CyberheistNews Vol 5 #28 Scam Of The Week: Internet Capacity Warning



                                                       
CyberheistNews Vol #5 #28 July 14, 2015
                                                          

  Scam Of The Week: Internet Capacity Warning

       
OK, so here is the latest scam, possibly fueled by the recent news that we have run out of IPv4 addresses in the U.S. Employees receive an email  which claims to be from the "IT Services Support Department". Obviously  this is not legit, and a phishing scam tricking users so they enter their  email account login credentials.
 
It tells your user their Internet capacity has reached 70% and that is why  they need to contact support to avoid further problems. There is a "contact  us" link in the email message so that the user can resolve the issue. Clicking the link redirects the user to a bogus "Help Desk" webpage asking them to  submit their email account username and password, and when done a  Thank-You page appears.

The user may think the issue has been resolved, but the data has been  harvested by cyber criminals and they will try to hijack their email account  for other criminal purposes.

I suggest you send something like this to your friends, family and employees:

"There is a scam doing the rounds where you may get an email from 'IT Services Support Department' which claims your Internet capacity is at 70% and you need to contact support. Clicking the link you are asked to leave your user name and password at a Help Desk site. This is a scam and cyber criminals are trying to hijack your email account. These scam  emails may arrive in the office or at the house. 

"Sometimes in the past you might have gotten notifications from your  Internet provider about your email account exceeding its maximum storage  limit. However, the name of the service provider is always clearly  visible in these kinds of emails, and they never ask you to click on  a link to rectify the issue. So, Think Before You Click!"


For KnowBe4 customers, we have created a simulated attack like this you  can find at System Templates -> IT Group -> Internet Capacity Warning. Send this template to your users to inoculate them against this type of attack. 

If you are not a KnowBe4 customer yet, find out how affordable this is  and be pleasantly surprised:
http://info.knowbe4.com/kmsat_get_a_quote_now

OPM: 'Victim-as-a-Service' Provider

Unconscionable. I would even say callous and criminal negligence, all on  the current administration's watch, of the highly confidential and very private information of the people working for that same government.

An article by Mathew Schwartz on the databreachtoday site lays it out.  He points at a litany of errors, which resulted in the current OPM Director Katherine Archeluta's resignation. The problems started years before she even  came on board at OPM though, this is an inherited problem of long duration. Just have a look at this quote:

"Since 2007, the OPM Inspector General has continuously pointed out serious  deficiencies in OPM's cybersecurity posture. OPM's response has been glacial,"  says Rep. Jim Langevin, D-R.I., a senior member of the House Committee on  Homeland Security. The OPM's Office of the Inspector General issued a report  in 2012, highlighting numerous weaknesses. Most damning, however, was OIG  noting that it had been warning about "a material weakness in controls over  the development and maintenance of OPM's IT security policies" since 2007. 

"It repeated that warning in 2008, and added in 2009 that things were getting  worse - affecting the organization's entire information security governance  and management structure - after which it repeated the same warnings in 2010  and 2011. And in 2012, the OIG warned that the OPM's CIO office "continued  to operate with a decentralized IT security structure that did not have the  authority or resources available to adequately implement the new policies."


I really hope that whomever inherits the White House will take decisive action  to prevent this in the future! Here is the article:
http://www.databreachtoday.com/blogs/opm-victim-as-a-service-provider-p-1883

A New Ransomware Hostage Rescue Manual

Get this informative and complete hostage rescue manual on Ransomware. The 20-page manual is packed with actionable info you need to prevent  infections, and what to do when you are hit with ransomware. You also get  a Ransomware Attack Response Checklist and Ransomware Prevention Checklist.

You will learn more about:
    1. What is Ransomware?

    2. Am I Infected?

    3. I’m Infected, Now What?

    4. Protecting Yourself in the Future

    5. Resources
Don’t be taken hostage by ransomware. Download now and forward/share to  your friends, this is good stuff:
http://info.knowbe4.com/ransomware-hostage-rescue-manual-0

Or, read the article in BetaNews first, and then download:
http://betanews.com/2015/07/10/how-to-protect-yourself-against-ransomware/
Warm Regards,
Stu Sjouwerman

   
Quotes Of The Week
 
       
"People who say it cannot be done should not interrupt those who are  doing it."
- George Bernard Shaw

"Constant kindness can accomplish much. As the sun makes ice melt, kindness  causes misunderstanding, mistrust, and hostility to evaporate."  - Albert Schweitzer
       
     Thanks for reading CyberheistNews!

Security News
 

This Week's Five Most Popular HackBusters Posts

               
    1. Anonymous Is Relatively Much Bigger Than You Anticipated:
      http://www.hackbusters.com/news/stories/349355-anonymous-is-relatively-much-bigger-than-you-anticipated

    2. This Device Can Wirelessly Charge Your All Devices at Once From 15 Feet:
      http://www.hackbusters.com/news/stories/347892-this-device-can-wirelessly-charge-your-all-devices-at-once-from-15-feet

    3. Hacking Team Breach Shows A Global Spying Firm Run Amok:
      http://www.hackbusters.com/news/stories/347965-hacking-team-breach-shows-a-global-spying-firm-run-amok

    4. 17-Year-Old Lizard Squad Member Found Guilty Of 50,700 Hacking Charges:
      http://www.hackbusters.com/news/stories/348602-17-year-old-lizard-squad-member-found-guilty-of-50-700-hacking-charges

    5. Zero-Day Flash Player Exploit Disclosed in 'Hacking Team' Data Dump:
      http://www.hackbusters.com/news/stories/348458-zero-day-flash-player-exploit-disclosed-in-hacking-team-data-dump

CryptoWall Active Alerter / Scanner          

Microsoft has this on their TechNet website: Script will scan all shares  on a list of given servers to scan for files left by known variants of  CryptoWall (including latest CryptoWall 2.0 and 3.0 variants).

Can actively scan file  shares or end user computers for scheduled/automatic early detection of  CryptoWall evidence. Alerts by e-mail:
https://gallery.technet.microsoft.com/scriptcenter/Cryptowall-active-file-ad91b701

The Mob's IT Department - Don't Let This Happen To You 

An article at Bloomberg relates the story of two IT professionals who reluctantly teamed up with an organized criminal network in building a sophisticated drug smuggling operation. 

"The criminals were clever, recruiting the IT guys the way a spymaster  develops a double agent. By the time they understood what they were  involved in, they were already implicated. The pair were threatened,  and afraid to go to the police. They were asked to help with deploying  malware and building 'pwnies' — small computers capable of intercepting  network traffic that could be disguised as power strips and routers."

This is an interesting and instructive story for a lunch break, and do  not let this happen to you! Article here:
http://www.bloomberg.com/graphics/2015-mob-technology-consultants-help-drug-traffickers/

Cyberheist 'FAVE' LINKS:
 
Copyright © 2014-2015 KnowBe4 LLC, All rights reserved.

Our mailing address is: 33 North Garden Ave Suite 1200, Clearwater, Florida, 33755



Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews