|
|
Scam Of The Week: Internet Capacity Warning
.jpg) OK, so here is the latest scam, possibly fueled by the recent news that we have run out of IPv4 addresses in the U.S. Employees receive an email which claims to be from the "IT Services Support Department". Obviously this is not legit, and a phishing scam tricking users so they enter their email account login credentials.
It tells your user their Internet capacity has reached 70% and that is why they need to contact support to avoid further problems. There is a "contact us" link in the email message so that the user can resolve the issue. Clicking the link redirects the user to a bogus "Help Desk" webpage asking them to submit their email account username and password, and when done a Thank-You page appears.
The user may think the issue has been resolved, but the data has been harvested by cyber criminals and they will try to hijack their email account for other criminal purposes.
I suggest you send something like this to your friends, family and employees:
"There is a scam doing the rounds where you may get an email from 'IT Services Support Department' which claims your Internet capacity is at 70% and you need to contact support. Clicking the link you are asked to leave your user name and password at a Help Desk site. This is a scam and cyber criminals are trying to hijack your email account. These scam emails may arrive in the office or at the house.
"Sometimes in the past you might have gotten notifications from your Internet provider about your email account exceeding its maximum storage limit. However, the name of the service provider is always clearly visible in these kinds of emails, and they never ask you to click on a link to rectify the issue. So, Think Before You Click!"
For KnowBe4 customers, we have created a simulated attack like this you can find at System Templates -> IT Group -> Internet Capacity Warning. Send this template to your users to inoculate them against this type of attack.
If you are not a KnowBe4 customer yet, find out how affordable this is and be pleasantly surprised:
http://info.knowbe4.com/kmsat_get_a_quote_now |
OPM: 'Victim-as-a-Service' Provider
Unconscionable. I would even say callous and criminal negligence, all on the current administration's watch, of the highly confidential and very private information of the people working for that same government.
An article by Mathew Schwartz on the databreachtoday site lays it out. He points at a litany of errors, which resulted in the current OPM Director Katherine Archeluta's resignation. The problems started years before she even came on board at OPM though, this is an inherited problem of long duration. Just have a look at this quote:
"Since 2007, the OPM Inspector General has continuously pointed out serious deficiencies in OPM's cybersecurity posture. OPM's response has been glacial," says Rep. Jim Langevin, D-R.I., a senior member of the House Committee on Homeland Security. The OPM's Office of the Inspector General issued a report in 2012, highlighting numerous weaknesses. Most damning, however, was OIG noting that it had been warning about "a material weakness in controls over the development and maintenance of OPM's IT security policies" since 2007.
"It repeated that warning in 2008, and added in 2009 that things were getting worse - affecting the organization's entire information security governance and management structure - after which it repeated the same warnings in 2010 and 2011. And in 2012, the OIG warned that the OPM's CIO office "continued to operate with a decentralized IT security structure that did not have the authority or resources available to adequately implement the new policies."
I really hope that whomever inherits the White House will take decisive action to prevent this in the future! Here is the article:
http://www.databreachtoday.com/blogs/opm-victim-as-a-service-provider-p-1883 |
A New Ransomware Hostage Rescue Manual
Get this informative and complete hostage rescue manual on Ransomware. The 20-page manual is packed with actionable info you need to prevent infections, and what to do when you are hit with ransomware. You also get a Ransomware Attack Response Checklist and Ransomware Prevention Checklist.
You will learn more about:
- What is Ransomware?
- Am I Infected?
- I’m Infected, Now What?
- Protecting Yourself in the Future
- Resources
Don’t be taken hostage by ransomware. Download now and forward/share to your friends, this is good stuff:
http://info.knowbe4.com/ransomware-hostage-rescue-manual-0
Or, read the article in BetaNews first, and then download:
http://betanews.com/2015/07/10/how-to-protect-yourself-against-ransomware/ |
Warm Regards,
Stu Sjouwerman
|
"People who say it cannot be done should not interrupt those who are doing it."
- George Bernard Shaw
"Constant kindness can accomplish much. As the sun makes ice melt, kindness causes misunderstanding, mistrust, and hostility to evaporate." - Albert Schweitzer |
Thanks for reading CyberheistNews!
|
This Week's Five Most Popular HackBusters Posts
CryptoWall Active Alerter / Scanner
Microsoft has this on their TechNet website: Script will scan all shares on a list of given servers to scan for files left by known variants of CryptoWall (including latest CryptoWall 2.0 and 3.0 variants).
Can actively scan file shares or end user computers for scheduled/automatic early detection of CryptoWall evidence. Alerts by e-mail:
https://gallery.technet.microsoft.com/scriptcenter/Cryptowall-active-file-ad91b701
|
The Mob's IT Department - Don't Let This Happen To You
An article at Bloomberg relates the story of two IT professionals who reluctantly teamed up with an organized criminal network in building a sophisticated drug smuggling operation.
"The criminals were clever, recruiting the IT guys the way a spymaster develops a double agent. By the time they understood what they were involved in, they were already implicated. The pair were threatened, and afraid to go to the police. They were asked to help with deploying malware and building 'pwnies' — small computers capable of intercepting network traffic that could be disguised as power strips and routers."
This is an interesting and instructive story for a lunch break, and do not let this happen to you! Article here:
http://www.bloomberg.com/graphics/2015-mob-technology-consultants-help-drug-traffickers/
|
This Week's Links We Like. Tips, Hints And Fun Stuff.
|
|
|
|
|
|
|
