CyberheistNews Vol 14 #37 Scammers Use Fake Funeral LiveStream Social Media Posts to Extort Victims



Cyberheist News

CyberheistNews Vol 14 #37  |   September 10th, 2024

Scammers Use Fake Funeral LiveStream Social Media Posts to Extort VictimsStu Sjouwerman SACP

In a troubling new low point, cybercriminals are targeting individuals grieving the loss of a loved one by charging their credit cards with excessive fees through a heartless scam.

According to analysts at Malwarebytes, these scammers are now posting fake funeral live streams on Facebook, attempting to exploit the emotional vulnerability of those mourning. These scams likely involve compromised social media accounts or automated searches for recent deaths, potentially even leveraging the passing of celebrities to lure victims.

Victims are led through a series of pages before arriving at a payment page, where they unknowingly authorize scammers to charge their credit card €64 every 14 days.

While the scam itself is relatively simple and avoidable if someone carefully reads the details, it is a stark reminder of the importance of security awareness. Scams like this do not just happen in the corporate world; they are prevalent in everyday online activities.

This is why security awareness training is so crucial. By teaching people to stay vigilant in all areas of their digital lives, they are better equipped to recognize and avoid scams like this from the outset, rendering these schemes ineffective.

Blog post with links and example screenshots:
https://blog.knowbe4.com/scammers-use-fake-funeral-livestream-social-media-posts-to-take-victims-for-their-money

[NEW WEBINAR] Code Red: How KnowBe4 Exposed a North Korean IT Infiltration Scheme

A recent incident shed light on a chilling new tactic: North Korean operatives posing as IT professionals to infiltrate organizations all over the world. And this one hit a little too close to home… right here at KnowBe4. We are pulling back the curtain on this event to help you protect your organization from this new and growing, scary threat.

Join us for an exclusive, no-holds-barred conversation with the team who lived through it. Perry Carpenter, our Chief Human Risk Management Strategist, sits down with Brian Jack, Chief Information Security Officer, and Ani Banerjee, Chief Human Resources Officer, to chat about how we spotted the red flags and stopped it before any damage was done.

During this webinar, you will get the inside scoop on:

  • The strategies and tools used by these covert operatives to sneak through the cracks
  • How we discovered something was wrong, and how we quickly stepped in to stop it
  • How you can spot fake IT workers in your hiring process and workplace
  • Practical advice for fortifying your organization to implement robust screening processes and security protocols to safeguard against infiltration

Gain exclusive insights and actionable strategies to protect your organization from these sophisticated threats. Do not miss this opportunity to stay ahead in the ever-evolving landscape of cybersecurity, plus earn CPE credits for attending!

Date/Time: THIS WEEK, Thursday, September 12 @ 2:00 PM (ET)

Cannot attend live? No worries — register now and you will receive a link to view the presentation on-demand afterwards.

Save My Spot:
https://event.on24.com/wcc/r/4682459/A20B54DCC9627A86FBF8E2DD81911011?partnerref=CHN2

Threat Actors Increasingly Exploit Deepfakes for Social Engineering

The availability of deepfake technology has given threat actors a valuable tool for social engineering attacks, according to researchers at BlackBerry. "Typically, online scams prey on the presumed weaknesses and susceptibility of the targeted individual," the researchers write.

"In previous decades, Internet fraudsters cast the widest possible nets to dupe the masses, as in the case of malspam (spam with malware), but as digital trends have evolved, so too have the tactics and techniques of online scammers.

"Deepfakes may be the tipping point of the social engineering game, as it allows fraudsters to laser-focus on a specific individual for a fraction of the previous price point."

BlackBerry cites a specific case that occurred earlier this year in which a deepfake was used to trick an employee into sending $25 million to criminals.

"In February 2024, a finance worker at a multinational firm was tricked into initiating a $25 million payment to fraudsters, who used deepfake technology to pretend to be the company's chief financial officer," the researchers write.

"According to Hong Kong police, the worker attended a videoconference with what he believed were real staff members, but who were in fact all deepfakes. The worker had initially been suspicious of a message that appeared to be from the corporation's chief financial officer, requesting that a secret transaction be carried out. However, the worker put aside his doubts after the video call because other people in attendance had looked and sounded just like employees he recognized."

New-school security awareness training gives your organization an essential layer of defense against evolving social engineering attacks.

"One of the strongest mitigation techniques is user awareness and education," BlackBerry says. "Companies should implement a robust training program to educate employees about the threat of deepfakes, how they can be leveraged by cybercriminals, how to recognize them and what to do if suspicious, and the risks if a threat actor targets the organization using deepfakes.

"This user education can go a long way in reducing the deepfake attack surface. Employees who work in sales, finance, and HR should be particularly alert for fraudsters impersonating customers to access confidential client accounts and financial information."

Blog post with links:
https://blog.knowbe4.com/threat-actors-increasingly-exploit-deepfakes-for-social-engineering

Rip Malicious Emails With KnowBe4's PhishER Plus

Rip malicious emails out of your users' mailbox with KnowBe4's PhishER Plus! It's time to supercharge your phishing defenses using these two powerful features:

1) Automatically block malicious emails that your filters miss
2) Rip malicious emails from inboxes before your users click on them

With PhishER Plus you can:

  • NEW! Detect and respond to threats faster with real-time web reputation intelligence with PhishER Plus Threat Intel, powered by Webroot!
  • Use crowdsourced intelligence from more than 13 million users to block known threats before you're even aware of them
  • Automatically isolate and "rip" malicious emails from your users' inboxes that have bypassed mail filters
  • Simplify your workflow by analyzing links and attachments from a single console with the CrowdStrike Falcon Sandbox integration
  • Automate message prioritization by rules you set and cut through your incident response inbox noise to respond to the most dangerous threats quickly

Join us for a live 30-minute demo of PhishER Plus, the #1 Leader in the G2 Grid Report for SOAR Software, to see it in action.

Date/Time: Wednesday, September 18, @ 2:00 PM (ET)

Save My Spot:
https://event.on24.com/wcc/r/4688940/4492D07152F83915994D50A2B0D6FD66?partnerref=CHN

Major Scam Operation Uses Deepfake Videos

Researchers at Palo Alto Networks' Unit 42 are tracking dozens of scam campaigns that are using deepfake videos to impersonate CEOs, news anchors, and high-profile government officials. Unit 42 believes a single threat actor is behind the scheme. The researchers discovered hundreds of domains used to spread these campaigns, each of which has been visited an average of 114,000 times. The goal of the operation is to spread investment scams and fake government-sponsored giveaways.

"Starting with a campaign promoting an investment scheme called Quantum AI, we studied the infrastructure behind this campaign to track its spread over time," the researchers write. "Through this infrastructure investigation, we discovered several additional deepfake campaigns leveraging completely different themes that the same threat actor group created and promoted."

The scammers are targeting users around the world, tailoring the campaigns for specific countries.

"We discovered deepfake videos in several different languages, including English, Spanish, French, Italian, Turkish, Czech and Russian. Each campaign typically targets potential victims in a single country, including Canada, Mexico, France, Italy, Turkey, Czechia, Singapore, Kazakhstan and Uzbekistan.

"Similar to the Quantum AI scam campaign, these videos add AI-generated audio on top of an existing video and use lip-syncing tools to alter the lip movement of the speaker to match the new audio. Visitors to these webpages are prompted to register with their name and phone number, and they are instructed to await a call from an account manager or representative."

While investment scams aren't new, deepfakes allow criminals to easily lend authority to the scams by impersonating well-known figures. Notably, Unit 42 has observed deepfake-as-a-service tools being peddled on criminal forums.

"Our researchers have encountered cybercriminals selling, discussing, and trading deepfake tooling and creation services across forums, social media chat channels, and instant messaging platforms," the researchers write.

"These tools and services offer capabilities for generating deceptive and malicious content including audio, video, and imagery. The ecosystem surrounding deepfake creation and tooling is alive and vibrant, and cybercriminals are selling a variety of options from face swapping tools to deepfake videos."

Blog post with links:
https://blog.knowbe4.com/major-scam-operation-uses-deepfake-videos

[Whitepaper] The Future of Phishing Defense: AI Meets Crowdsourcing

Rising phishing attacks and targeted spear phishing campaigns expose InfoSec professionals like you to an expanding attack surface, demanding more vigilant security measures.

You need a "tip-of-the-spear," proactive approach to mitigate real-world phishing attacks and targeted spear phishing campaigns. This is possible with the power of AI combined with crowdsourced knowledge from one of your most valuable assets: your users.

This whitepaper will explore the limitations of strictly technical controls and make the case for efficient, smart use of AI teamed with hard-won human intelligence to mitigate phishing threats.

