CyberheistNews Vol 5 #25 Scam Of The Week: Spoofed CEO Money Transfer Request



                                                       
CyberheistNews Vol #5 #25 June 23, 2015

Scam Of The Week: Spoofed CEO Money Transfer Request

Heads-up, there is a real wave of this scam going on at the moment. I would copy and paste this section plus link to the story on our blog and send it  to your CEO, CFO/Controller and/or Compliance officer right this minute.

The scam goes like this. The criminals are monitoring emails between the CEO and CFO for months and wait till the CEO is on a business trip. How do they monitor email? They either have credentials obtained somehow, hacked the email server or they have a keylogger on the machine(s) of the CEO/CFO. Remember, per the FBI there are two kinds of people; the ones that know their network has been penetrated, and the ones that don't.

Cybercrime has gone pro, and this scam comes well prepared. The bad guys have registered a domain name that looks very much like your existing one, they spoof the CEO's "from" address, and give the CFO or someone in Accounting specific instructions to transfer a large amount of money to a foreign bank for some very believable reasons, like an acquisition or large equipment purchase. The request looks very, very  real and ask for urgency and confidentiality.

Here is a recent, real story of a publisher that recently lost $1.5m in a  phishing scam like this, and what happened with their CEO:
http://blog.knowbe4.com/magazine-publisher-loses-1.5m-in-phishing-scam

The 5 Security Awareness Training Generations [CARTOON]

Today, your employees are frequently exposed to advanced phishing and ransomware attacks. Your users are the weak link in your IT security. There are 5 ways (generations) to train end-users.

Take 1 minute, check out the cartoon over at the KnowBe4 Blog:
http://blog.knowbe4.com/the-5-security-awareness-training-generations-cartoon

Participate In Scientific Awareness Training Research

We are looking for a few organizations of 100+ employees that are willing to participate in a scientific study regarding security awareness training. You cannot be an existing KnowBe4 customer, and we would like you to be  in finance, manufacturing and/or healthcare. The study requires employees to fill out a short 6-question survey before the 4-month study starts.

It will start with a baseline phishing test, and 1 consecutive simulated phishing email every month after, for a total of 4 emails to your employees. In exchange for participating, you will get a 1-year subscription. If you  are interested, please send an email to stus@knowbe4.com with a short description of your organization. First come, first serve.

Warm Regards,
Stu Sjouwerman

Quotes Of The Week
 
      
" Appreciation is a wonderful thing: It makes what is excellent in others belong to us as well." - Voltaire - Philosopher (1694 - 1778)

" There is no cloud. Only other people's servers."  - Found recently on Twitter

     Thanks for reading CyberheistNews!

Security News
 

Use Gmail As Your Corporate Email? Watch This.

There is an insanely simple way to social engineer an employee into giving away access to their Gmail account. It's a variation on a password reset scam. All that is needed is the email address that the hacker wants to own, and the employee cell phone number.

Here’s how it works: An attacker can try to log in to a victim’s email  address. The attacker can then say he or she forgot the password and,  if two-step authentication is in place, ask the email provider to text  a code to the cell phone to reset the password.

Once this is done, the attacker can then send the victim another  text asking for the code. The attacker's text would look something like this: "This is Google. There has been unauthorized activity on your  account. Please reply with the verification code we just sent you."

If the victim unknowingly replies to the attacker's text with the code, the email account is pwned. Symantec made an excellent, very instructive little video about this, that I would send to all employees using Gmail, either at the office or at the house:
https://youtu.be/_dj_90TnVbo
   

Win a $150 Amazon Gift Card - Take The 'Internet of Things' Survey

The Internet of Things (IoT) is all over the news. Strategy Analytics has teamed with KnowBe4 on the 2015 IoT Deployment and Usage Trends Survey.

This survey examines the business and technology drivers and challenges associated with IoT. The survey should take about 10 minutes to complete. Leave a comment with your Email address for a chance to win a $150 Amazon gift card.

In the Digital Age of BYOD, the Cloud and the Internet, there is no hotter topic for corporations and consumers than the Internet of Things (IoT). IoT environments advance pure Machine-to-Machine (M2M) device connectivity and use Big Data and predictive analytics to drive real-time analysis, enabling corporations and consumers to make more informed and intelligent  decisions to drive top line revenue and business decisions. 

When properly deployed and managed IoT platforms and services can also  improve reliability, minimize risk and help companies to cut costs and  accelerate ROI. Take the survey here:
https://www.surveymonkey.com/r/DGXQ6PB

All responses are confidential. No sales person will call you and we never share your information with anyone. Once the survey is complete, we will publish an Executive Summary on the CyberheistNews and Strategy Analytics websites. Additionally, anyone who has completed the survey is eligible  for a complimentary copy of the full Report and PowerPoint slide deck by emailing ldidio@strateganalytics.com.

In Search of The Most Dangerous Town On the Internet

It is a well-known fact that after communism in a country collapses, the first thing that happens is a crime wave. Romania is a good example, last year a billion dollars were stolen by Romanian hackers. Watch the  cybercrime documentary profiling the Romanian town nicknamed "Hackerville" or "Most Dangerous Town on the Internet."

Convicted blackhat hackers, like Guccifer (real name), talk worms, viruses, social engineering,  identity theft, and even hacking Hillary Clinton's email:
https://www.youtube.com/watch?t=23&v=un_XI4MM6QI

Cardinals-Astros Hack: Don’t Use Old Passwords At Your New Company

Bob Sullivan wrote: "First of all, if you haven’t read it, you must: The FBI is investigating baseball’s St. Louis Cardinals for hacking the  Houston Astros, according to the New York Times. Someone from the Cardinals allegedly stole data offering insight into the Astros player evaluation files, details on possible trades, and so on.

This kind of corporate espionage goes on all the time, and if you didn’t  believe that, well, there you are." This is an interesting story:
https://bobsullivan.net/cybercrime/privacy/onnightlylessonfromcardinalsstory/

Cyberheist 'FAVE' LINKS:
 
Copyright © 2014-2015 KnowBe4 LLC, All rights reserved.

Our mailing address is: 
33 North Garden Ave Suite 1200, Clearwater, Florida, 33755



Subscribe To Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews