze your organization's risk associated with weak, reused, and old passwords your users save in Chrome, Firefox and Edge web browsers.

BPI checks the passwords found in the browser against active user accounts in your Active Directory. It also uses publicly available password databases to identify weak password threats and reports on affected accounts so you can take action immediately.

With Browser Password Inspector you can:

Search and identify any of your users that have browser-saved passwords across multiple machines and whether the same passwords are being used
Quickly isolate password security vulnerabilities in the browser and easily identify weak or high-risk passwords being used to access your organization's key business systems
Better manage and strengthen your organization's password hygiene policies and security awareness training efforts

Get your results in a few minutes! They might make you feel like the first drop on a roller coaster!

Find Out Now:
https://info.knowbe4.com/browser-password-inspector-chn

The New SecurityCoach Microsite Is LIVE - You Can Now Get a Preview

Which users are susceptible to risky security behavior? Like it or not, your users are bound to make a security mistake some time. These risky behaviors are exactly what cybercriminals aim to exploit when they send phishing emails or other social engineering attacks.

How often are your users making mistakes? A 30-day free preview of SecurityCoach can help you find out!

SecurityCoach enables real-time security coaching of your users in response to risky security behavior. The SecurityCoach Free Preview allows you to integrate your existing security stack products with your KnowBe4 console and see how often your users engage in this behavior.

At the end of your 30-day preview, you'll be able to see how many detected security events your organization could use to remediate risky behavior with recommended real-time coaching campaigns from the full version of SecurityCoach.

To get this free tool, choose the Free Tool dropdown in the top-right menu:
https://www.knowbe4.com/products/securitycoach

Let's stay safe out there.

Warm Regards,

Stu Sjouwerman, SACP
Founder and CEO
KnowBe4, Inc.

PS: Check Out Your KnowBe4 Fresh Content Updates from March 2023:
https://blog.knowbe4.com/your-knowbe4-fresh-content-updates-from-march-2023

PPS: Yours Truly in SC Mag | While not a silver bullet, DMARC can help mitigate phishing attacks:
https://www.scmagazine.com/perspective/email-security/while-not-a-silver-bullet-dmarc-can-help-mitigate-phishing-attacks

Quotes of the Week

"Each civilization dies from indifference toward the unique values which created it."
- Nicolás Gómez Dávila, (1913 - 1994) Columbian philosopher

"Optimism is the fuel of heroes, the enemy of despair and the architect of the future."
- Max More (born 1964) - Philosopher and Futurist

Thanks for reading CyberheistNews

You can read CyberheistNews online at our Blog
https://blog.knowbe4.com/cyberheistnews-vol-13-15-the-new-face-of-fraud-ftc-sheds-light-on-ai-enhanced-family-emergency-scams

Security News

HP Wolf: '1 in 8 Email Threats Now Make It Past Email Security Solutions'

Phishing attacks that can evade detection by email scanners are improving their chances of reaching the inbox, thanks to an increase in the use of one specific attachment type.

According to new data found in HP Wolf Security's latest Security Threat Insights Report for Q4 of 2022, 13% of all email threats being sent make their way past layered email security defenses to reach the user's inbox.

This, up from the previously published finding of 11.7% of threats doing so by Acronis. While a little over 1% may not seem like much, with approximately 3.4 billion malicious emails sent daily, that accounts for an additional 44 million malicious emails daily.

So, why the increase? According to HP Wolf, one of the reasons is the continued use of PDF files containing malicious links. They also mention the use of archive files (e.g., ZIP files) as the most popular malicious file type used (in 42% of the cases) for its inability to be scanned easily – something HP Wolf first covered late last year.

This rise in malicious emails getting to the inbox means you have one of two paths to take. The first is that you assume the user is going to unwittingly fall for the likely social engineering tactics used in the malicious email and your endpoint protection is going to need to do the work of hopefully stopping the attack.

Or, you educate your users through security awareness training so they can easily spot an attack and, by failing to interact with the malicious links or attachments, stop the attack before it has an ability to arm itself in the first place.