Read this whitepaper to learn:

  • The limitations of relying solely on antiquated, technology-based platforms
  • Why a proactive approach, rather than strictly defensive, is vital for phishing mitigation
  • The importance of crowdsourcing and making users part of the team
  • Actionable advice to help you make the most out of your user- and technology-based resources

Download Now:
https://info.knowbe4.com/wp-future-phishing-defense-ai-crowdsourcing-prp-chn


Let's stay safe out there.

Warm Regards,

Stu Sjouwerman, SACP
Founder and CEO
KnowBe4, Inc.

P.S.: [BUDGET AMMO] I made it in the Wall Street Journal. "North Korean Spies Are Infiltrating U.S. Companies Through IT Jobs":
https://www.wsj.com/tech/north-korean-spies-are-infiltrating-u-s-companies-through-it-jobs-e45a1be8?st=v49drcjpaqcwe8p

P.P.S.: [MUST-HEAR PODCAST] 8th Layer Insights "Let's talk Social Engineering":
https://thecyberwire.com/podcasts/8th-layer-insights/49/notes

Quotes of the Week  
"Violence is the last refuge of the incompetent."
- Isaac Asimov, Sci-fi Writer (1920 - 1992)

"Maybe the journey isn't about becoming anything. Maybe it's about unbecoming everything that isn't really you, so that you can be who you were meant to be in the first place."
- Paulo Coelho, Brazilian author, born 1947

Thanks for reading CyberheistNews

You can read CyberheistNews online at our Blog
https://blog.knowbe4.com/cyberheistnews-vol-14-37-scammers-use-fake-funeral-livestream-social-media-posts-to-extort-victims

Security News

Extremely Deceiving Tech Support Scams Abuse Google Ads and Microsoft Services

Researchers at Malwarebytes describe two "subtle and extremely deceiving campaigns" that abused Google Ads and legitimate Microsoft services to launch tech support scams. First, the researchers observed a malvertising campaign that abused a legitimate Microsoft Learn profile to impersonate Microsoft Support. The phony support page encouraged users to call the scammer's phone number.

"We found this ad while looking for Microsoft support live agents," the researchers write. "The top (sponsored) result looks like it was bought by Microsoft itself with its official logo and URL. Users who click on the ad are redirected to a legitimate Microsoft website (learn[dot]microsoft[dot]com) showing Microsoft's 'official' phone number.

"This page has the look and feel of a genuine knowledge base article especially since it appears to be posted by 'Microsoft Support.'" A separate malvertising campaign abused a Google ad to load a Microsoft Search page with the scammer's phone number pre-filled in the search bar.

"The second (unrelated) ad campaign we saw is using a different tactic but also starts with a Google ad," the researchers write. "When victims clicking on it, it will launch a search query page via microsoft[dot]com/en-us/search/explore.

When the page finishes loading, it will display what looks like a contact number from Microsoft. In a way, this is a form of advertisement that totally abuses what the Microsoft search feature was intended for."

If a user calls the phone number in either of these attacks, a scammer will attempt to trick them into granting access to their computer. New-school security awareness training can give your organization an essential layer of defense against social engineering attacks. KnowBe4 enables your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

Malwarebytes has the story:
https://www.malwarebytes.com/blog/scams/2024/08/psa-these-microsoft-support-ploys-may-just-fool-you

Phishing Is Still the Top Initial Access Vector

Phishing remains a top initial access vector for threat actors, according to the researchers at ReliaQuest. Phishing and other social engineering tactics can bypass security technologies by targeting humans directly.

"The enduring dominance of phishing as an initial access technique underscores its effectiveness and persistence in the face of cybersecurity advancements and more sophisticated methodologies," the researchers write.

"Its success lies in its simplicity and its ability to exploit the weakest link in security systems: humans. Employees across many organizations are likely still failing to recognize phishing emails, allowing attackers to progress their attacks in this way."

In 7.5% of attacks between May and July 2024, the researchers observed attackers using internal spear phishing to target employees.

"An email originating from an internal account is less likely to be caught by email filtering rules than those coming from impersonating domains," ReliaQuest says. "Other users within the network are also more likely to interact with an email sent by an internal user account than those coming from external parties, something attackers conducting business email compromise (BEC) capitalize on."

"Both factors increase the attacker's chances of successfully compromising more accounts across the network. Internal spear-phishing attacks also often target users with high privilege levels, allowing attackers to escalate their privileges and gain greater control over a network to action their objectives."