Blog post with links:
https://blog.knowbe4.com/13-percent-email-threats-pass-security

New Emotet Phishing Campaign Pretends To Be the IRS Delivering W-9 Forms

A newly documented phishing campaign demonstrates how timely themes can be impactful in creating a successful attack that gets the recipient to engage with malicious content.

As we approach this year's deadline for filing taxes in the U.S. for 2022, security researchers from Malwarebytes have provided details of an IRS-themed phishing email received by their very own Senior Director of Threat Intelligence.

The email itself is fairly basic, appearing to be sent by the "IRS Online Center" with a subject of "IRS Tax Forms W-9." Screenshot at blog.

The attachment is a zip archive (I've recently written about the increase in the use of these kinds of files to evade detection). Inside is a Word doc (because we all know that W-9 forms are Word docs, right?) that is a very suspicious 548MB in size.

The attack uses a macro within the Word doc to download and install Emotet.

And, in case you missed it, why is the IRS sending out a W-9 near tax time? Shouldn't it be a W-2? This alone is a red flag for the average user. As is the bogus sender email address used, and the fact that the IRS doesn't send out W-2s, W-9s, etc. via email anyway. All these kinds of factors are taught to users through security awareness training designed to help create a sense of vigilance so that the "obvious" red flags are seen by the average user the moment the email is opened.

Blog post with Screenshot and links:
https://blog.knowbe4.com/emotet-phishing-campaign-irs-w9s

Scareware From a Phony Ransomware Group

BleepingComputer reports that a cybercriminal gang is sending phony ransomware threats to prior victims of ransomware attacks. The gang, which calls itself "Midnight," claims to have stolen hundreds of gigabytes of data and threatens to leak it if the victim doesn't pay a ransom.

Security firm Kroll said the gang's ransom notes use the names of more prolific ransomware actors. Additionally, analysts from incident response firm Arete suspect that the gang is using data that's already been leaked from the victims in previous ransomware incidents in an attempt to lend legitimacy to their claims.

"Based on their visibility, though, the incident responders observed that Midnight targeted organizations that had previously been victims of a ransomware attack," BleepingComputer says. "According to Arete's analysts, among the initial attackers are QuantumLocker (currently rebranded as DagonLocker), Black Basta, and Luna Moth.

"Arete says that at least 15 of their current and previous clients received fake threats from the Midnight Group, which supported their data theft claims with vague details. It is unclear how victims are selected but one possibility is from publicly available sources, such as the initial attacker's data leak site, social media, news reports, or company disclosures."

The group may also be working with the original attackers to gain access to non-public data. "Arete notes that the fake attacker identified some ransomware victims even when the info was not publicly available, possibly indicating collaboration with the initial intruders," BleepingComputer writes.

"Ransomware actors often sell the data they steal from victims even when they get paid. If Midnight Group has access to the markets and forums where this data is traded or sold they could learn about ransomware victims that have yet to disclose the cyberattack."

New-school security awareness training can give your employees a healthy sense of suspicion so they can avoid falling for social engineering attacks.

Blog post with links:
https://blog.knowbe4.com/phony-ransomware-scareware

What KnowBe4 Customers Say

"Hi Stu, Thanks for reaching out, I am very impressed with your platform. The quality of the phish templates is excellent and representative of the real world.

We see phishing and ransomware as our most significant cybersecurity threats, and your platform goes further than a box-ticking exercise to satisfy our Board. We are currently planning the years' worth of phishing and training campaigns and things like smart groups make it so easy to set and forget (well maybe not forget :)"

- I.M., Chief Information Officer

"Hi Stu! So far so good on our end. Your tool has helped us immensely in describing and visualizing issues within our organization when it comes to cyber security and general behavior in the digital ecosystem.

We're about to launch your training suite and begin onboarding our management staff for further training and see where we take it from there. Superb feedback from your end and I'm very pleased with the simplicity and speed in your product."

- A.J., Chief Digitalization Officer

The 10 Interesting News Items This Week