Notably, ReliaQuest observed many attackers attempting to trick users into installing malware that impersonated PDF-related software.

"In the customer true-positive incidents that we analyzed, the malicious files that attackers were attempting to deploy on customer networks were consistently disguised as PDF documents or online PDF generator tools," the researchers write.

"While malicious attachments can be blocked or quarantined by security tools to prevent execution within a network, these approaches do not address the risk of installing unverified tools, such as those used to create PDF files, on a device. Users should also be educated that installing such tools can also lead to malware execution, which can have harmful effects for businesses, such as data theft, encryption, or account takeovers."

Blog post with links:
https://blog.knowbe4.com/phishing-is-still-a-top-initial-access-vector

What KnowBe4 Customers Say

"I wanted to take the time to highlight how great my experience has been with Noah the past few days working through our needs here at the Firm and getting an agreement drafted/signed for your services.

I have worked with KnowBe4 in past positions and was enthusiastic about getting your services in place here. Noah walked through all the options and was very knowledgeable, he also provided me options on what I would like to view in your platform (demo) vs what I may already know.

This is always helpful as we all have a full plate and are trying to save time where we can. Our firm is going through a full change of IT services, so budget is stretched right now, and Noah was beyond kind, understanding, and helpful.

He also did very well on the upsell of the compliance option service. He saved me a large amount of headache as well as time training staff on multiple platforms. We are also faced with an expedited timeline, so I know I placed pressure on him each step of the process. He was attentive and straightforward with expectations.

Long story short, I believe you have the right type of individual with Noah selling your product. He listened, made it short and sweet, knowing I am busy, and catered to what I wanted/needed/made sense for our firm. Huge thank you to Noah! Any questions, don't hesitate to reach out."

- W.M., Firm Operations Manager


"Stu, I love KnowBe4. You might be interested to know that we went through an external cybersecurity audit last week and when I mentioned that we use KnowBe4 for education content and phishing tests, the auditor nodded and smiled. The product line is obviously known and respected in his audit world. Thanks for checking in. Keep rolling out the great content."

- S.M., IT Manager - Information Security & Telecommunications

The 10 Interesting News Items This Week
  1. WSJ: North Korean Spies Are Infiltrating U.S. Companies Through IT Jobs:
    https://www.wsj.com/tech/north-korean-spies-are-infiltrating-u-s-companies-through-it-jobs-e45a1be8?st=v49drcjpaqcwe8p

  2. North Korean social engineering attacks target the cryptocurrency sector:
    https://www.ic3.gov/Media/Y2024/PSA240903

  3. Final Takeaways from Black Hat USA 2024 and DEFCON 32:
    https://www.oodaloop.com/archive/2024/09/02/final-takeaways-from-black-hat-usa-2024-and-defcon-32/

  4. Sextortion Scams Now Include Photos of Your Home:
    https://krebsonsecurity.com/2024/09/sextortion-scams-now-include-photos-of-your-home/

  5. WSJ: White House Takes Aim at Internet Security:
    https://www.wsj.com/articles/white-house-takes-aim-at-internet-security-78103a69?

  6. DOJ seizes dozens of domains used in Russian influence campaigns targeting swing states:
    https://therecord.media/doj-seizes-russian-disinfo-domains-election

  7. Russian military hackers linked to critical infrastructure attacks:
    https://www.bleepingcomputer.com/news/security/us-and-allies-link-russian-military-hackers-behind-critical-infrastructure-attacks-to-gru-unit-29155/

  8. WSJ: $10 Million and a Fake Investor: How the Kremlin Allegedly Built a Conservative U.S. Media Startup:
    https://www.wsj.com/politics/national-security/10-million-and-a-fake-investor-how-the-kremlin-allegedly-built-a-conservative-u-s-media-startup-b8d510cb?

  9. Three men plead guilty to running MFA bypass service:
    https://www.infosecurity-magazine.com/news/three-plead-guilty-running-mfa/

  10. Victims lost $110 million to Bitcoin ATM scams in 2023:
    https://www.ftc.gov/news-events/news/press-releases/2024/09/new-ftc-data-shows-massive-increase-losses-bitcoin-atm-scams

Cyberheist 'Fave' Links
This Week's Links We Like, Tips, Hints and Fun Stuff

Topics: Cybercrime, KnowBe4



Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews